turn intranet into extranet
Thread Starter
Scooby Regular
Joined: Sep 1999
Posts: 4,037
Likes: 0
From: Bedfordshire
turn intranet into extranet
OK
so we have a small intranet which I want to 'expose' to the outside world without compromising security. We have a wireless router and a fixed external IP address, whats the best approach guys?
cheers
Gary
so we have a small intranet which I want to 'expose' to the outside world without compromising security. We have a wireless router and a fixed external IP address, whats the best approach guys?
cheers
Gary
Scooby Regular
Joined: Jul 2003
Posts: 141
Likes: 0
Gary
Not enough info.
> Is the intranet hosted by one server?
> Is it running Apache or IIS?
> Does the Web site front-end any middle tier / back-end systems (e.g.: Oracle databases, Etc)
> Is the content on the intranet privileged info, public info, or a mixture of both
> Do you need concurrent internal and external access?
However, to be getting on with, you need to invest in a firewall that supports at least three "zones", i.e.: untrusted (the Internet), DMZ (de-militarised zone, where your server will live), and trusted (your corporate network).
You then shove the server on the DMZ, and only allow port 80 (HTTP) access to it. If it's a true extranet, you can also limit who can connect from the Internet. You then need to tie down the ports that are allowed between the server and your trusted network. If it's a Windows server, the job is a little more difficult, as you have to cope with RPC, Etc (search for RPC and Firewall on www.microsoft.com/technet).
If the server has any kind of back-end system which passes info to the user's browser following input from forms, Etc, make sure ALL validation is done at the back end (using PHP, ASP, Etc). If there's any security sensitive info in the back-end system, get someone who knows their Web programming to ensure you're not at risk of SQL injection (a technique of getting info out of a database, using weaknesses in input validation).
Oh, and DON'T enable wireless on your existing router. See my *many* previous posts. The words "wireless" and "security" do not [at present] comfortably sit together in the same sentence.
Cheers
Nog
Not enough info.
> Is the intranet hosted by one server?
> Is it running Apache or IIS?
> Does the Web site front-end any middle tier / back-end systems (e.g.: Oracle databases, Etc)
> Is the content on the intranet privileged info, public info, or a mixture of both
> Do you need concurrent internal and external access?
However, to be getting on with, you need to invest in a firewall that supports at least three "zones", i.e.: untrusted (the Internet), DMZ (de-militarised zone, where your server will live), and trusted (your corporate network).
You then shove the server on the DMZ, and only allow port 80 (HTTP) access to it. If it's a true extranet, you can also limit who can connect from the Internet. You then need to tie down the ports that are allowed between the server and your trusted network. If it's a Windows server, the job is a little more difficult, as you have to cope with RPC, Etc (search for RPC and Firewall on www.microsoft.com/technet).
If the server has any kind of back-end system which passes info to the user's browser following input from forms, Etc, make sure ALL validation is done at the back end (using PHP, ASP, Etc). If there's any security sensitive info in the back-end system, get someone who knows their Web programming to ensure you're not at risk of SQL injection (a technique of getting info out of a database, using weaknesses in input validation).
Oh, and DON'T enable wireless on your existing router. See my *many* previous posts. The words "wireless" and "security" do not [at present] comfortably sit together in the same sentence.
Cheers
Nog
Thread Starter
Scooby Regular
Joined: Sep 1999
Posts: 4,037
Likes: 0
From: Bedfordshire
Nog thanks for the detailed reply to answer your questions:
> Is the intranet hosted by one server?
Yes it is
> Is it running Apache or IIS?
It is running IIS 5.0
> Does the Web site front-end any middle tier / back-end systems (e.g.: Oracle databases, Etc)
Yep SQL Server and COM objects (which is why I would struggle to get it hosted anywhere)
> Is the content on the intranet privileged info, public info, or a mixture of both
Yes we will have internal and business partner pages
> Do you need concurrent internal and external access?
Certainly do
Cheers
Gary
> Is the intranet hosted by one server?
Yes it is
> Is it running Apache or IIS?
It is running IIS 5.0
> Does the Web site front-end any middle tier / back-end systems (e.g.: Oracle databases, Etc)
Yep SQL Server and COM objects (which is why I would struggle to get it hosted anywhere)
> Is the content on the intranet privileged info, public info, or a mixture of both
Yes we will have internal and business partner pages
> Do you need concurrent internal and external access?
Certainly do
Cheers
Gary
Thread
Thread Starter
Forum
Replies
Last Post
