• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 206
  • Last Modified:

Giving DUN users access IIS WEB server but not downstream SQL server.

HI Brainies
I need to provide security protection to our system. ( All Microsoft software )
 I wish ....  DUN users to  connect to  a RAS server with IIS. This server gets its data for ASP pages from a SQL server. How do I allow these DUN users to only see web pages with no security issue with  them stuffing up the downstream SQL server.
 I assume also I cannot do all this on the one box from a security point.

Thanks in advance
Rodney
0
comerro1
Asked:
comerro1
  • 2
1 Solution
 
bbaoIT ConsultantCommented:
on your RAS server, assign a dedicated subnet for those DUN users with no default gateway assigned, so all the DUN users will only access this separated subnet (e.g. 192.168.1.x). the IIS web server of course needs to assigned a fixed IP on this subnet too. the IIS server may be a multihome host, which connects another subnet (e.g. 192.168.2.x) on where the SQL server stays.

the topology diagram may be as follows:

DUN users -> (PBX) -> RAS server <-> DUN subnet <-> IIS <-> SQL subnet <-> SQL server
                                                         192.168.1.x                    192.168.2.x

hope it helps,
bbao
0
 
comerro1Author Commented:
Hi Bbao
Do I load 2 ips on the 1 NIC or use 2 NICs in the RAS box?

Rodney
0
 
bbaoIT ConsultantCommented:
2 IPs on the same NIC shoud be OK but not recommended because 1) security considerations 2) compatibility.
0

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now