2.8 Ensure the SharePoint Central Administration site is not accessible from Extranet or Internet connections

Information

The SharePoint central administration site should be configured so that its ports and interfaces are not accessible to untrusted external or internet connections.
Rationale:
The central administration site is a critical component to the management of the SharePoint platform, allowing administrators to perform a variety of administration tasks, including creating and managing SharePoint Web Applications, Site Collections and Service Applications. Minimizing unnecessary exposure to this site would certainly help mitigate risks to the SharePoint platform.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

* On the system where your SharePoint platform is installed, open a command-line window and type the following command:
cd %CommonProgramFiles%\Microsoft Shared\Web Server Extensions\16\bin

* Determine the current port number for the Central Administration Web site, by typing the following command:

stsadm -o getadminport

* Configure your firewall so that the SharePoint system and the identified port is not exposed to external connections.

See Also

https://workbench.cisecurity.org/files/2031

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-7(11), CSCv6|9.4

Plugin: Windows

Control ID: 1ea02620f227fc50ec6cdc29b22207e742d85c5a9bdee5779533aad06a4a3f5d