putting a http website behind the firewall.

Posted on 2014-01-16
Medium Priority
Last Modified: 2014-01-30
What potential issue do I have if I have a web site behind the firewall to be accessed via http only but no https?

Please advise.

Question by:nav2567
LVL 17

Accepted Solution

Chris Millard earned 2000 total points
ID: 39786685
There are lots of factors to consider - is your website to be available to the world? What type of Firewall are you going to be behind? What will your website do and what platform will it run on (ASP, PHP, SQL, MySQL etc)...

Basically as soon as you start opening ports to your network, you are giving potential intruders a way in. If they find holes in your web applications, they could quite easily inject malicious code into your network.

You need to ensure that your server is fully patched, and make sure you thoroughly test any web site / application before opening it up to the outside world.

Ideally if you had the funds, you'd pay a consultant to perform a penetration test so that they could report back with any loopholes they find.

Of course you could make things a bit safer by having your web server on a DMZ behind your Firewall so that it is separate from your main network too.
LVL 62

Expert Comment

ID: 39789034
With http poor overworked telecoms admins will be able to see all what your users do.
i tink you can get ssl certificate for single site for free (comodo?)

Featured Post

KuppingerCole Reviews AlgoSec in Executive Report

Leading analyst firm, KuppingerCole reviews AlgoSec's Security Policy Management Solution, and the security challenges faced by companies today in their Executive View report.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Are you looking to start a business? Do you own and operate a small company? If so, here are some courses you need to take before you hire a full-time IT staff.
A question that many companies need to answer until May 25th of 2018... Is your company ready for GDPR?
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question