Re: basic question - intranet/internet
From: Andrew Davis [MS] (adavis_at_online.microsoft.com)
Date: 12/12/03
- Next message: Kevin: "Re: ISAPI Authentication"
- Previous message: Karl Levinson [x y] mvp: "** READ THIS BEFORE POSTING - answers to frequently asked questions 2003.12.12"
- In reply to: Jeff Cochran: "Re: basic question - intranet/internet"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 12 Dec 2003 14:38:03 GMT
Other thoughts to consider...
Multiple network cards, one with internet available IP, the other with
"intrAnet" IP. Each website in IIS can be bound to "All unassigned", just
the intrernet IP, or just the "intrAnet" IP thus making the app only
available to the interface you would like to expose it to. IIS doesn't have
to be "behind" another server to be safe, but running a firewall (perhaps
firewall/router) is highly recommended.
If exposing IIS to the internet the IIS Lockdown Tool and URLScan should be
applied to IIS.. It is critical that the server stay current with patches
from Windows Update.
Hope this helps!
This posting is provided "AS IS" with no warranties, and confers no rights.
Thanks!
~Andrew Davis
Microsoft PSS Security
--------------------
| From: jcochran.nospam@naplesgov.com (Jeff Cochran)
| Subject: Re: basic question - intranet/internet
| Date: Thu, 11 Dec 2003 15:15:55 GMT
| Organization: City of Naples, Florida
| Message-ID: <3fe48998.89329719@msnews.microsoft.com>
| References: <0e3701c3bfef$40c11330$a101280a@phx.gbl>
| X-Newsreader: Forte Agent 1.5/32.451
| MIME-Version: 1.0
| Content-Type: text/plain; charset=us-ascii
| Content-Transfer-Encoding: 7bit
| Newsgroups: microsoft.public.inetserver.iis.security
| NNTP-Posting-Host: ns1.naplesgov.net 209.26.8.10
| Lines: 1
| Path:
cpmsftngxa07.phx.gbl!cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP10.
phx.gbl
| Xref: cpmsftngxa07.phx.gbl microsoft.public.inetserver.iis.security:7792
| X-Tomcat-NG: microsoft.public.inetserver.iis.security
|
| On Thu, 11 Dec 2003 06:01:20 -0800, "KJ"
| <anonymous@discussions.microsoft.com> wrote:
|
| >I'm new to the networking end of things.
| >What is involved in making an intranet webapp available
| >to the internet?
|
| Connecting to the internet. :)
|
| >And what is involved in making an internet webapp an
| >intranet app only?
|
| Disconnecting from the internet. :)
|
| >When making a intranet webapp available to the internet,
| >what kind of hardware changes are needed?
|
| A router and connection to the internet.
|
| >I assume that
| >it is a good idea to move the app off of the current
| >server onto a new server that is designated to serve as
| >an internet web server only and will be isolated from the
| >rest of your systems.
|
| Sure. Maybe.
|
| There is no difference as far as IIS is concerned where an app is
| accessed from, whether intra- or inter-net. You have the usual
| security issues with logins accounts, etc. and you have firewall
| issues to deal with, but the IIS portion is identical wherever the
| client happens to be.
|
| Jeff
|
- Next message: Kevin: "Re: ISAPI Authentication"
- Previous message: Karl Levinson [x y] mvp: "** READ THIS BEFORE POSTING - answers to frequently asked questions 2003.12.12"
- In reply to: Jeff Cochran: "Re: basic question - intranet/internet"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
