Firewall Wizards mailing list archives
Re: Allowing Internet Access to MS Project Server
From: jdgorin () computer org
Date: Thu, 04 Oct 2007 10:57:44 +0200
-----Original Message----- From: firewall-wizards-bounces () listserv cybertrust com On Behalf Of D Sharp Sent: Wednesday, October 03, 2007 9:48 PM Given the newer MS Project server supports a web access function, the plan was to use something with less overhead than Citrix/Terminal Services. Possible methods are: a: Secure Proxy server with specific PWA filters, yet to be identified. b: Generic SSL/VPN security gateway that allows for URL filtering to a DMZ'd PWA (web) server. c: Web application security filter (transparent proxy) to a DMZ'd PWA (web) server. The MS Project Server would be separated into tiers: web, application, DB.
I don't know PWA, but it might be some WebDAV protocol. So, don't put it in front of the Internet! Use a reverse proxy with some authentication to be sure of who connect to you PWA server.
So, an external user need : * Credential from the security team to access the VPN. * Credentials from the MS Project team to access the application. The VPN credentials can be simple password, soft or hard certificate (depends ofyour security policy).So would the VPN credentials be separate from the "MS Project team" credentials?
In our case: Yes. That's our policy: segregation of access (access to our information system through the VPN, then access to the application: different credentials). That's to deal with application manager (or AD manager) forgetting to cancel user credential, or simply to cancel VPN access without canceling application access (internal usage).
Right now the majority of our user vpn access is by AD credentials.
That's a bad thing for us. But it depends of your risks, and so of you security policy. JDG _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Allowing Internet Access to MS Project Server D Sharp (Oct 03)
- Re: Allowing Internet Access to MS Project Server Darden, Patrick S. (Oct 03)
- Re: Allowing Internet Access to MS Project Server D Sharp (Oct 03)
- Re: Allowing Internet Access to MS Project Server Darden, Patrick S. (Oct 03)
- Re: Allowing Internet Access to MS Project Server D Sharp (Oct 03)
- Re: Allowing Internet Access to MS Project Server Paul D. Robertson (Oct 03)
- <Possible follow-ups>
- Re: Allowing Internet Access to MS Project Server jdgorin (Oct 03)
- Re: Allowing Internet Access to MS Project Server D Sharp (Oct 03)
- Re: Allowing Internet Access to MS Project Server jdgorin (Oct 04)
- Re: Allowing Internet Access to MS Project Server Darden, Patrick S. (Oct 08)
- Nat Limitations? jason (Oct 09)
- Re: Nat Limitations? Darden, Patrick S. (Oct 09)
- Re: Nat Limitations? Dave Piscitello (Oct 09)
- Re: Nat Limitations? jason (Oct 09)
- Re: Nat Limitations? Dale W. Carder (Oct 09)
- Nat Limitations? jason (Oct 09)
- Re: Allowing Internet Access to MS Project Server Darden, Patrick S. (Oct 03)