How to secure access to private network files via IIS 6.0?

From: Sistemas Aurensis-Sys Sec (syssec_at_aurensis.com)
Date: 02/13/04

  • Next message: James Turnbull: "Re: Cisco PIX fixup protocol command"
    Date: Fri, 13 Feb 2004 12:39:36 +0100
    To: <security-basics@securityfocus.com>
    
    

    If files are static or change for example every day I prefer not open ports in the PIX firewall and upload this files with sftp. Open ports always have a risk, hackers have more points to try and more points to find a hole.
    If you have one possibility for not open ports its better.
    Ports 139 and 445 invoke try to hack.

    -----Mensaje original-----
    De: Ron Rollo [mailto:rjrollo@auditor.state.oh.us]
    Enviado el: jueves 12 de febrero de 2004 2:47
    Para: security-basics@securityfocus.com
    Asunto: How to secure access to private network files via IIS 6.0?

    I am looking for some info on best practices for securing file access to internet users via IIS 6.0. We have document files that are accessible via our private internal Windows servers, but there is a need to have some of them available for internet users.

    Our web server (Windows 2003 Server IIS6.0) is currently in a DMZ behind a PIX firewall. How can we provide authentication and access to files on the private network via our web server without having to host a seperate copy of those files in the DMZ? If we open up ports 139 or 445 for the web server in the DMZ to enter the inside, wouldn't we be putting our inside environment at a larger risk in the event someone hacks our web server? What are best practices for this type of need?

    ---------------------------------------------------------------------------
    Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

    Protect your network with the comprehensive security solution that
    integrates six applications for ease of use and lower TCO.

    Firewall - Virus protection - Spam protection - URL blocking - VPN
    - Wireless security.

    Download 30-day evaluation at:
    http://www.astaro.com/php/contact/securityfocus.php
    ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

    Protect your network with the comprehensive security solution that
    integrates six applications for ease of use and lower TCO.

    Firewall - Virus protection - Spam protection - URL blocking - VPN
    - Wireless security.

    Download 30-day evaluation at:
    http://www.astaro.com/php/contact/securityfocus.php
    ----------------------------------------------------------------------------


  • Next message: James Turnbull: "Re: Cisco PIX fixup protocol command"

    Relevant Pages

    • Re: Why a firewall for a PC?
      ... > as his ISP so that he can have a broadband connection. ... In the environment I work in, a firewall has a primary purpose ... > computers they can find, looking for open ports, etc. ... or outbound and implement TCP/IP Security on the XP O/S. ...
      (comp.security.firewalls)
    • How to secure access to private network files via IIS 6.0?
      ... If files are static or change for example every day I prefer not open ports in the PIX firewall and upload this files with sftp. ... Astaro Security Linux -- firewall with Spam/Virus Protection ...
      (Security-Basics)
    • RE: Is IDS/IPS worthless?
      ... increase over the last few years - IDS is little changed. ... Standard security ROI question when security doesn't have an ROI unless ... Astaro Security Linux -- firewall with Spam/Virus Protection ...
      (Focus-IDS)
    • RE: Firewall Netscreen 10 - URGENTLY
      ... therefore loosing whole configuration. ... Astaro Security Linux -- firewall with Spam/Virus Protection ...
      (Pen-Test)
    • Firewall Netscreen 10 - URGENTLY
      ... I am really needing your help. ... Astaro Security Linux -- firewall with Spam/Virus Protection ...
      (Pen-Test)