[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

best setup for public IIS server on windows domain

Posted on 2007-12-06
6
Medium Priority
?
578 Views
Last Modified: 2012-06-27
I need to add  public web server , windows 2003 server with IIS and sql 2005. I have Cisco firewall with advanced IOS. Do I  make web server member server on domain, at firewall put in DMZ and forward port 80 traffic to server internal IP of web server? Developer also needs ftp access. Is it safe to foward port 21 to webserver is well with strong passwords?

What is safest way to set this scenario up? Thanks
0
Comment
Question by:AndykEE
  • 2
  • 2
4 Comments
 
LVL 18

Expert Comment

by:Don S.
ID: 20425384
Unless you need to authentica various user ID from your domain, I would NOT make it a member of your domain.  Also, if that is the case, I would put it in a DMZ zone off your firewall.  Port 21 is banged a lot by hackers.  Setting up a VPN through the firewall for the FTP access would be a lot more secure.
0
 

Author Comment

by:AndykEE
ID: 20425387
Server also has 2 nic cards, should I have one internal and one external? how to set this up.
0
 

Author Comment

by:AndykEE
ID: 20425467
so have it as standalone server, behind firewall in dmz, forwarding port 80 to internal ip. give vpn access to developers and set ftp only available to internal IP's?
0
 
LVL 18

Accepted Solution

by:
Don S. earned 2000 total points
ID: 20428643
That sounds fairly secure to me.  Basically, the more ports you have open and the more it is connected to your internal LAN, the more vulnerable you are so we always try to limit that.  

Remember, the IP address you give it in the DMZ will be in a different range than your internal LAN address range.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question