1,105,380 Community Members

Internet and Intranet Security level

Member Avatar
mherz
Newbie Poster
15 posts since Oct 2013
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

Hi!

I dont know what is the best thing to do to secure my website via internet and intranet. It happens that some of my pages should be able to view via the internet but all pages should keep running and able to access via intranet. On web.config I set the authentication mode to "WINDOWS". According to some article "WINDOWS authentication" is for intranet and not advisable to use it via internet. Right now, I know the best thing to do is to set it to "FORMS authentication".

My problem is, how do I secure or restrict my other pages/files which not suppose to be seen on the internet. I try to set the IP/PORT but the access on the file still able to view(e.g by typing the file directory).

I would appreciate any advice.

Thanks in advance.

Member Avatar
JorgeM
IT Addict
6,413 posts since Dec 2011
Reputation Points: 581 [?]
Q&As Helped to Solve: 963 [?]
Skill Endorsements: 172 [?]
Moderator
Featured
Sponsor
 
0
 

You are correct that setting the authentication to "windows" is not going to work well for Intenet users. Windows authentication is best for an intranet for networks that run Windows operating systems.

If you are going to have one web application, secured by forms based authentication, you'll force both your intranet and internet users to login using a username and password. If there are certain pages you want to restrict access and deny internet users, you can do so by setting up a function that checks to see if the source IP from the visitor is from within the local intranet or if its a public IP from the Internet. If its local, allow access to the page, if not, redirect the user to another page.

Member Avatar
mherz
Newbie Poster
15 posts since Oct 2013
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

@JorgeM, thanks for the advise.
One more thing, If I did not modify the authentication from "windows". Could I be able to manage or control my website access using proxy or domain host? Could it be possible we can restrict which file are accessible on the internet and intranet. It's just an idea, Do these things possible?

Thanks

Member Avatar
JorgeM
IT Addict
6,413 posts since Dec 2011
Reputation Points: 581 [?]
Q&As Helped to Solve: 963 [?]
Skill Endorsements: 172 [?]
Moderator
Featured
Sponsor
 
0
 

If you place another device in front of the web server to filter the traffic then yes I see that as possible.

Member Avatar
mherz
Newbie Poster
15 posts since Oct 2013
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

Hi Jorge,

Can you give me a specific device that I can use to filter the traffic?

Thanks

Member Avatar
JorgeM
IT Addict
6,413 posts since Dec 2011
Reputation Points: 581 [?]
Q&As Helped to Solve: 963 [?]
Skill Endorsements: 172 [?]
Moderator
Featured
Sponsor
 
0
 

Just about any network device that can do URL filtering would be able to take care of this... Firewalls, Forward Proxies, Reverse Proxies, to name a few. consider... Check Point, Palo Alto, F5, NetScaler, etc.. (very costly)

You can also do this in software (code) as i previously mentioned by inspecting the source IP. You can leverage Server.Variables such as HTTP_X_FORWARDED_FOR and REMOTE_ADDR. (Free). If I were to do this in code, I would simply create a static function that takes in the IP address as a parameter, then have the function return true or false by examining the IP. In your code, you either allow access to the page based on this return value.

Member Avatar
mherz
Newbie Poster
15 posts since Oct 2013
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

Thank you so much Jeorge.

You
This article has been dead for over three months: Start a new discussion instead
Post:
Start New Discussion
Tags Related to this Article