Have a Win 2000 Server running IIS on a private LAN. Our company has a custom made ASP timekeeping application that allows to people enter employee work hours and the project number they worked on for the previous day. There is really no sensitive information used with this app. The employee numbers are not the SSN and the pay rates are not available. What are the security risks of mapping all the http requests to the server so that people could enter time remotely from outside the private LAN. We use NAT on our LAN. The server is 192.168.1.2 with the firewall/gateway being 192.168.1.1 (I don't know a lot about networking).
Thanks, very curious