Information
SharePoint must reject or delay, as defined by the organization, network traffic generated
above configurable traffic volume thresholds.
Rationale:
It is critical when a system is at risk of failing to process audit logs as required; actions are
automatically taken to mitigate the failure or risk of failure.
One method used to thwart the auditing system is for an attacker to attempt to overwhelm
the auditing system with large amounts of irrelevant data. Consequently, either audit logs
are being overwritten or disk space is being exhausted. In such cases, activity is either
being erased from the logs or not recorded at all due to the lack of disk space.
In many system configurations, the disk space allocated to the auditing system is separate
from the disks allocated for the operating system; therefore, this may not result in a system
outage.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
Access the Internet Information Services Manager on the appropriate SharePoint
server.
1. For each site IIS site subject to user traffic, select the site.
2. Click Advanced Settings.
3. Expand Connection Limits.
4. Ensure the following settings possess a value:
. Connection Time-Out
. Maximum Bandwidth
. Maximum Concurrent Connections
5. Repeat steps for each site subject to user traffic.