Solved

Setting up a Sharepoint Portal Server 2003, and wish to create an SECURE Extranet

Posted on 2004-08-24
5
270 Views
Last Modified: 2010-04-19
Currently we have an installation of a Sharepoint Portal Server 2003 on a local machine on the intranet working just fine, what i now wish to do is to publish this site so that it may be viewed as an Extranet but only by people with the right authorization.

What i need to now is
How do i setup a highly secure extranet publishing the information already in the Intranet SPS 2003 ?
0
Comment
Question by:mSchmidt
  • 3
  • 2
5 Comments
 
LVL 104

Expert Comment

by:Sembee
ID: 11880779
Purchase an SSL Certificate for the external name - this will secure the login information over the Internet. I usually start with a FreeSSL trial certificate as proof of concept before upgrading to a full certificate.

Grant port 443 ONLY through your firewall to the SPS machine.
Disable anonymous browsing.
Diable Digest Authentication so that only basic and integrated are in use. Basic isn't a problem from a security point of view as the SSL is doing the encryption.

Control access either via NTFS or within the web site. I am presuming that you have already secured the web site for internal use - both of these options are suitable depending on your requirements.

If you are getting authentication prompts internally after setting this up - use GP to add the site URL to the trusted sites zone of IE and pass through authentication will then work. You may have to setup a split DNS environment so that the same name works internally and externally.
It will also work for laptops used outside the LAN if the internal and external names are the same.

Simon.
0
 

Author Comment

by:mSchmidt
ID: 11889817
Could i use an ISA server as the outside firewall and SSL client ?

And how would the physical setup look like, would i place on Server outside the Internal network and connect this one directly to the internet and then have let this PC connect to the Internal Server

Or do i not need an Outside server
0
 
LVL 104

Expert Comment

by:Sembee
ID: 11891115
I don't like putting domain members outside - too many holes need to be punched through the firewall to get them to communicate with the domain. If you leave it inside then you only need port 443 to go through.

You could use ISA - that is what Microsoft would like you to do. I haven't done that personally so cannot comment on performance or ease of setup.

Personally if it is a limited number of machines (for example laptop users) then you might also want to consider VPN. Then nothing is exposed to the Internet.

Simon.
0
 

Author Comment

by:mSchmidt
ID: 11891262
So what you recommend is keeping my SPS 2003 server inside the network, not adding anything other than a SSL client to the machine and then allowing port 443 to be routed to the SPS 2003 server, right ?
0
 
LVL 104

Accepted Solution

by:
Sembee earned 500 total points
ID: 11891340
Correct. Using an SSL certificate gives you the security and is only one port open to the Internet.
You will just need to change your firewall to let 443 only to the server.
Users will have to remember that it is https://extranet.domain.com/ or whatever.

If you use split dns you can use the same address internally and externally - which means it will be SSL everywhere and one address for the users to remember.

Simon.
0

Featured Post

Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

Join & Write a Comment

I have never ceased to be amazed how many problems you can encounter on a fresh install of a Windows operating system.  This is certainly case in point& Unable to complete ANY MSI installation.  This means Windows Updates are failing and I can't …
The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now