Hi,
How do you or would suggest the login procedure from Internet to a small
shops intranet website?
https, right but how about authentication?
/michael
|
|
0
|
|
|
|
Reply
|
 Michael
|
5/26/2009 8:17:36 PM |
|
Michael Laajanen <michael_laajanen@yahoo.com> wrote:
> Hi,
>
> How do you or would suggest the login procedure from Internet to a
> small
> shops intranet website?
>
> https, right but how about authentication?
>
> /michael
use a vpn connection.
chris
--
CHRIS ECKERT eckert[at]alphanet.ch - mobile
|
|
|
0
|
|
|
|
Reply
|
Chris
|
5/26/2009 8:41:32 PM
|
|
On Tue, 26 May 2009, Michael Laajanen wrote:
> How do you or would suggest the login procedure from Internet to a small
> shops intranet website?
>
> https, right but how about authentication?
Not sure I completely understand your question, so please have me excused
if my answer is way off. Anyway, I used to work at a place where we had an
"intranet website" that was accessible from the internet. It was located
in the DMZ and port TCP/443 was open through the firewall. Authentcation
was handled by an apache module that talked to a SecureID server for two
factor authentication. We also used SecureID with openssh through PAM,
both on Solaris and Linux.
The intranet site was only used for internal communication and we
accepted the risk that it could possibly be subjected to hacking/cracking,
as any system connected to the internet can be. We had measures in place
to ensure confidensiality and availability of the data, but not much that
could ensure their integrity.
On a project I'm involved with now we plan to not open any ports in the
firewall to the server. Instead we intend to require some port knocking
from the client, which opens access to an openssh server that allows us to
use key based authentication for opening a tunnel to the server.
Complicated, yes, but we have control of the software on the client side
so it should all happen automaticly.
Oscar
|
|
|
0
|
|
|
|
Reply
|
Oscar
|
5/26/2009 9:45:24 PM
|
|
Hi,
Chris Eckert wrote:
> Michael Laajanen <michael_laajanen@yahoo.com> wrote:
>> Hi,
>>
>> How do you or would suggest the login procedure from Internet to a
>> small
>> shops intranet website?
>>
>> https, right but how about authentication?
>>
>> /michael
>
> use a vpn connection.
>
> chris
Such as?
/michael
|
|
|
0
|
|
|
|
Reply
|
Michael
|
5/27/2009 4:39:16 PM
|
|
Hi,
Oscar Endre Edvardsen wrote:
>
> On Tue, 26 May 2009, Michael Laajanen wrote:
>
>> How do you or would suggest the login procedure from Internet to a
>> small shops intranet website?
>>
>> https, right but how about authentication?
>
> Not sure I completely understand your question, so please have me
> excused if my answer is way off. Anyway, I used to work at a place where
> we had an "intranet website" that was accessible from the internet. It
> was located in the DMZ and port TCP/443 was open through the firewall.
> Authentcation was handled by an apache module that talked to a SecureID
> server for two factor authentication. We also used SecureID with openssh
> through PAM, both on Solaris and Linux.
>
> The intranet site was only used for internal communication and we
> accepted the risk that it could possibly be subjected to
> hacking/cracking, as any system connected to the internet can be. We had
> measures in place to ensure confidensiality and availability of the
> data, but not much that could ensure their integrity.
>
> On a project I'm involved with now we plan to not open any ports in the
> firewall to the server. Instead we intend to require some port knocking
> from the client, which opens access to an openssh server that allows us
> to use key based authentication for opening a tunnel to the server.
> Complicated, yes, but we have control of the software on the client side
> so it should all happen automaticly.
>
> Oscar
Right, using a DMZ and a tree legged FW was my first idea and on that
store local users and passwords.
But, then I started to think if that is really needed, the ideal would
be to use same login as on the intranet we have NIS on that for Solaris
and Linux.
So I found some modules for apache that used NIS so I could but the
intranet website on a zone in our intranet, is that totally crazy?
/michael
|
|
|
0
|
|
|
|
Reply
|
Michael
|
5/27/2009 4:42:35 PM
|
|
On May 26, 2:17=A0pm, Michael Laajanen <michael_laaja...@yahoo.com>
wrote:
> Hi,
>
> How do you or would suggest the login procedure from Internet to a small
> shops intranet website?
>
> https, right but how about authentication?
>
> /michael
You might look at Sun's Secure Global Desktop. It does work very well,
not free, of course.
|
|
|
0
|
|
|
|
Reply
|
tim
|
5/27/2009 7:12:22 PM
|
|
hi,
tim.wort@Inklingresearch.com wrote:
> On May 26, 2:17 pm, Michael Laajanen <michael_laaja...@yahoo.com>
> wrote:
>> Hi,
>>
>> How do you or would suggest the login procedure from Internet to a small
>> shops intranet website?
>>
>> https, right but how about authentication?
>>
>> /michael
>
> You might look at Sun's Secure Global Desktop. It does work very well,
> not free, of course.
Thanks, I looks nice I will dig in to that and see.
/michael
|
|
|
0
|
|
|
|
Reply
|
Michael
|
5/28/2009 4:54:13 AM
|
|
|
6 Replies
378 Views
(page loaded in 0.135 seconds)
|
Search |
Post Question |
Groups |
Stream |
About |
Register
25729 articles. 
78 followers. 