+ Post New Thread
Results 1 to 8 of 8
Web Development Thread, External Access for Internal DB in Coding and Web Development; Hello Can someone confirm or point me in the right direction for what i would need to do to allow ...
  1. #1

    Join Date
    Oct 2007
    Location
    scotland
    Posts
    45
    Thank Post
    15
    Thanked 1 Time in 1 Post
    Rep Power
    0

    External Access for Internal DB

    Hello

    Can someone confirm or point me in the right direction for what i would need to do to allow staff external\remote access to our school reporting system.
    Currently the system is available in school via intranet. The system is a simple set of html\asp front end webpages that are linked to a backend ms access database.
    It worked well in parts this time around (first time in use actually)the one problem was staff completing reports at home, to do so they saved pages to a usb stick took them home and then brought them back in completed and then uploaded those pages. Simple enough but it caused problems.
    So for next term allowing them external access would be make life easier.

    I did not write the web pages or do the initial setup and have little asp coding experience hence my question..
    So what do i need to do to set this up for next time around? Is it a simple case of creating an external address doing a nat on the firewall to point to the internal server and the iis\asp pages take care of themselves or do i need to recode any pages?
    thanks for any pointers..
    gmiller

  2. #2

    tmcd35's Avatar
    Join Date
    Jul 2005
    Location
    Norfolk
    Posts
    5,243
    Thank Post
    772
    Thanked 804 Times in 670 Posts
    Blog Entries
    9
    Rep Power
    299
    Are you connected to the internet via a LEA provided connection or your own school purchased ISP connection?

    If your school internet is via your LEA then you will need to speak to them to see if it is at all doable. You may want to look at off-site web hosting and copy the internal web pages off onto a remote web server.

    If you have your own direct internet connection from an ISP you've chosen yourself it may be a case of knowing your external IP address and some port forwarding on your router.

  3. #3

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    10,686
    Thank Post
    824
    Thanked 2,570 Times in 2,187 Posts
    Blog Entries
    9
    Rep Power
    731
    If there is any access to student names or details which I am sure there is you will need at least strong passwords and SSL encryption on the pages otherwise the DPA will eat you and the school for breakfast.

  4. #4

    Join Date
    Oct 2007
    Location
    scotland
    Posts
    45
    Thank Post
    15
    Thanked 1 Time in 1 Post
    Rep Power
    0
    @tmcd35: no LEA connection, school purchased ISP. So have easy to firewall for changes.

    @SYNACK: yep currently have strong password policy in place for staff logins. at least 8 long, one capital one number.
    SSL cert is a definite yep thanks for that.

    On the security aspect, is there an app that i can install that will prompt for a generic username\password that i give out staff, once thats entered staff will then get prompted for their own username and password, or is that overkill?

    anything else to consider.
    thanks
    gmiller

  5. #5

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    10,686
    Thank Post
    824
    Thanked 2,570 Times in 2,187 Posts
    Blog Entries
    9
    Rep Power
    731
    Quote Originally Posted by gmiller View Post
    On the security aspect, is there an app that i can install that will prompt for a generic username\password that i give out staff, once thats entered staff will then get prompted for their own username and password, or is that overkill?

    anything else to consider.
    Might be difficult to do it this way as the windows authentication will only ask for one set of credentials. If you really wanted to go for high security then you could use your own certificate server and generate individual user tokens but that would be pushing it. I would say that as long as they have ok passwords and ok security - like they don't have it on a postit on their classroom computer - this should be fine.

    Aditionally do you have an ISA server as this can actually be used to handle user authentication and isolate the internal server from any intrusions untill the user is propperly authenticated. It can also filter http resuest headers to help prevent hacking attempts.

    Just to check does your schools link have a static ip address which can be aliased by a subdomain of your current school domain name? A nice subdomain like tests.myschool.uk is much better than 127.168.244.302 for people to remember and it becomes even more difficult if your IP is not static.

  6. #6

    tmcd35's Avatar
    Join Date
    Jul 2005
    Location
    Norfolk
    Posts
    5,243
    Thank Post
    772
    Thanked 804 Times in 670 Posts
    Blog Entries
    9
    Rep Power
    299
    Dyndns can help out if your IP address is not static. Gives you an easy to remember url - myschool.dydns.org - and remaps it's IP everytime your ISP changes it.

    Also, are you hosting any external websites from your internal network at the moment? Such as the schools website? If so you'd need to pick another port to redirect as port 80 is likely to be taken up by this.

    So 127.168.244.302:2455 or myschool.dyndns.org:2455 - using port 2455 instead of port 80 and forwarding incoming requests on your router for port 2455 to port 80 on the internal server hosting the reporting pages.

  7. #7

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,476
    Thank Post
    1,305
    Thanked 469 Times in 306 Posts
    Blog Entries
    6
    Rep Power
    198
    Ive done this exact same thing for our reports system. I had our ISP create a record for subdomain reports.ourschool.co.uk and then forwarded port 80 to our webserver.

    SSL encryption for the connection, and it just uses the built in authentication and they log in with their domain usernames and passwords. I also created a page where I can see who is logged in and what IP theyre coming from. Ill give you a copy if you like.

  8. #8

    Join Date
    Oct 2007
    Location
    scotland
    Posts
    45
    Thank Post
    15
    Thanked 1 Time in 1 Post
    Rep Power
    0
    No ISA server - perimeter security is on my ever growing hit list. currently its an outdated pix firewall thats patched but end of life and no longer supported.. honest its on my to do list!

    Yep static ip and can have a sub domain as you suggested. currently have owa available using an address as a subdomain like your suggestion.

    thanks for your help.
    gmiller

SHARE:
+ Post New Thread

Similar Threads

  1. Route external web to internal in DNS
    By Gatt in forum Wireless Networks
    Replies: 1
    Last Post: 11th November 2008, 03:18 PM
  2. External access for students
    By steve_nfi in forum General Chat
    Replies: 16
    Last Post: 30th September 2008, 10:31 PM
  3. External Joomla to internal LDAP
    By MK-2 in forum Web Development
    Replies: 5
    Last Post: 12th December 2007, 11:01 AM
  4. Multiple internal website access with one ip from the net
    By binky in forum Wireless Networks
    Replies: 2
    Last Post: 5th November 2006, 05:14 PM
  5. Internal/External Email with ISA and Exchange 2000
    By Ueline in forum Wireless Networks
    Replies: 5
    Last Post: 7th December 2005, 11:00 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •