Sid_F
asked on
Opening port 80 into corporate LAN
I am running an SBS network everything is locked down tight, no traffic from wan to lan other than smtp, restricted traffic from lan to wan. FTP server on DMZ port, all users have user rights only.
An I.T company now wants to insyall a webserver that runs an online solution for us. It runs on Windows IIS. The problem is they want to open port 80 from the WAN to the LAN. Normally I would insist on putting it on a DMZ but they are against this as it would take too long and they have said they have the solution running like this on many large networks.
Can anyone advise and specifically direct me to a document or something that I can show my boss so as to prove the risks. Some other I.T experts have said it is crazy to open port 80 directly into your network and make you very vulnerable.
An I.T company now wants to insyall a webserver that runs an online solution for us. It runs on Windows IIS. The problem is they want to open port 80 from the WAN to the LAN. Normally I would insist on putting it on a DMZ but they are against this as it would take too long and they have said they have the solution running like this on many large networks.
Can anyone advise and specifically direct me to a document or something that I can show my boss so as to prove the risks. Some other I.T experts have said it is crazy to open port 80 directly into your network and make you very vulnerable.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks, The machine that is hosting the website internally is running IIS. The other LAN machines communicate with this machine hence the reason the server is directly on the LAN. It is a 20 PC network with one SBS server as well as the web server so its a one firewall site.
What I am seeing by the responses is, I should seperate the WEB server from the rest of the network. Really the problem is when I asked the other I.T company what ports needed to be open (if I put the webserver on a dmz port) from from the lan to the DMZ and visa versa, they gave me a tonne of ports which I started to think well the webserver might as well be on the LAN if that many ports are being open!
Thanks
What I am seeing by the responses is, I should seperate the WEB server from the rest of the network. Really the problem is when I asked the other I.T company what ports needed to be open (if I put the webserver on a dmz port) from from the lan to the DMZ and visa versa, they gave me a tonne of ports which I started to think well the webserver might as well be on the LAN if that many ports are being open!
Thanks
ASKER