Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Windows 2000 Server - Access ASP Application that sits behind firewall

Posted on 2004-10-21
Medium Priority
Last Modified: 2013-12-04
Have a Win 2000 Server running IIS on a private LAN. Our company has a custom made ASP timekeeping application that allows to people enter employee work hours and the project number they worked on for the previous day. There is really no sensitive information used with this app. The employee numbers are not the SSN and the pay rates are not available. What are the security risks of mapping all the http requests to the server so that people could enter time remotely from outside the private LAN. We use NAT on our LAN. The server is with the firewall/gateway being (I don't know a lot about networking).

Thanks, very curious
Question by:cshorey
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Accepted Solution

KerryG earned 2000 total points
ID: 12377743
Many a web server is configured that way. For added protection, you can have NTFS permissions set on the web server folders so that stray people cant get in but that would cause the user to have the authenticate into the server and then authenticate into the software.

Anytime you allow access, you open potential security holes. Make sure you keep the system up-to-date with all patches to keep it as secure as possible.

Author Comment

ID: 12379100
Thanks, changing permissions sound like a good idea with mild inconvenience to users.

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question