• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 281
  • Last Modified:

Setting up a Sharepoint Portal Server 2003, and wish to create an SECURE Extranet

Currently we have an installation of a Sharepoint Portal Server 2003 on a local machine on the intranet working just fine, what i now wish to do is to publish this site so that it may be viewed as an Extranet but only by people with the right authorization.

What i need to now is
How do i setup a highly secure extranet publishing the information already in the Intranet SPS 2003 ?
0
mSchmidt
Asked:
mSchmidt
  • 3
  • 2
1 Solution
 
SembeeCommented:
Purchase an SSL Certificate for the external name - this will secure the login information over the Internet. I usually start with a FreeSSL trial certificate as proof of concept before upgrading to a full certificate.

Grant port 443 ONLY through your firewall to the SPS machine.
Disable anonymous browsing.
Diable Digest Authentication so that only basic and integrated are in use. Basic isn't a problem from a security point of view as the SSL is doing the encryption.

Control access either via NTFS or within the web site. I am presuming that you have already secured the web site for internal use - both of these options are suitable depending on your requirements.

If you are getting authentication prompts internally after setting this up - use GP to add the site URL to the trusted sites zone of IE and pass through authentication will then work. You may have to setup a split DNS environment so that the same name works internally and externally.
It will also work for laptops used outside the LAN if the internal and external names are the same.

Simon.
0
 
mSchmidtAuthor Commented:
Could i use an ISA server as the outside firewall and SSL client ?

And how would the physical setup look like, would i place on Server outside the Internal network and connect this one directly to the internet and then have let this PC connect to the Internal Server

Or do i not need an Outside server
0
 
SembeeCommented:
I don't like putting domain members outside - too many holes need to be punched through the firewall to get them to communicate with the domain. If you leave it inside then you only need port 443 to go through.

You could use ISA - that is what Microsoft would like you to do. I haven't done that personally so cannot comment on performance or ease of setup.

Personally if it is a limited number of machines (for example laptop users) then you might also want to consider VPN. Then nothing is exposed to the Internet.

Simon.
0
 
mSchmidtAuthor Commented:
So what you recommend is keeping my SPS 2003 server inside the network, not adding anything other than a SSL client to the machine and then allowing port 443 to be routed to the SPS 2003 server, right ?
0
 
SembeeCommented:
Correct. Using an SSL certificate gives you the security and is only one port open to the Internet.
You will just need to change your firewall to let 443 only to the server.
Users will have to remember that it is https://extranet.domain.com/ or whatever.

If you use split dns you can use the same address internally and externally - which means it will be SSL everywhere and one address for the users to remember.

Simon.
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now