Securing a file server that goes to http


I'm a programmer, not a sys admin. My question is about securing web servers.

We have two applications that display and let download a same group of MS-Word or PDF documents.

We have decided to store those documents not in a database but in filesystem. Also we have decided to put each in different servers (Windows Server 2003 with IIS6.0). The documents will be stored in a folder of a third server. Please see picture attached. Those three servers will be inside a DMZ.

In that case, those documents should be able to be browsed by http. As they are public, we are not worry about keeping them under secret, but we are worry about a possible server hacking and modifying contents.

What would be a good way to secure that file server of documents?
Would be better to migrate to Windows Server 2008?
Who is Participating?
shalomcConnect With a Mentor CTOCommented:
>> I think that file server should has IIS6.0. If not, would be still possible to access documents from two different web applications A and B?

Web apps A and B access shared folders on server C, not via HTTP but via CIFS/SMB.

Therefore HTTP and IIS are not required and can be removed.
Ron MalmsteadInformation Services ManagerCommented:
Possible solutions...

1) Encrypt the files and decrypt them when serving them up on the webserver.

2) Use a "service account" to access the files, from the webserver.. in this scenario I would recommend the file server wouldn't be a member of the domain, and you would use a strong password for both the administrator account and the service account.

3) Create a firewall rule that only allows communication from the webserver to the fileserver and visa versa.  That way the only way to get these files, or the server itself.. is through the web interface you've established.

Ideally you would use all three of these options together.
Aaron TomoskyTechnology ConsultantCommented:
Agreed. A layered approach is best and have  way to monitor each layer. So the file server can only be accessed by the web server and even then you can do read only if you want.
Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

miyahiraAuthor Commented:
Thanks, xuserx2000.

Just a small clarification for option number two:

2) For that "service account", I guess that I have to create an account named "DocReader" in Web Server with privileges to read files in File System Server. Also, in FileSystem Server should exist a DocReader account.

Are those accounts transparent for Or should I specifically use that service account in my application for reading documents?
Ron MalmsteadConnect With a Mentor Information Services ManagerCommented:
Actually, the account would exist on the File Server, and you would programmatically authenticate to that server when retrieving docs.

Impersonation, which is what I think you are referring to, would work fine if both machines are members of the domain and the account is using those creds.

You could use a mapped drive as well with the appropriate creds, which would be alot easier.. , but I would avoid that in case the webserver could be comprimised.

You can also use simple command line auth from a shell exec..but I don't recommend it.
For example..
NET USE \\ServerName\IPC$ /USER:ServerName\User1 YourReaallyreallystrongP@$$worb
XCOPY \\Servername\C$\PathtoFiles\EncryptedFile.pdf c:\ASPTempDir\EncryptedFile.pdf

then..unencrypt the file and serve it up, and then delete it from the temp dir (ok solution).  Or unencrypt it in memory reading the file in code, and authing the user account in code, and serve the Filebytes (better solution)

Really it depends on how secure vs. complicated you want this.
My main concern would be if the site is SSL encrypted to begin with, since most hacks involve sniffing of traffic between client and server.
Aaron TomoskyTechnology ConsultantCommented:
You said they are public documents, so I don't see the need for encryption, just share it to the other box with read only permissions.
shalomcConnect With a Mentor CTOCommented:
The file server should be only a file server.
Remove from it all unnecessary services like IIS, and follow general checklists like this one
miyahiraAuthor Commented:
>> The file server should be only a file server.

I think that file server should has IIS6.0. If not, would be still possible to access documents from two different web applications A and B?

Web Applications A and B load document from fileserver as:
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.