Hi All,

Just wondering if anyone can give me a quick pointer - i want to allow access for a single website through our firewall.  We host multiple interal sites to which no access should be available.  I was planning on assigning the 'externally available' site a high, obscure port number and only allow that port through firewall (and use port mapping through NAT), assign it to the site, and continue to block port 80.  Will that give adequate security - and are there other concerns with allowing a no specific port through (eg 8299)?

Many thanks for any ideas,

Regards
Steve

Well, opening up port 80 means that all our webs will be available.  People will only access the site via a link anyway - which will only entail putting http://www.domain.com:8301/etc.asp - www.domain.com:8301/etc.asp  the port no in the link.  Not that much of a hassle.  Dont want to be paranoid - just sensible.

Steve

Hi Mart,

The problem is that i dont want to have to create an account for every user, and many of them will just be the general public that will be accessing the pages as an online sample of our product.  Thats why the access should more or less be freely available - but only to that application - thats why i keep coming back to securing through port.

However, i do feel that authentication is important - as i currently think our local intranet sites just use the anonymous account.  So perhaps the 'exposed' site - through this port can use anon account, and the rest Win2K logons.  I still cant make sense of allowing TCP port 80 traffic through..

Steve

But of course - in fact its probably more like 100's of 1000's, but we dont personally have to resources to organise adequate security on how to do this... Unless someone here can tell me how, or give me a pointer in the direction for where i might learn.

I guess the very point of suggesting the obscure port through was to get ideas as to its validity and whether it would provide any measure of security to meet our needs.  If other ideas are available, these would certainly be welcome too.  We are just looking for a simple solution to the problem (that does not need to be individually customised/created for each user) that wont compromise our primary server - on which the site is hosted.

Any ideas are referrals (to sites, etc) are most welcome.  Information on securing Win2K machines for external HTTP traffic seems to be few and far between.

Steve

just deny anonymous access to certain folders on your site... so ur directory structure might look like this

SITE HOME--- Anonymous access allowed
---default.asp --- anonymous access home page
---FOLDER:securesite --- Anonymous access denied
------default.asp --- secure site home page

u just create a few users for different levels of access