Re: [fw-wiz] Allowing Internet Access to MS Project Server



On Tue, 2 Oct 2007, D Sharp wrote:

A IT project Managers would like to install MS Project 2007 server and
make that the central repository for all our IT related projects. Since
we have significant numbers of out sourced contractors, the team would
like external access enabled. Also to keep costs low they would like the
server to have a Internet presence. Our server support team would like
the server(s) to be part of our internal AD domain.

We have OWA exposed to the Internet, but through a secure proxy.

What would should be some key security areas.

Well, other than the server itself, and the application (which I haven't
evaluated and don't have an opinion on) the biggest thing I can see is
that if the application uses the AD credentials, you're creating accounts
in your domain for third parties. That means you're going to have to
track the accounts and permissions carefully, espeically if you have folks
going from internal employee to consultant. I'd probably implement a
seperate directory environment for third parties unless I knew for sure
that the appropriate group and permission discipline went into every
system and user.

For internal users, I'm also not a fan of solely using domain credentials
for Internet applications. Password re-use and game-over scenarios are just
too easy, so I tend to put authenticating proxies in front of things like
OWA.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
paul@xxxxxxxxxxxx which may have no basis whatsoever in fact."
http://www.fluiditgroup.com/blog/pdr/

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages

  • Re: Urgent! New router and big disaster
    ... The SBS DNS server, running on ... its IP it means that your problem is now DNS. ... forward ports to it reliably in the router. ... I should have been more clear about internet connection.. ...
    (microsoft.public.windows.server.sbs)
  • Re: RWW Disconnecting
    ... I have been connected from a remote site for about 3 ... DHCP server and even a wireless access ... the key codes to for Internet access. ... Client Workstations} ...
    (microsoft.public.windows.server.sbs)
  • Re: EBS 2008 and e-mail issues
    ... the internal interface of the security server. ... If I forward to the Exchange server (yes I know I'm not ... rerunning the change security level wizard is not possible. ... customer here wants to exclude some users from internet. ...
    (microsoft.public.windows.server.sbs)
  • Re: Urgent! New router and big disaster
    ... I checked the binding order and the Server Local area connection is at the top. ... I should have been more clear about internet connection.. ... I wonder if I may have missed a firewall setting on the router as well. ...
    (microsoft.public.windows.server.sbs)
  • RE: Catchall not working, EXTERNALLY?
    ... When I open the connection (over internet) to my exchange account, ... the data is stored on the Exchange server side. ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)