Options for securing a Public Webserver and Private Intranet on s ame server.

From: Jonathon.Kalaugher@sbg-ap.com
Date: 08/27/01 

Message-ID: <E48EF4B51A3A47468CEA37E874AA16D831AC71@eidyia.spherebusinessgroup.com>
From: Jonathon.Kalaugher@sbg-ap.com
To: focus-ms@securityfocus.com
Subject: Options for securing a Public Webserver and Private Intranet on s ame server.
Date: Tue, 28 Aug 2001 08:44:30 +1200

Hello List,

Background:

Public Website and private Intranet running on same server behind a FW.

The Intranet is accessed via IIS/windows authentication with a "full public
access over port 80" rule on the Firewall to the server in question.

The users access the public website and enter authentication apon hitting
the corporate logon area/box to access the Intranet.

We considering the following steps...

1) Separate both onto separate servers and DMZ's
2) Still Allow full public access to both servers over ports 80/443.

Question.

1) What are the implications of having both the Website and Intranet
residing on the same server? Does the "allow all on ports 80/4443" to the
public website expose the Intranet (on the same server) to any extra
security risks?

2) Would moving the Intranet to a separate server (still accessible to
the public over port 80/443) and only allowing authenticated access to the
application stop (or somehow hinder) it being vulnerable from any IIS
exploits?.

i.e. Would the authentication prompt for Intranet access, block any
unauthorised access to the underlying IIS / Intranet?, as a user is prompted
for sign on before having access to the site.?

Or is it secure to have both the Website and Intranet running on the same
server if certain steps are taken first, as the goal is to maximise security
of the Intranet.

Thanking you all heaps in advance for any feedback at all.

JK.

Relevant Pages

  • IIS / NTFS Security Issues with hyperlink within e-mail
    ... I have an asp page on our Intranet server which is set ... of this is to ensure that requests to this page contain ... Intranet all works well for all users. ... Security" dialog is also displayed requesting the user ...
    (microsoft.public.inetserver.iis.security)
  • RE: Options for securing a Public Webserver and Private Intranet on same server.
    ... Options for securing a Public Webserver and Private Intranet on same server. ... Use the IIS checklist and tools and regularly apply all new security patches ...
    (Focus-Microsoft)
  • Re: File Download message when I execute a program from a network share
    ... I did use the computer name in the executable path. ... Internet Options security settings, but that didn't work. ... This is a new server that I am going to use as a terminal ... >identified to be in the Intranet Zone, ...
    (microsoft.public.windows.server.general)
  • I need flowchart for how Internet Explorer determines security zon
    ... the security domain to find out if the action is allowed. ... zone until all of the IE patches have been distributed. ... adding the site to the intranet site's list would still have this fixed. ... When the server I was pulling the assembly from was in the intranet zone, ...
    (microsoft.public.internet.explorer.ieak)
  • Re: Enhanced Security Settings Windows 2003 Server
    ... how to configure terminal server in combination with enhanced security. ... Do you use a proxy server for your Internet connection? ... to your applications and Intranet while NOT being able to get to the ... Maybe someone else in this group has more info about the enhanced security ...
    (microsoft.public.windows.terminal_services)