Web Server behind Firewall used for Intranet and Extranet
Posted on 2003-11-13
I would like to get some feedback about possible security concerns with my proposal...
Server Config: RedHat 9.0, Apache 2.0, PHP 4.2.2, MySQL 3.23.52
Firewall: WatchGuard, forwarding port 80 to this server
Applications: phpMyAdmin, Mambo Open Source?, Custom Reports and XML outputs to be imported into Accounting System (Windows 2000 Server)
Three examples of the how this will be used:
1 - A user comes fills out a Purchase Order Form on our site and an XML file is produced and imported into our Accounting System.
2 - Our accounting system produces monthly reports that will be published on line for specific users to view.
3 - New projects will be added to the database by internal staff which will produce and XML file used for setting up the project in the Accounting System. As well modifications may be made by the external owner of the project and these changes will need to be imported into the our system.
Needless to say I will be storing a lot of sensitive information in my MySql database. Some of which I want external public users to be able to see. Other information I want to make accessible to external private users as well as give them the ability to edit the information. Finally internal users will have access to the most information, this information will be need to be transferred to our windows server.
My main concerns are:
- Network vulnerabilities by opening port 80
- Server security, how to ensure external users don't access private information
- Exploiting holes in any of the above technologies
- Probably a stupid question but would Mambo security suffice for securing data?
- Should I just host this server remotely?
- Should I put it in a DMZ?