What types of website authentication methods are safe (safest) over the Internet?
Posted on 2011-05-05
I have two sites that I'm thinking about right now. One is a SharePoint intranet site. The other is a ticketing system site.
The SharePoint site is a basic site that is used primarily for links, announcements, and an office calendar. It doesn't have anything of secure nature on it, but that doesn't mean I'm not worried about security. The site is setup in IIS 6.0. It's using the free version of SharePoint on a 2003 server. It is accessible on the Internet, which makes me question its security. It is on a site that does not have SSL encryption. But it is using Integrated Authentication. From what I've read, Integrated Authentication is encrypted? Is that true? How safe is it without an SSL connection?
The ticketing system site is even worse, I think. It is on a 2008 box in IIS. We do not have it available outside of our network, but we would like to. It is not using an SSL connection. I looked at the authentication method in IIS, and it said it was using Anonymous. I looked up Anonymous Authentication, but couldn't figure out much about it. Is it encrypted? The weird part (at least it's weird to me), is that once on the site, you still have to log in. But apparently that's not website authentication? I don't quite get that. When people enter their credentials at that point, is it safe?
I just don't know anything about website authentication. I don't know much about authentication in general. Can anyone clarify all of this for me?