Re: Allowing Internet Access to MS Project Server

["Paul D. Robertson" <paul () compuwar net>]

On Tue, 2 Oct 2007, D Sharp wrote:

> A IT project Managers would like to install MS Project 2007 server and 
> make that the central repository for all our IT related projects. Since 
> we have significant numbers of out sourced contractors, the team would 
> like external access enabled. Also to keep costs low they would like the 
> server to have a Internet presence. Our server support team would like 
> the server(s) to be part of our internal AD domain.
>
> We have OWA exposed to the Internet, but through a secure proxy.
>
> What would should be some key security areas.

Well, other than the server itself, and the application (which I haven't 
evaluated and don't have an opinion on) the biggest thing I can see is 
that if the application uses the AD credentials, you're creating accounts 
in your domain for third parties.  That means you're going to have to 
track the accounts and permissions carefully, espeically if you have folks 
going from internal employee to consultant.  I'd probably implement a 
seperate directory environment for third parties unless I knew for sure 
that the appropriate group and permission discipline went into every 
system and user.

For internal users, I'm also not a fan of solely using domain credentials 
for Internet applications.  Password re-use and game-over scenarios are just 
too easy, so I tend to put authenticating proxies in front of things like 
OWA.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
paul () compuwar net       which may have no basis whatsoever in fact."
             http://www.fluiditgroup.com/blog/pdr/

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards