I'm beginning the research on a project that will require us to host a web site. Now this is not hosting our company's web site or anything, it will just receive an https post, and have to respond accordingly. We have a VMware environment, and run Windows 2003 standard servers, Calong with a Cisco PIX firewall 515e (?).
My initial thought was to create a rule on the PIX to do a port redirect on 80/443 to take any traffic received on the external interface, and redirect it to the VM hosting IIS, and only accept traffic from the external host's IP address.
Do we need to ensure that this web host can only communicate with a single server (our SQL server, where it is pulling data from) on our internal network, to limit exposure? Or is that an unnecessary step?
I'd appreciate any and all input as to how you would accomplish this project. Please also include any links to secure IIS that are necessary, any "how to" guides, as well as any "best practices".
Please also ask if I'm missing any information required for you to make a recommendation. Thank you!