Title

When configuring Central Administration, the port number selected must comply with DoD Ports and Protocol Management (PPSM) program requirements. (Cat II impact)

Discussion

During the installation of Microsoft SharePoint, the Central Administration Web site is established on a randomly-assigned TCP port by default. Allowing a randomly-assigned default may result in use of a port which violates DoD policy or conflicts with ports already in use. Use of certain well-known ports may also result in slow operational responses or may expose the application to denial of service attacks.

Check Content

1. In Central Administrator, view the URL in the address bar of the browser. 2. The URL includes a colon which is followed by the port number. 3. Mark as a finding if the port number used is not allowed in accordance with DoD PPSM policy or is less than 1024.

Fix Text

1. Open the SharePoint 2010 Management Shell (Start > All Programs > Microsoft SharePoint 2010 Products > SharePoint 2010 Management Shell). 2. Change the port number to a PPSM approved port which does not conflict with existing port usage by using the following command: –Set -SPCentralAdministration -Port <PortNumber>. 3. Press Enter to save.

Additional Identifiers

Rule ID: SV-37769r2_rule

Vulnerability ID: V-28170

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.