Poll: Is your school Intranet accessible via the Internet

Be advised that this is a public poll: other users can see the choice(s) you selected.

+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 25
Web Development Thread, External Web Access to IIS 6.0 Server in Coding and Web Development; Hi, Ive recently created a newly designed Intranet for our school full of various features that we'd like kids to ...
  1. #1

    Join Date
    Aug 2006
    Location
    Notts
    Posts
    38
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    External Web Access to IIS 6.0 Server

    Hi, Ive recently created a newly designed Intranet for our school full of various features that we'd like kids to be able to access from home. The IIS (6.0 win 2003) server is part of our domain and has direct access to the Internet via the EMBC proxy server.

    I figured to make it directly accessible from the Internet we request an external IP from EMBC (which we've now recieved). At home if i put the IP into the browser i just get the standard 404 page not found error. In school the Intranet Works, and even using the External IP works. Could this be a configuration issue that hasn't been done on the server, or is this more of a problem regarding DNS / WINS to the IP, in which case i'd have to contact the Helpdesk with?

    The server is set up to require authentication, so when kids access it they will be prompted for their domain credentials.

    Oh, and before anyone mentions the difficulty the kids will have with remembering the IP, we will create a subdomain on the website to the IIS server, but again thats an EMBC issue.

    Many Thanks
    Ryan P

  2. #2

    Ric_'s Avatar
    Join Date
    Jun 2005
    Location
    London
    Posts
    7,592
    Thank Post
    109
    Thanked 770 Times in 598 Posts
    Rep Power
    183

    Re: External Web Access to IIS 6.0 Server

    To begin with, a note to the wise. Be careful what info is available... data protection and all that! Also remember what happened with that 'hacker' kid recently and remember that IIS isn't known for it's invulnerability from attacks.

    Back to your Q... I would check that IIS (and the website) is running on the external interface. Also make sure that the relevant port forwarding (and open ports) is configured in your firewall.

  3. #3

    Join Date
    Aug 2006
    Location
    Notts
    Posts
    38
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Re: External Web Access to IIS 6.0 Server

    Quote Originally Posted by Ric_
    To begin with, a note to the wise. Be careful what info is available... data protection and all that! Also remember what happened with that 'hacker' kid recently and remember that IIS isn't known for it's invulnerability from attacks.

    Back to your Q... I would check that IIS (and the website) is running on the external interface. Also make sure that the relevant port forwarding (and open ports) is configured in your firewall.
    Thanks, I know that there is the chance of being hacked but there won't be any personal information online - just letters to parents, some revision games, homework etc.

    How would i check the website is running on the external interface. Is there an obvious way of checking?

    Thanks

  4. #4

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,990
    Thank Post
    1,359
    Thanked 1,827 Times in 1,134 Posts
    Blog Entries
    19
    Rep Power
    602

    Re: External Web Access to IIS 6.0 Server

    Hi Ryan ... let me just run through a few quick things for setting up remote access to a server via EMBC and you can check them off as you go.

    1. Access Control Lists are everything. Take the internal IP of your server (eg 10.14.12.34) and give the details of it to EMBC as an internet server. There is paperwork for this that has to be signed off by your Head and returned to the nominated person at your LA. Note that for Northants this is slightly different and if you PM me I will point you to the right person. This will then mean that EMBC open up the relevant ports so other schools on EMBC can access your server via IP Address.

    2. DNS truly is everything. Then take the fully qualified host name of your server (eg www.school.county.sch.uk or moodle.school.county.sch.uk) and tell EMBC that this is the hostname for the internal address you have given them ... they will add it to their DNS records and other schools on EMBC can now access your server my the proper name.

    3. External IPs are important too. Now you have a web server, you want your staff and students to access it at home. Tell EMBC that the internal address of x.x.x.x needs a public address. They will work their magic and give you an external IP. This is nice but not perfect ...

    4. DNS once more becomes everything. Politely remind the folks over at Fujitsu Services that the external IP points to the same IP that hostname.school.county.ch.uk points to ... can they ensure that the same hostname points to the external IP too? Once again, take advice on paperwork needed to make this happen.

    5. Relax and enjoy.

    Ok ... there are some caveats.

    Firstly, under instructions from DfES and Becta, RBCs will happily deal with .sch.uk domains ... these are the domains specifically set up for schools. They will even deal with .ac.uk ... but these really should be dealt with by UKERNA. There are some RBCs that will deal with other domains but EMBC only deal with Nominet as a Registrar and subsequently will only deal with .uk domains ... Fujitsu Services are under clear instructions not to handle anything other than .sch.uk domains ... please do not give the folks on the helpdesk grief over this ... it is not their fault.

    If you do have a different domain then speak to your LA ICT Guru ... you may be able to negotiate, but it is doubtful without good grounds ... and they will probaby tell you to wait whilst they work with sorting another school out who is testing all this ...

    Again ... try not to give them a hard time ... they will not move to fast on this until I am happy it works (yep ... my fault again ... sorry folks).

    Back to the DNS. Make sure you have the correct DNS entries in your own domain and that the DNS headers are reflected in your site properties in IIS. Basically it means that if you use the domain flibble.local within school you must also have dns records for flibble.county.sch.uk too ... and that you have the headers set to *all* in IIS.

    Then we have to look at whether you are using ISA in front of the web server too ... or some sort of firewall appliance. Do you go straight out or via ISA or other proxy first on this server? Is it firewalled off?

  5. #5

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,990
    Thank Post
    1,359
    Thanked 1,827 Times in 1,134 Posts
    Blog Entries
    19
    Rep Power
    602

    Re: External Web Access to IIS 6.0 Server

    Quote Originally Posted by ryan_powell
    How would i check the website is running on the external interface. Is there an obvious way of checking?

    Thanks
    An easy way of checking that the web server is running on the EMBC internal address (eg 10.12.14.36) would be to ask another local school to try and access it via that IP. If they can access it then the port forwarding / ACLs are working and it may just be the exertnal to internal NAT that is not working with the EMBC ... if you give the EMBC helpdesk a ring they can check the EMBC internal address befoer checking the external one.

    Occasionally they may send a message back saying something is done *pending* receiving the paperwork from your LA ... check with this.

  6. #6

    Join Date
    Aug 2006
    Location
    Notts
    Posts
    38
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Re: External Web Access to IIS 6.0 Server

    Hiya GrumbleDook, We completed the external IP request form on EMBC's webview. Which after some time they got back to use with an Ip address. If it's important the IP they gave us is 213.249.???.???.

    Any ways, we don't use ISA and the server is behind the EMBC firewall, we don't have local firewalls as EMBC claims they 'should' be suficent.

    4. DNS once more becomes everything. Politely remind the folks over at Fujitsu Services that the external IP points to the same IP that hostname.school.county.ch.uk points to ... can they ensure that the same hostname points to the external IP too? Once again, take advice on paperwork needed to make this happen.
    Is this only relevent if we want our school website to be hosted on the IIS server. The current plan is to still host the school website with EMBC and merely put either a link back to the IIS server on the site or create a subdomain.

    Sorry if i seem a little 'thick' on some of this stuff. I've never done this before, tis a very exciting time for me

    Cheers

    P.S Sorry wrote this message whilst you posted your second response, so it may not make too much sense reading on from the previous msg.

  7. #7

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,990
    Thank Post
    1,359
    Thanked 1,827 Times in 1,134 Posts
    Blog Entries
    19
    Rep Power
    602

    Re: External Web Access to IIS 6.0 Server

    Quote Originally Posted by ryan_powell
    Hiya GrumbleDook, We completed the external IP request form on EMBC's webview. Which after some time they got back to use with an Ip address. If it's important the IP they gave us is 213.249.151.2.
    What is the EMBC internal address of the server?

    Any ways, we don't use ISA and the server is behind the EMBC firewall, we don't have local firewalls as EMBC claims they 'should' be sufficient.
    *SNORT*

    Sorry ... knee-jerk reaction ... I have to admit to being distrusting of this ... this relies on a number of things that I am not 100% happy about and until I am I would rather be careful ... and then we have the other issue of not wanting to have to change the way we run our network internally ... so our firewall also is out NAT device too

    4. DNS once more becomes everything. Politely remind the folks over at Fujitsu Services that the external IP points to the same IP that hostname.school.county.ch.uk points to ... can they ensure that the same hostname points to the external IP too? Once again, take advice on paperwork needed to make this happen.
    Is this only relevent if we want our school website to be hosted on the IIS server. The current plan is to still host the school website with EMBC and merely put either a link back to the IIS server on the site or create a subdomain.

    Sorry if i seem a little 'thick' on some of this stuff. I've never done this before, tis a very exciting time for me

    Cheers

    P.S Sorry wrote this message whilst you posted your second response, so it may not make too much sense reading on from the previous psg.
    The full hostname is still desirable. The whole system of DNS was setup so people don't have to remember number ... if your website (hosted on EMBC) is www.school.county.sch.uk then make the intranet server (now an internet server) stuff.school.county.sch.uk ... this can also make life easy for checking things. It means that whilst in school you can interogate the EMBC DNS boxes to see if they truly do point to the IPs you want ...

    If you let me have the internal address I will vpn in and check to see if I see it.

  8. #8

    Join Date
    Aug 2006
    Location
    Notts
    Posts
    38
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Re: External Web Access to IIS 6.0 Server

    GrumbleDook ill PM you the details as i'd rather not post everything live on the forum. Is it just the internal IP and host name ('server.domain.lea.sch.uk' format) of the server that you want?

  9. #9

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,990
    Thank Post
    1,359
    Thanked 1,827 Times in 1,134 Posts
    Blog Entries
    19
    Rep Power
    602

    Re: External Web Access to IIS 6.0 Server

    I was going to suggest that you get some form of IM running and add me as a buddy / friend / freak ...

    MSN Messenger or AIM / iChat is best for me.

  10. #10

    Join Date
    Mar 2006
    Posts
    537
    Thank Post
    2
    Thanked 3 Times in 2 Posts
    Rep Power
    19

    Re: External Web Access to IIS 6.0 Server

    Quote Originally Posted by ryan_powell
    Thanks, I know that there is the chance of being hacked but there won't be any personal information online - just letters to parents, some revision games, homework etc.
    Even if you don't think the web server contains no valuable information,
    it is machine on the internal LAN.
    If it is compromised a hacker is just a hop away from getting at something really juicy like a domain controller, email server or the file server whch has pupil reports, staff appraisals etc.

    The usual advice is to put an externally facing server in the DMZ. You are lucky in that your server doesn't require Active Directory authentication or access to the SIMS database.

    @Ric_
    To be fair to MS, although IIS4 was like Swiss cheese and IiS5 less so, version 6 hasn't had any really jaw droppingly bad flaws.

  11. #11

    Join Date
    Aug 2006
    Location
    Notts
    Posts
    38
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Re: External Web Access to IIS 6.0 Server

    ITWombat i've been researching some of the security implications you mentioned prior to your concern. I think IIS 6.0 is prety secure, and although GrumbleDook will Snort i'm confident in EMBC's ability of supreme Server protector(s).

    Active directory authentication is (or will be) required in order to access the server from the internet. That should stop kids and people fooling around from being able to access any information. But ofcourse I think anyone really wanting to hack the server will probably manage it. Think about Microsoft they effectively invented computer secuity (don't laugh) and they still get hacked on occasion (don't laugh).

    And Sims.Net data and private pupil / staff info is all located on the admin domain which is locked down edIT and required further authentication.

    Hopefully we'll be pretty secure \\/

  12. #12

    Join Date
    Oct 2005
    Location
    hey hey hey, stay outta my shed. STAY OUT OF MY SHED.
    Posts
    1,080
    Thank Post
    260
    Thanked 213 Times in 164 Posts
    Rep Power
    111

    Re: External Web Access to IIS 6.0 Server

    Quote Originally Posted by Ric_
    To begin with, a note to the wise. Be careful what info is available... data protection and all that! Also remember what happened with that 'hacker' kid recently and remember that IIS isn't known for it's invulnerability from attacks.
    I think you'll find that this 'legend' does not apply to IIS 6 in any shape or form. In fact if you just want to sit down and count numbers of vulnerability patches for each product (flawed I know, but people seem to like doing it) you'll find it compares favourably to Apache.

    I'd certainly agree with worrying about data protection. In my experience though most breaches of data security / integrity of that kind tend to come from human error - What price the foolproof security system when all your teaching staff log into it and walk out of the room for half an hour leaving confidential personal student information up on the screen. Or (my favourate this one!) check their emails and read confidential ones on a computer connected to the classroom projector!

  13. #13

    Join Date
    Aug 2006
    Location
    Notts
    Posts
    38
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Re: External Web Access to IIS 6.0 Server

    Hi. Anyone have any ideas...

    We've now got the server visible from the Internet after emailing the helpdesk.

    Anyway. When we put the Server Public IP address into the browser i get the enter credentials message come up. I enter my administrative credentials and the server accepts them. However it returns an error page stating that there could have been a DNS Error or the page is unavailiable.

    Inside school, the server works. although I cannot access the hosted Intranet using the server itself. E.g. Entering http://odyssey on a workstation opens the Intranet. But entering it in the server's browser or using the Public IP off-site returns the DNS / Page Unavailable error.

    Any Ideas?

    Thanks

  14. #14

    Join Date
    Aug 2006
    Location
    Notts
    Posts
    38
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Re: External Web Access to IIS 6.0 Server

    Quote Originally Posted by ryan_powell
    Hi. Anyone have any ideas...

    We've now got the server visible from the Internet after emailing the helpdesk.

    Anyway. When we put the Server Public IP address into the browser i get the enter credentials message come up. I enter my administrative credentials and the server accepts them. However it returns an error page stating that there could have been a DNS Error or the page is unavailiable.

    Inside school, the server works. although I cannot access the hosted Intranet using the server itself. E.g. Entering
    Code:
    http://odyssey
    on a workstation opens the Intranet. But entering it in the server's browser or using the Public IP off-site returns the DNS / Page Unavailable error.

    Any Ideas?

    Thanks

  15. #15

    webman's Avatar
    Join Date
    Nov 2005
    Location
    North East England
    Posts
    8,413
    Thank Post
    642
    Thanked 964 Times in 664 Posts
    Blog Entries
    2
    Rep Power
    327

    Re: External Web Access to IIS 6.0 Server

    Quote Originally Posted by ryan_powell
    I think IIS 6.0 is prety secure
    8O :?

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Sharepoint Learning Kit External Access
    By adamt82 in forum Virtual Learning Platforms
    Replies: 4
    Last Post: 7th November 2008, 11:34 AM
  2. Sharepoint Services 3.0 External Access
    By adamt82 in forum Virtual Learning Platforms
    Replies: 2
    Last Post: 21st April 2007, 12:09 PM
  3. External Access to Public Area
    By mrforgetful in forum How do you do....it?
    Replies: 8
    Last Post: 15th November 2006, 02:04 PM
  4. External student email access
    By Norphy in forum How do you do....it?
    Replies: 30
    Last Post: 10th November 2006, 12:24 AM
  5. External IMAP or POP3 access through AD and LEA ISP
    By contink in forum Wireless Networks
    Replies: 10
    Last Post: 14th September 2006, 11:07 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •