-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Shawn,
The reverse proxy is very good and not overkill. You will need to test it with their application. Some application do not work with the reverse proxy. Has the Win2K machine had the IIS lockdown tool run on it? You might want to investigate this as well. The lockdown tool can break web applications but it does add to the security of the IIS server. It is configurable so you do not have to shut everything off if it is going to break the app. Thanks! Sheridan Shawn wrote: | I have a situation where a web server needs to be accessible from the web, | with little/no set up on the client side. No big deal, but here's the rub: | The server in question is a W2K server running IIS, and just happens to run a | mission critical web app (it's this app that needs to be accessible to remote | employees). Of course, I'm concerned about hack attempts... | | My first thought is to implement a VPN solution. This will suffice for some | of the employees, but not all - we can't manage/dictate the remote | configuration in all cases. So while a VPN will help, it's not the final | solution (or so I think at this time). | | Next I thought of setting up an Apache server acting as a proxy to the IIS | server, and intercepting known script kiddie hack attempts with a 404. But | I'm wondering if this is overkill. | | The server in question has all the latest patches (and is kept up to date), | and sits behind an IPCop firewall. I don't feel overly comfortable directing | port 80 traffic right to the server, but maybe I'm being too paranoid (well, | they would loose 10's of thousands of dollars a day if the app is down for | more than a few minutes - so maybe I'm not being paranoid enough?). | | Is a combination of the VPN and Apache solution the best bet? Is there a | better way to handle this? Thanks for any input. | | Shawn | | _______________________________________________ | clug-talk mailing list | [email protected] | http://clug.ca/mailman/listinfo/clug-talk_clug.ca | Mailing List Guidelines (http://clug.ca/ml_guidelines.php) | **Please remove these lines when replying - -- Sheridan Hawken LPIC-1 Senior IT Specialist Trema Laboratories Inc. Suite 200, 5970 Centre Street SE Calgary, Alberta, Canada T2H 0C1 Phone: +1.403.692.2038 Fax: +1.403.253.5247 Email: [EMAIL PROTECTED] Web: www.trema.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCE2KRBTy28WhqBSkRAiqnAJ45RDaZCpQwv3+PdMGiI72qgx9IywCeNn1C D5LcP3J6vNLTwfYh7HqZWFs= =3/BH -----END PGP SIGNATURE----- This message, including any attachments, is intended only for the person(s) to whom it is addressed. If you received it in error, please let us know and delete the message from your system. This message may be confidential and may fall under the duty of non-disclosure. Any use by others than the intended addressee is prohibited. Trema shall not be liable for any damage related to the electronic transmission of this message, such as failure or delay of its delivery, interception or manipulation by third parties, or transmission of viruses or other malicious code. _______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
