[fw-wiz] Access to internal resources

From: Nathan Casey (ncasey_at_sonoma-county.org)
Date: 06/22/04

  • Next message: Mason: "Re: [fw-wiz] Web server security?" 
    To: <firewall-wizards@honor.icsalabs.com>
Date: Tue, 22 Jun 2004 05:22:12 -0700

    We have SQL data which can currently be viewed on our internal Intranet by select employees. Access to the SQL data site is controlled by NTFS permissions.
    Now, we are required to make the same SQL data available over the internet to the same group of people that have internal access.
    Our external web server is in a PIX DMZ separate from our internal network. Would it be possible to use MS ISA server to act as a reverse proxy to allow external users access SQL data in a browser over the public internet?

    Internet Router
    (Public IP)
    |
    |
    PIX FIREWALL
    |
    |
    Web server
    |
    |
    PIX FIREWALL
    *internal Network*
    |
    |
    ISA SERVER
    |
    |
    SQL SERVER DATA
     
     
    The current intranet sight is just a web page that allows users to search
    a records DB containing real estate info (http://intranet/houses). The
    users that access this page have only read access to the table containing
    the info.
    When the user accesses the page they are prompted for a username and
    password to access the information (Domain username and password).
    They now need to be able to access the same info from the internet in the
    same manner. Only the users that can access the intranet site should be
    able to access the internet site (www.sonoma.com/houses) and the SQL data.
    Would the web server in the PIX DMZ point to the ISA server as the
    location of the SQL DB, and then forward the request to the SQL server?
    Thank you for the advice!

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Mason: "Re: [fw-wiz] Web server security?"

    Relevant Pages

    • Re: Prividing Intranet Website Access To External Users
      ... I really wouldnt like to be having my company intranet on the ... I would probably integrate the ldap/dc as a security server on the ... >> The web server will be in the DMZ, and only port 443 will be ... >> intranets to the internet in a secure manner. ...
      (Security-Basics)
    • SBS 2003 default intranet problem
      ... I have a SBS 2003 server connected to the internet via a router. ... default website and the intranet website everything is the default install. ... For the internet site I am able to get to my remote login as well as my OWA ...
      (microsoft.public.windows.server.sbs)
    • Re: Virtual Directory to a remote UNC not working properly
      ... I want this to work so when users are on the inside (Intranet) they do ... Will this be OK if all my vir-dir (NAS) links have a public web address? ... it to work from Internet. ... well as publish your flnas01 server to be accessible via the Internet. ...
      (microsoft.public.inetserver.iis.security)
    • Ethernet
      ... Eventualmente los Led del Switch se vuelven intermitentes todos y se ... desconecta el intranet y el internet. ... Server en ingles, W2003 server y NT 4.0 y no se corrigio el problema, ...
      (microsoft.public.win2000.general)
    • Internet or Intranet access through sbs2003 problems
      ... I seem to be having a problem with my sbs2003 server. ... have internet access or intranet access but not both. ... resources, just NOT companyweb. ...
      (microsoft.public.windows.server.sbs)