Information
Access to the SharePoint web application should be restricted to a certain group of users.
Typically, this is done through restricting IP addresses to selectively allow known and
approved user populations.
Rationale:
Restricting access to the SharePoint site minimizes the risks due to exposure of the
application to unknown user populations. Risks including loss of confidentiality and
integrity of stored data could be drastically reduced.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
Start Internet Information Services (IIS) Manager.
1. Locate the SharePoint Central Administration v4 site in the Connections pane.
2. Double-click IP Address and Domain Restrictions in the list of features.
3. Click Add Allow Entry....
4. Add the single IP address or group of addresses for whitelisting.