My company has a MAIN office and an EXTERNAL office in different cities.
We wish to maintain a simple “list of product codes” that is shared between both offices and is updateable from either office.
Each office has at most 2 computers and 2 staff. We dont have the budget to purchase a leased line between the 2 offices so we are trying to exploit "broadband internet" which has just entered the market in our country.
There is little or no high risk or confidential information in either office including the “list of product codes”.
My plan is to build a simple web-based application, place a webserver (a Misrosoft IIS webserver) in the MAIN office with a broadband internet connection (with which we get a fixed IP address).
When the EXERNAL office wishes to view/update the client details they just log on to http://xxx.yyy.zzz.aaa
Even though there is no sensitive information on the webserver or the other computers I am concerned about viruses being placed on the webserver or any other connected computer.
As one security measure I will make "Anonymous Access" on the website unavailable; and using the “integrated windows authentication” option, make the data only visible to one ACL.
My questions are:
1. Give that there are no huge security concerns do I still need to have a DMZ ?
2. Would making the website available on a port number other than 80 make the system more secure ?
3. Any other issues I have forgotten about, as I have never done this before?
Thanks in advance