Re: [fw-wiz] Allowing Internet Access to MS Project Server


-----Original Message-----
From: firewall-wizards-bounces@xxxxxxxxxxxxxxxxxxxxxxx
On Behalf Of D Sharp
Sent: Wednesday, October 03, 2007 9:48 PM

Given the newer MS Project server supports a web access function, the
plan was to use something with less overhead than Citrix/Terminal
Services. Possible methods are:
a: Secure Proxy server with specific PWA filters, yet to be
identified.
b: Generic SSL/VPN security gateway that allows for URL filtering to
a DMZ'd PWA (web) server.
c: Web application security filter (transparent proxy) to a DMZ'd PWA
(web) server.

The MS Project Server would be separated into tiers: web,
application, DB.

I don't know PWA, but it might be some WebDAV protocol. So, don't put it in
front of the Internet!
Use a reverse proxy with some authentication to be sure of who connect to you
PWA server.

So, an external user need :
* Credential from the security team to access the VPN.
* Credentials from the MS Project team to access the application.

The VPN credentials can be simple password, soft or hard
certificate (depends ofyour security policy).

So would the VPN credentials be separate from the "MS Project team"
credentials?

In our case: Yes.

That's our policy: segregation of access (access to our information system
through the VPN, then access to the application: different credentials). That's
to deal with application manager (or AD manager) forgetting to cancel user
credential, or simply to cancel VPN access without canceling application access
(internal usage).

Right now the majority of our user vpn access is by AD credentials.

That's a bad thing for us. But it depends of your risks, and so of you security
policy.

JDG
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Relevant Pages

  • Re: RWW
    ... "normal" Windows Server 2003 way... ... that this worked before trying RWW in this environment. ... enable Remote Desktop first and to add to the local Remote Desktop Users ... as well as entering credentials on the FBA logon page. ...
    (microsoft.public.windows.server.sbs)
  • Re: Sharing/Forwarding website credentials programatically
    ... What you are wanting is not really delegation of credentials from the portal ... can directly contact that server). ... authentication over SSL against a standard Active Directory account. ... essentially in the request-headers or URI itself. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Error using LDAP - An Operation Error occured
    ... Guess you have a security issue due to the multi-hop architecture ... takes credentials) when binding to the LDA server. ... | Server and try to access it from client machines, ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: How to close LAN session and login as another credentials
    ... and is connected to a share on the server. ... these credentials, since it will automatically try to use the credentials of ... The problem is that from 1 login session on a PC, ... When I try to access administrator share ...
    (microsoft.public.windowsxp.network_web)
  • Re: Non-interactive process launched by DCOM does not have network access
    ... The kerboros protocol will help to impersonate the client security context ... It is normally insecure to allow the server to use the ... machine(which only the client user account has permission to access). ... Regarding "The credentials are the same, it's just running in a different ...
    (microsoft.public.platformsdk.security)