Solved

best setup for public IIS server on windows domain

Posted on 2007-12-06
6
570 Views
Last Modified: 2012-06-27
I need to add  public web server , windows 2003 server with IIS and sql 2005. I have Cisco firewall with advanced IOS. Do I  make web server member server on domain, at firewall put in DMZ and forward port 80 traffic to server internal IP of web server? Developer also needs ftp access. Is it safe to foward port 21 to webserver is well with strong passwords?

What is safest way to set this scenario up? Thanks
0
Comment
Question by:AndykEE
  • 2
  • 2
6 Comments
 
LVL 18

Expert Comment

by:Don S.
ID: 20425384
Unless you need to authentica various user ID from your domain, I would NOT make it a member of your domain.  Also, if that is the case, I would put it in a DMZ zone off your firewall.  Port 21 is banged a lot by hackers.  Setting up a VPN through the firewall for the FTP access would be a lot more secure.
0
 

Author Comment

by:AndykEE
ID: 20425387
Server also has 2 nic cards, should I have one internal and one external? how to set this up.
0
 

Author Comment

by:AndykEE
ID: 20425467
so have it as standalone server, behind firewall in dmz, forwarding port 80 to internal ip. give vpn access to developers and set ftp only available to internal IP's?
0
 
LVL 18

Accepted Solution

by:
Don S. earned 500 total points
ID: 20428643
That sounds fairly secure to me.  Basically, the more ports you have open and the more it is connected to your internal LAN, the more vulnerable you are so we always try to limit that.  

Remember, the IP address you give it in the DMZ will be in a different range than your internal LAN address range.
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In-place Upgrading Dirsync to Azure AD Connect
This article explains the steps required to use the default Photos screensaver to display branding/corporate images
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question