We are looking to inherit a web application that will be hosted internally within our network. It will have to be made public so external users can use it, but management wants to avoid VPN. The application will host many private information, so I need to be sure that the web server is completely secure to my best ability. Need some helpful tips from experts to give me a good scope of what might need to be done. Here are my ideas:
- Install a SSL certificate to encrypt external to internal
- Look into Secure ID type method where we could manipulate certificates?
- So we can issue certs to those that need to connect
- Revoke certs that are no longer needed
- Only those with certs will be able to view the URL link (such as https://webapp.com
), if no cert the link would be blocked...?
Anyone of any best practices that would help me setup this scenario?