Details
SharePoint must reject or delay, as defined by the organization, network traffic generated above configurable traffic volume thresholds.
Rationale:
It is critical when a system is at risk of failing to process audit logs as required; actions are automatically taken to mitigate the failure or risk of failure.
One method used to thwart the auditing system is for an attacker to attempt to overwhelm the auditing system with large amounts of irrelevant data. Consequently, either audit logs are being overwritten or disk space is being exhausted. In such cases, activity is either being erased from the logs or not recorded at all due to the lack of disk space.
In many system configurations, the disk space allocated to the auditing system is separate from the disks allocated for the operating system; therefore, this may not result in a system outage.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
Access the Internet Information Service Manager on the appropriate SharePoint server.
1. For each site IIS site subject to user traffic, select the site.
2. Click Advanced Settings.
3. Expand Connection Limits.
4. Ensure the following settings possess a value:
* Connection Time-Out
* Maximum Bandwidth
* Maximum Concurrent Connections
5. Repeat steps for each site subject to user traffic.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Windows.