?
Solved

Setting up a Sharepoint Portal Server 2003, and wish to create an SECURE Extranet

Posted on 2004-08-24
5
Medium Priority
?
277 Views
Last Modified: 2010-04-19
Currently we have an installation of a Sharepoint Portal Server 2003 on a local machine on the intranet working just fine, what i now wish to do is to publish this site so that it may be viewed as an Extranet but only by people with the right authorization.

What i need to now is
How do i setup a highly secure extranet publishing the information already in the Intranet SPS 2003 ?
0
Comment
Question by:mSchmidt
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 104

Expert Comment

by:Sembee
ID: 11880779
Purchase an SSL Certificate for the external name - this will secure the login information over the Internet. I usually start with a FreeSSL trial certificate as proof of concept before upgrading to a full certificate.

Grant port 443 ONLY through your firewall to the SPS machine.
Disable anonymous browsing.
Diable Digest Authentication so that only basic and integrated are in use. Basic isn't a problem from a security point of view as the SSL is doing the encryption.

Control access either via NTFS or within the web site. I am presuming that you have already secured the web site for internal use - both of these options are suitable depending on your requirements.

If you are getting authentication prompts internally after setting this up - use GP to add the site URL to the trusted sites zone of IE and pass through authentication will then work. You may have to setup a split DNS environment so that the same name works internally and externally.
It will also work for laptops used outside the LAN if the internal and external names are the same.

Simon.
0
 

Author Comment

by:mSchmidt
ID: 11889817
Could i use an ISA server as the outside firewall and SSL client ?

And how would the physical setup look like, would i place on Server outside the Internal network and connect this one directly to the internet and then have let this PC connect to the Internal Server

Or do i not need an Outside server
0
 
LVL 104

Expert Comment

by:Sembee
ID: 11891115
I don't like putting domain members outside - too many holes need to be punched through the firewall to get them to communicate with the domain. If you leave it inside then you only need port 443 to go through.

You could use ISA - that is what Microsoft would like you to do. I haven't done that personally so cannot comment on performance or ease of setup.

Personally if it is a limited number of machines (for example laptop users) then you might also want to consider VPN. Then nothing is exposed to the Internet.

Simon.
0
 

Author Comment

by:mSchmidt
ID: 11891262
So what you recommend is keeping my SPS 2003 server inside the network, not adding anything other than a SSL client to the machine and then allowing port 443 to be routed to the SPS 2003 server, right ?
0
 
LVL 104

Accepted Solution

by:
Sembee earned 2000 total points
ID: 11891340
Correct. Using an SSL certificate gives you the security and is only one port open to the Internet.
You will just need to change your firewall to let 443 only to the server.
Users will have to remember that it is https://extranet.domain.com/ or whatever.

If you use split dns you can use the same address internally and externally - which means it will be SSL everywhere and one address for the users to remember.

Simon.
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question