Re: [fw-wiz] Allowing Internet Access to MS Project Server
- From: jdgorin@xxxxxxxxxxxx
- Date: Thu, 04 Oct 2007 10:57:44 +0200
On Behalf Of D Sharp
Sent: Wednesday, October 03, 2007 9:48 PM
Given the newer MS Project server supports a web access function, the
plan was to use something with less overhead than Citrix/Terminal
Services. Possible methods are:
a: Secure Proxy server with specific PWA filters, yet to be
b: Generic SSL/VPN security gateway that allows for URL filtering to
a DMZ'd PWA (web) server.
c: Web application security filter (transparent proxy) to a DMZ'd PWA
The MS Project Server would be separated into tiers: web,
I don't know PWA, but it might be some WebDAV protocol. So, don't put it in
front of the Internet!
Use a reverse proxy with some authentication to be sure of who connect to you
So, an external user need :So would the VPN credentials be separate from the "MS Project team"
* Credential from the security team to access the VPN.
* Credentials from the MS Project team to access the application.
The VPN credentials can be simple password, soft or hard
certificate (depends ofyour security policy).
In our case: Yes.
That's our policy: segregation of access (access to our information system
through the VPN, then access to the application: different credentials). That's
to deal with application manager (or AD manager) forgetting to cancel user
credential, or simply to cancel VPN access without canceling application access
Right now the majority of our user vpn access is by AD credentials.
That's a bad thing for us. But it depends of your risks, and so of you security
firewall-wizards mailing list
- Prev by Date: Re: [fw-wiz] Allowing Internet Access to MS Project Server
- Next by Date: [fw-wiz] Survey of IPv6 Support Among Commercial Firewalls
- Previous by thread: Re: [fw-wiz] Allowing Internet Access to MS Project Server
- Next by thread: Re: [fw-wiz] Allowing Internet Access to MS Project Server