two web sites - one secure and one not

[bookouri]

I have an IIS 5 server providing public web pages right now. Id like to give employees access to private data/pages etc. using the same server. What is the best method to accomplish this? I can program ASP pages make them login but if I understand right, IIS/NT can be set up to handle the logins. The security must be as secure as possible due to the nature of the private data.

any suggestions regarding the right course to take would be appreciated...

 

[wushutwist]

First suggest is to use a separate server because the internet server is probably in the DMZ and if it is compromised, game over. Second, use SSL combined with BASIC authentication for a quick and easy solution, problem is that each user will need to be created in IIS unless NT security is used. This could be a major task if there are a lot of users. Third, in combination with SSL you could write a custom security solution using ASP. Wushutwist

 

[bookouri]

Does SSL require purchase of expensive certificates of Authority and all that stuff. I seem to remember reading something about that.

I can use NT security (my existing domain security) or I could create special users on the server in the DMZ. I really dont know the pros and cons of all the options.

thanks for the comments

 

[peterve]

you can set up your own CA for assigning certificates... Peter Van Eeckhoutte
peter.ve@pandora.be

Did this post help ? Click below to let me know ;-)