• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 145
  • Last Modified:

Windows 2000 Server - Access ASP Application that sits behind firewall

Have a Win 2000 Server running IIS on a private LAN. Our company has a custom made ASP timekeeping application that allows to people enter employee work hours and the project number they worked on for the previous day. There is really no sensitive information used with this app. The employee numbers are not the SSN and the pay rates are not available. What are the security risks of mapping all the http requests to the server so that people could enter time remotely from outside the private LAN. We use NAT on our LAN. The server is 192.168.1.2 with the firewall/gateway being 192.168.1.1 (I don't know a lot about networking).

Thanks, very curious
0
cshorey
Asked:
cshorey
1 Solution
 
KerryGCommented:
Many a web server is configured that way. For added protection, you can have NTFS permissions set on the web server folders so that stray people cant get in but that would cause the user to have the authenticate into the server and then authenticate into the software.

Anytime you allow access, you open potential security holes. Make sure you keep the system up-to-date with all patches to keep it as secure as possible.
0
 
cshoreyAuthor Commented:
Thanks, changing permissions sound like a good idea with mild inconvenience to users.
0

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now