firewall-wizards@listserv.icsalabs.com
To subscribe or unsubscribe via the World Wide Web, visit
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@listserv.icsalabs.com
You can reach the person managing the list at
firewall-wizards-owner@listserv.icsalabs.com
When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."
Today's Topics:
1. Allowing Internet Access to MS Project Server (D Sharp)
2. Re: Allowing Internet Access to MS Project Server
(Darden, Patrick S.)
3. Re: Allowing Internet Access to MS Project Server
(Paul D. Robertson)
----------------------------------------------------------------------
Message: 1
Date: Tue, 02 Oct 2007 11:09:45 -0700
From: D Sharp <drsharp@pacbell.net>
Subject: [fw-wiz] Allowing Internet Access to MS Project Server
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.cybertrust.com>
Message-ID: <47028969.5030302@pacbell.net>
Content-Type: text/plain; charset=us-ascii; format=flowed
Hi;
A IT project Managers would like to install MS Project 2007 server and
make that the central repository for all our IT related projects. Since
we have significant numbers of out sourced contractors, the team would
like external access enabled. Also to keep costs low they would like the
server to have a Internet presence. Our server support team would like
the server(s) to be part of our internal AD domain.
We have OWA exposed to the Internet, but through a secure proxy.
What would should be some key security areas.
Thanks,
Duncan Sharp
------------------------------
Message: 2
Date: Wed, 3 Oct 2007 08:35:02 -0400
From: "Darden, Patrick S." <darden@armc.org>
Subject: Re: [fw-wiz] Allowing Internet Access to MS Project Server
To: "Firewall Wizards Security Mailing List"
<firewall-wizards@listserv.icsalabs.com>
Message-ID: <CBE22E5FF427B149A272DD1DDE1075240184E2B8@EX2K3.armc.org>
Content-Type: text/plain; charset="iso-8859-1"
So, I think you are saying you have this:
internet-------------------------------------------
|
firewall
|
dmz------------------------------------------------
| |
firewall secure proxy server (https)
|
internal network---------------------------------
|
ms project server
So, if the only way to access the ms project server from the internet is thru the proxy server, then you should be golden.
--p
-----Original Message-----
From: firewall-wizards-bounces@listserv.icsalabs.com
[mailto:firewall-wizards-bounces@listserv.icsalabs.com]On Behalf Of D
Sharp
Sent: Tuesday, October 02, 2007 2:10 PM
To: Firewall Wizards Security Mailing List
Subject: [fw-wiz] Allowing Internet Access to MS Project Server
Hi;
A IT project Managers would like to install MS Project 2007 server and
make that the central repository for all our IT related projects. Since
we have significant numbers of out sourced contractors, the team would
like external access enabled. Also to keep costs low they would like the
server to have a Internet presence. Our server support team would like
the server(s) to be part of our internal AD domain.
We have OWA exposed to the Internet, but through a secure proxy.
What would should be some key security areas.
Thanks,
Duncan Sharp
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
------------------------------
Message: 3
Date: Wed, 3 Oct 2007 11:20:06 -0400 (EDT)
From: "Paul D. Robertson" <paul@compuwar.net>
Subject: Re: [fw-wiz] Allowing Internet Access to MS Project Server
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID: <Pine.LNX.4.44.0710031115001.23589-100000@bat.clueby4.org>
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Tue, 2 Oct 2007, D Sharp wrote:
> A IT project Managers would like to install MS Project 2007 server and
> make that the central repository for all our IT related projects. Since
> we have significant numbers of out sourced contractors, the team would
> like external access enabled. Also to keep costs low they would like the
> server to have a Internet presence. Our server support team would like
> the server(s) to be part of our internal AD domain.
>
> We have OWA exposed to the Internet, but through a secure proxy.
>
> What would should be some key security areas.
Well, other than the server itself, and the application (which I haven't
evaluated and don't have an opinion on) the biggest thing I can see is
that if the application uses the AD credentials, you're creating accounts
in your domain for third parties. That means you're going to have to
track the accounts and permissions carefully, espeically if you have folks
going from internal employee to consultant. I'd probably implement a
seperate directory environment for third parties unless I knew for sure
that the appropriate group and permission discipline went into every
system and user.
For internal users, I'm also not a fan of solely using domain credentials
for Internet applications. Password re-use and game-over scenarios are just
too easy, so I tend to put authenticating proxies in front of things like
OWA.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
paul@compuwar.net which may have no basis whatsoever in fact."
http://www.fluiditgroup.com/blog/pdr/
------------------------------
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
End of firewall-wizards Digest, Vol 18, Issue 1
***********************************************
No comments:
Post a Comment