De la desafiliación a las formas flexibles de integración.

You will come across the term crawl in much of the MOSS documentation. A web crawler is a piece of software that browses a web site, a group of web sites, or even the entire World Wide Web. A web crawler, in the context of a search engine, uses crawling (or as it is also called, spidering) to seek out new or updated content. The crawler either creates a list of, or copies, visited pages so they can be indexed by the search engine for retrieval. A prime example of a web crawl program is the Web Crawler software from InfoSpace, Inc. (www.webcrawler.com).

However, in the context of MOSS, the crawl function is generally limited to a single enterprise SharePoint web site and is even further limited by a specific content type. Users can schedule crawls for a particular content type to take place at times when they are less likely to access the information. MOSS even provides for four levels of web crawls: full crawl, incremental crawl, incremental-inclusive crawl, and adaptive crawl. See Chapter 8 for more information on MOSS’ web crawl functions.

unless the requesting user is a member of the Human Resources security group. In fact, MOSS won’t even list the files that would be listed in a search result to anyone who doesn’t have the permission to view them.

Non-native content source security settings consist of two parts: share permissions and NTFS permissions. Because MOSS honors the security settings of all non-native content sources, it is important to understand how these security settings work.

Two good reasons to understand share-level and NTFS permissions are 1) ensuring that non-native content sources are secure, and 2) troubleshooting any access to non-native content sources. The effective permissions of a file or folder are a result of combining the most restrictive permissions assigned from both the share model and the NTFS model. For example, a user would need to be assigned read permission from both the share and NTFS to read a file.

Share permissions, which can only be assigned to folders, limit what a sharing (remote) user is allowed to do with a folder and its contents, subject to the NTFS per- missions assigned to the folder or its files. In contrast, NTFS security creates an Access Control List for each file or folder stored on an NTFS partition. The Access Control List identifies the file actions that a particular security group or individual user may perform on a specific file or folder.

Unlike share-level permissions, the NTFS security settings of a file or folder can be inherited from its parent folder(s). This ability to inherit security settings “from above” simplifies the task of managing security settings by eliminating the need to repeat identical security settings on a folder’s subfolders and files. However, the inheritance of security settings can be disabled, which can make troubleshooting permission issues fairly com- plicated. For instance, if the security settings of a file or folder are unique to those of its parent folder, it can be difficult to track down why a file or folder is seemingly violating its presumed security settings.

TIP When creating a share for a folder, assign all three permission levels to the Everyone group, then restrict access using the NTFS permission settings on the folder.

To view the permissions of a network share, do the following:

1. Right-click the name of the folder and click Properties on the pop-up menu that appears.

2. Choose the Sharing tab on the File Properties dialog box (see Figure 7-17). 3. On the Share Properties dialog box, click the Permissions button to display the

Permissions For Share dialog box (shown in Figure 7-18). To view the security settings for an NTFS folder or file:

1. Right-click the name of the folder and click Properties on the pop-up menu that appears.

Figure 7-17. The Properties dialog box for a file or folder.

As stated earlier, the effective permissions for a file or folder are created as a combination of any share-level permissions it may have, as well as its NTFS permissions. To view the effective permissions for a file or folder:

1. Right-click the name of the folder and click Properties on the pop-up menu that appears.

2. Choose the Security tab on the Properties dialog box that displays.

3. Click the Advanced button to display the Advanced Security Settings For Share dialog box.

4. Choose the Effective Permissions tab (see Figure 7-19).

TIP To view the effective permissions for a particular security group or user, click the Select button to the right of the Group or username box and select the group or user from the pull-down list.

SUMMARY

MOSS security, like the security for all systems, is a complex and often confusing area. Often large organizations assign the responsibility for each piece of the network puzzle to a specific software or network analyst. However, if you find yourself responsible for all of the security in an MOSS environment, take some comfort from the fact that you won’t have to reinvent the wheel. There is a massive amount of best practice information available to help you through the complex process of securing your MOSS environment.

The network operating system and the various technologies and applications each contain have a variety of security settings and tools that can be used either directly or indirectly to secure your MOSS environment. You should carefully study each of these elements and how they interact with MOSS to secure your site from hackers and the unauthorized disclosure of content.

Because MOSS is designed to share information, you must use every tool at your disposal to protect that information from inappropriate use by 1) securing your network infrastructure; 2) securing your operating system; 3) securing your applications; and 4) securing your MOSS content. If you take a layered approach to securing MOSS, you should be successful.