Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Publishing a website on an internal server

Posted on 2010-11-30
3
Medium Priority
?
415 Views
Last Modified: 2012-05-10
I know this is not really recommended, but my boss wants a list of all the different ways we can publish a server including having the server in our internal domain.

Basically, if we are publishing straight from external -> ISA 2004 -> internal server running web services - how secure could we make this? and what would we need to do.
0
Comment
Question by:CaptainGiblets
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 10

Expert Comment

by:rscottvan
ID: 34239312
The risk is that a server that is available from the internet also has access to internal systems.  If someone "owns" that box, they'll have a great launching point for all kinds of attacks on your other systems.

The only right way to do this is with a firewall dividing your network into separate security zones.  The webserver belongs in a "DMZ" which is a zone that is accessible from the internet, but has little or no access to the "Inside" zone, where your more trusted systems live.

A firewall with this capability is as little as a few hundred dollars.
0
 
LVL 6

Author Comment

by:CaptainGiblets
ID: 34239350
i understand this risks of showing an internal server to the world, however im wondering just how secure we can make it.

the reason being is that we have an sql server that the sharepoint server pulls information from, so moving the sharepoint server to a DMZ would mean that we would have to copy a full version of SQL (which isnt cheap) to publish data to a copy of sql express in the DMZ so the sharepoint server could still access the information.
0
 
LVL 10

Accepted Solution

by:
rscottvan earned 2000 total points
ID: 34240228
Actually, you could open only port 1433 from the DMZ to the internal SQL server.  This would be more secure than exposing an internal server to the internet.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
A hard and fast method for reducing Active Directory Administrators members.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question