Sid_F
asked on
Opening port 80 into corporate LAN
I am running an SBS network everything is locked down tight, no traffic from wan to lan other than smtp, restricted traffic from lan to wan. FTP server on DMZ port, all users have user rights only.
An I.T company now wants to insyall a webserver that runs an online solution for us. It runs on Windows IIS. The problem is they want to open port 80 from the WAN to the LAN. Normally I would insist on putting it on a DMZ but they are against this as it would take too long and they have said they have the solution running like this on many large networks.
Can anyone advise and specifically direct me to a document or something that I can show my boss so as to prove the risks. Some other I.T experts have said it is crazy to open port 80 directly into your network and make you very vulnerable.
An I.T company now wants to insyall a webserver that runs an online solution for us. It runs on Windows IIS. The problem is they want to open port 80 from the WAN to the LAN. Normally I would insist on putting it on a DMZ but they are against this as it would take too long and they have said they have the solution running like this on many large networks.
Can anyone advise and specifically direct me to a document or something that I can show my boss so as to prove the risks. Some other I.T experts have said it is crazy to open port 80 directly into your network and make you very vulnerable.
Last Comment
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Thanks, The machine that is hosting the website internally is running IIS. The other LAN machines communicate with this machine hence the reason the server is directly on the LAN. It is a 20 PC network with one SBS server as well as the web server so its a one firewall site.
What I am seeing by the responses is, I should seperate the WEB server from the rest of the network. Really the problem is when I asked the other I.T company what ports needed to be open (if I put the webserver on a dmz port) from from the lan to the DMZ and visa versa, they gave me a tonne of ports which I started to think well the webserver might as well be on the LAN if that many ports are being open!
Thanks
What I am seeing by the responses is, I should seperate the WEB server from the rest of the network. Really the problem is when I asked the other I.T company what ports needed to be open (if I put the webserver on a dmz port) from from the lan to the DMZ and visa versa, they gave me a tonne of ports which I started to think well the webserver might as well be on the LAN if that many ports are being open!
Thanks
Windows OS
This topic area includes legacy versions of Windows prior to Windows 2000: Windows 3/3.1, Windows 95 and Windows 98, plus any other Windows-related versions including Windows Mobile.
129K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
ASKER