Wouldn't a product like SecureIIS be a better solution? How do you intend to scan for known attacks? What about unknown ones?
On Tue, 15 Feb 2005 22:32:34 -0700, Shawn <[EMAIL PROTECTED]> wrote: > I have a situation where a web server needs to be accessible from the web, > with little/no set up on the client side. No big deal, but here's the rub: > The server in question is a W2K server running IIS, and just happens to run a > mission critical web app (it's this app that needs to be accessible to remote > employees). Of course, I'm concerned about hack attempts... > > My first thought is to implement a VPN solution. This will suffice for some > of the employees, but not all - we can't manage/dictate the remote > configuration in all cases. So while a VPN will help, it's not the final > solution (or so I think at this time). > > Next I thought of setting up an Apache server acting as a proxy to the IIS > server, and intercepting known script kiddie hack attempts with a 404. But > I'm wondering if this is overkill. > > The server in question has all the latest patches (and is kept up to date), > and sits behind an IPCop firewall. I don't feel overly comfortable directing > port 80 traffic right to the server, but maybe I'm being too paranoid (well, > they would loose 10's of thousands of dollars a day if the app is down for > more than a few minutes - so maybe I'm not being paranoid enough?). > > Is a combination of the VPN and Apache solution the best bet? Is there a > better way to handle this? Thanks for any input. > > Shawn > > _______________________________________________ > clug-talk mailing list > [email protected] > http://clug.ca/mailman/listinfo/clug-talk_clug.ca > Mailing List Guidelines (http://clug.ca/ml_guidelines.php) > **Please remove these lines when replying > -- Regards, Cade Cairns _______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
