Re: Securing public IIS server that is part of internal LAN

From: Jeff Cochran (jcochran)
Date: 06/23/02


From: jcochran at naplesgov dot com (Jeff Cochran)
Date: Sun, 23 Jun 2002 12:47:04 GMT


> I have a 4 machine home LAN using DSL with a static IP. I would like
>to use one of the four servers as a webserver using IIS (for ASP). My
>concern in doing this is the the machine I want to use as a web server
>is also part of my private LAN (Workgroup mode). How can I go about
>securing my LAN while allowing outside access to the web server?

By using a firewall that provides a DMZ capability, and configuring
access rules that prevent access from the Internet to your LAN whiole
allowing only web access from Internet to DMZ.

> I have come across suggestions that describe using the MS Netbui
>protocol to bind file and print sharing for the internal network and not
>TCP/IP.

That works as long as your web server never gets compromised, NetBEUI
won't route so nobody can get to it across your router.

>I have an SMC NAT firewall protecting my LAN so I can control
>what ports are opened. I was intending on using just port 80 via the
>virtual server capability of the SMC.

This will also work. Make sure your security is tight on the web
server, use all the tools available at
http://www.microsoft.com/security/

> Am I on the right track here or should I try something else? Thanks
>for any suggestions!

Several right tracks. Each presents specific problems to be overcome,
but all *can* work.

Jeff



Relevant Pages

  • Re: Horrible VPN Performance
    ... The most common example of an application *not* to use over VPN is Microsoft Access, which moves entire tables to the client machine, and throws a tantrum if it loses connectivity, occasionally reducing the entire server database to scrap. ... SBS will not do this, other than for purposes of its own administration. ... which uses a workstation on the LAN running ... I ask as, not being a full-time web server administrator, my ...
    (microsoft.public.windows.server.sbs)
  • Re: smbclient timeout, file truncated / 9.1 Pro (was Re: libpopt.so.0 conflict...
    ... >and the OS/2 machines on the LAN. ... NETBEUI was invented to allow windows clients to use an OS/2 server. ... 9 buffer small read and write requests until the buffer is full ... Acknowledgment Timeout ...
    (alt.os.linux.suse)
  • Re: Indirect synchronization setup with no synchronizers on servers
    ... Replica Manager to be installed at all. ... trust any LAN, except the LAN where the file server is that stores my ... remote PCs have synchronizers but the server does not. ... There is no difference between a synchronizer operating on replicas ...
    (microsoft.public.access.replication)
  • Re: Possible to secure WEP?
    ... It doesn't have to be a "server". ... this IP cannot be in the same class C IP block as your own LAN. ... To keep it simple, my gateway router, ... Ethernet adapter Local Area Connection: ...
    (alt.internet.wireless)
  • Re: DMZ and file sharing
    ... Never ever use DMZ, a) its an open unlocked door with a big sign saying your ... save/retreive files to/from a restricted area on the LAN. ... and only server. ... You need to consider the safety of the LAN when the web server gets ...
    (microsoft.public.windows.server.sbs)