turn intranet into extranet
#1
Scooby Regular
Thread Starter
Join Date: Sep 1999
Location: Bedfordshire
Posts: 4,037
Likes: 0
Received 0 Likes
on
0 Posts
turn intranet into extranet
OK
so we have a small intranet which I want to 'expose' to the outside world without compromising security. We have a wireless router and a fixed external IP address, whats the best approach guys?
cheers
Gary
so we have a small intranet which I want to 'expose' to the outside world without compromising security. We have a wireless router and a fixed external IP address, whats the best approach guys?
cheers
Gary
#2
Gary
Not enough info.
> Is the intranet hosted by one server?
> Is it running Apache or IIS?
> Does the Web site front-end any middle tier / back-end systems (e.g.: Oracle databases, Etc)
> Is the content on the intranet privileged info, public info, or a mixture of both
> Do you need concurrent internal and external access?
However, to be getting on with, you need to invest in a firewall that supports at least three "zones", i.e.: untrusted (the Internet), DMZ (de-militarised zone, where your server will live), and trusted (your corporate network).
You then shove the server on the DMZ, and only allow port 80 (HTTP) access to it. If it's a true extranet, you can also limit who can connect from the Internet. You then need to tie down the ports that are allowed between the server and your trusted network. If it's a Windows server, the job is a little more difficult, as you have to cope with RPC, Etc (search for RPC and Firewall on www.microsoft.com/technet).
If the server has any kind of back-end system which passes info to the user's browser following input from forms, Etc, make sure ALL validation is done at the back end (using PHP, ASP, Etc). If there's any security sensitive info in the back-end system, get someone who knows their Web programming to ensure you're not at risk of SQL injection (a technique of getting info out of a database, using weaknesses in input validation).
Oh, and DON'T enable wireless on your existing router. See my *many* previous posts. The words "wireless" and "security" do not [at present] comfortably sit together in the same sentence.
Cheers
Nog
Not enough info.
> Is the intranet hosted by one server?
> Is it running Apache or IIS?
> Does the Web site front-end any middle tier / back-end systems (e.g.: Oracle databases, Etc)
> Is the content on the intranet privileged info, public info, or a mixture of both
> Do you need concurrent internal and external access?
However, to be getting on with, you need to invest in a firewall that supports at least three "zones", i.e.: untrusted (the Internet), DMZ (de-militarised zone, where your server will live), and trusted (your corporate network).
You then shove the server on the DMZ, and only allow port 80 (HTTP) access to it. If it's a true extranet, you can also limit who can connect from the Internet. You then need to tie down the ports that are allowed between the server and your trusted network. If it's a Windows server, the job is a little more difficult, as you have to cope with RPC, Etc (search for RPC and Firewall on www.microsoft.com/technet).
If the server has any kind of back-end system which passes info to the user's browser following input from forms, Etc, make sure ALL validation is done at the back end (using PHP, ASP, Etc). If there's any security sensitive info in the back-end system, get someone who knows their Web programming to ensure you're not at risk of SQL injection (a technique of getting info out of a database, using weaknesses in input validation).
Oh, and DON'T enable wireless on your existing router. See my *many* previous posts. The words "wireless" and "security" do not [at present] comfortably sit together in the same sentence.
Cheers
Nog
#3
Scooby Regular
Thread Starter
Join Date: Sep 1999
Location: Bedfordshire
Posts: 4,037
Likes: 0
Received 0 Likes
on
0 Posts
Nog thanks for the detailed reply to answer your questions:
> Is the intranet hosted by one server?
Yes it is
> Is it running Apache or IIS?
It is running IIS 5.0
> Does the Web site front-end any middle tier / back-end systems (e.g.: Oracle databases, Etc)
Yep SQL Server and COM objects (which is why I would struggle to get it hosted anywhere)
> Is the content on the intranet privileged info, public info, or a mixture of both
Yes we will have internal and business partner pages
> Do you need concurrent internal and external access?
Certainly do
Cheers
Gary
> Is the intranet hosted by one server?
Yes it is
> Is it running Apache or IIS?
It is running IIS 5.0
> Does the Web site front-end any middle tier / back-end systems (e.g.: Oracle databases, Etc)
Yep SQL Server and COM objects (which is why I would struggle to get it hosted anywhere)
> Is the content on the intranet privileged info, public info, or a mixture of both
Yes we will have internal and business partner pages
> Do you need concurrent internal and external access?
Certainly do
Cheers
Gary
Thread
Thread Starter
Forum
Replies
Last Post