Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Publishing a website on an internal server

Posted on 2010-11-30
3
Medium Priority
?
423 Views
Last Modified: 2012-05-10
I know this is not really recommended, but my boss wants a list of all the different ways we can publish a server including having the server in our internal domain.

Basically, if we are publishing straight from external -> ISA 2004 -> internal server running web services - how secure could we make this? and what would we need to do.
0
Comment
Question by:CaptainGiblets
  • 2
3 Comments
 
LVL 10

Expert Comment

by:rscottvan
ID: 34239312
The risk is that a server that is available from the internet also has access to internal systems.  If someone "owns" that box, they'll have a great launching point for all kinds of attacks on your other systems.

The only right way to do this is with a firewall dividing your network into separate security zones.  The webserver belongs in a "DMZ" which is a zone that is accessible from the internet, but has little or no access to the "Inside" zone, where your more trusted systems live.

A firewall with this capability is as little as a few hundred dollars.
0
 
LVL 6

Author Comment

by:CaptainGiblets
ID: 34239350
i understand this risks of showing an internal server to the world, however im wondering just how secure we can make it.

the reason being is that we have an sql server that the sharepoint server pulls information from, so moving the sharepoint server to a DMZ would mean that we would have to copy a full version of SQL (which isnt cheap) to publish data to a copy of sql express in the DMZ so the sharepoint server could still access the information.
0
 
LVL 10

Accepted Solution

by:
rscottvan earned 2000 total points
ID: 34240228
Actually, you could open only port 1433 from the DMZ to the internal SQL server.  This would be more secure than exposing an internal server to the internet.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question