To help secure a Microsoft Search Server 2008 system, a Search Server administrator must configure administrative and user accounts, set permissions that control access to sites and site content, and configure crawl settings. The administrator should also consider search security as part of a larger scheme that includes configuring security for Windows SharePoint Services, Internet Information Services (IIS), SQL Server, the network, the host operating system, and the Microsoft .NET Framework.
There are two main aspects of securing the search system:
Securing server data
To prevent unauthorized users from accessing content:
Encrypt data transfers by using Secure Sockets Layer (SSL) Windows SharePoint Services supports standard IIS SSL functionality for encrypting data transmissions between client and server. Although using SSL encryption can affect system performance, it helps protect data from hackers during basic authentication, when user names and passwords are sent over the network. For information about enabling SSL, see "Security and Protection for Windows SharePoint Services" and "Using SSL to Encrypt Confidential Data" at Microsoft Search Server 2008 on TechNet.
Use antivirus software that includes the latest signature updates If you are using document libraries on your server, scan for malicious software when documents are uploaded or downloaded.
Note: We recommend that you exclude index folders from antivirus scans in order to avoid degraded system performance that can result from scanning index data, which is volatile by nature.
Grant only least-privilege access permissions Administer your server according to the principle of least privilege: provide each service or user with only the minimum permissions required for accomplishing authorized tasks. In this way, you grant access to only the necessary resources. For more information, see "Planning and Designing Security" at Microsoft Search Server 2008 on TechNet.
Regulating user access to sites and information
The Search Server administrator can control user access in the following ways:
Assign user and group permissions to restrict access to sites and site content The administrator sets permissions to control administrative access and access to SharePoint end-user sites such as the Search Center site. The administrator also uses permissions to control access to site content such as lists, libraries, folders, and documents. For more information about managing permissions, see "Manage Central Administration Site Users" and "Understand Permissions and Permission Levels" in the Windows SharePoint Services Help.
Configure authentication for federated locations For certain federated locations, on the Add/Edit Federated Location page the Search Server administrator must select Anonymous, Common, or User credentials. In the case of Common credentials, all users in the organization share the same user name and password. With User credentials, each user has a separate user name and password. For Common or User credentials, the administrator must specify a protocol for authenticating the credentials.
Note: In the case of User credentials, Search Server 2008 does not provide a user interface for capturing the user's credentials. Your organization must create a custom user interface to collect the credentials and send them to the federation system using APIs that Search Server 2008 provides for this purpose. For more information, see the article about authentication for federated search at Microsoft Search Server 2008 on MSDN.
Limit the scope of search crawls and search results To restrict access to information that the organization regards as confidential, a Search Server administrator can specify content and links to exclude from search crawls. The administrator can also use the Search result removal feature on the Search Administration page to exclude information from the search results that are displayed. For more information about limiting search crawls and results, see "Security Considerations for Search" at Microsoft Search Server 2008 on TechNet.
To authenticate to the content server, the Search Server 2008 crawler uses a default content access account specified by the Search Server administrator. The administrator must request that the owners of the crawl content grant read access to the default content access account. In some cases, such as for crawling content that is outside of the organization, content owners might not want to grant access to the default content access account. For such cases, the administrator must create a crawl rule that specifies a different content access account and an associated authentication method.
Note: For content sources such as network shares, Microsoft Exchange Server folders, and SharePoint sites, Search Server 2008 returns crawl results based on user permissions specified by the content owners. Search Server 2008 does not provide a security trimmer to filter crawl results from certain kinds of sites, such as HTTP sites or sites protected by forms authentication. To trim crawl results in such cases, your organization must create a custom security trimmer. For information about creating a custom trimmer, see the article about searching sites protected by forms authentication at Microsoft Search Server 2008 on MSDN.