Information
Access to the SharePoint web application should be restricted to a certain group of users. Typically, this is done through restricting IP addresses to selectively allow known and approved user populations.
Rationale:
Restricting access to the SharePoint site minimizes the risks due to exposure of the application to unknown user populations. Risks including loss of confidentiality and integrity of stored data could be drastically reduced.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
Start Internet Information Services (IIS) Manager.
1. Locate the SharePoint Central Administration v4 in the Connections pane.
2. Double-click IP Address and Domain Restrictions in the list of features.
3. Click Add Allow Entry....
4. Add the single IP address or group of addresses for whitelisting.