Solved

wish to setup a secure web server for downloads, but wont be able to see main network

Posted on 2011-09-26
4
235 Views
Last Modified: 2012-05-12
Hi, My boss has asked me to setup a webserver that will only distribute pdf reports to customers.
I was thinking of setting up a very simple webserver, that customers can see the pdfs and download as they need. not many clients will access it per day, so will host internally for remote access.
My users need to be able to copy the pdf's from our normal works network (sbs2011) to the folder of the webserver. Rather than using an FTP server/cloud, etc.

I was thinking of having our external IP hit our router, then some how redirect to the webserver. But not have the webserver on the same network as the domain. maybe use a few routers ?

What i'm after is a simple and cheap soluton to this. Where we can see the webserver. but if the webserver gets hacked, it can't access our network ?
0
Comment
Question by:total123
4 Comments
 
LVL 13

Assisted Solution

by:themrrobert
themrrobert earned 25 total points
ID: 36602389
Put it on the DMZ, there are settings in every router for it, as well as hundreds of google results to help get you there.

Best of luck,
0
 
LVL 5

Accepted Solution

by:
Gareth Tomlinson CISSP earned 25 total points
ID: 36708418
Are you planning to have the server on your domain, to allow users to copy files to it? Very dangerous to do that.
Password protect acces to the DMZ webserver, don't leave it public; ideally restrict access to the server by only allowing specific IP addresses to go through the firewall/router to the DMZ rather than "any".
Set up the redirect by using a non-standard web port rather then port 80; e.g. port 5643
tell your clients to use the URL http://x.x.x.x:5643, set the firewall/router to redirect that to the DMZ server as x.x.x.x on port 80.
That should deal with most of the idiots out there!
Good luck
Gareth
0
 

Author Comment

by:total123
ID: 36961564
thanks for the reply, I've looked at a solution of installing a firewall router that would then split the DMZ to the webserver and have another connection to another firewall router for the domain.
This would then allow the users to copy data to the webserver.
The webserver wouldn't need to be part of the domain.

how does that sound
0
 

Expert Comment

by:AytuncBeken
ID: 36961618
If you are looking for user to put files to webserver you should user file server instead of web server. And if you have any access managemenet functiin you can configure file server to check credentials.
Also with firewall you can open file server  to internet with access control.
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While working on Silverlight and WCF application, I faced one issue where fault exception occurred at WCF operation contract is not getting propagated to Silverlight client. So after searching net I came to know that it was behavior by default for s…
Running classic asp applications under Windows Server 2008 R2 (x64) and IIS 7 is not as easy as one may think. It took me a while to figure it out while getting error 8002801d a few times. After you install the OS you will need to install the fol…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question