Re: secured limited access to webaplication

[Matthew Smith <matt@smiffytech.com>]

Quoth randall at 2009-10-20 21:25...
...
>> Personally, I'd be inclined to go for the VPS solution.  That way, your
>> people can get access to other network services - 
> 
> problem would only be that with VPN ALL their traffic would pass my
> server (correct???), this would lead to serious speed/performance
> decrease for all other traffic for most of the clients.

Probably me misunderstanding how your network is configured.

If the application server is connected directly to the Internet, I'd
remove it and have it sitting on an intranet/internal network instead.

Then a gateway - whether a hardware router or another Linux box - would
deal with firewalling and be the endpoint for the VPN.  (I keep saying
VPS - I use VPSs, but not VPNs ;-)

This way, your server would only be getting the requests it has to
handle.  Authentication would be identifying users, but it would not be
the whole security solution - most of that would be handled upstream.

> VPN i guess you ment? it can work with a key AND a password (have not
> implemented this tough since the laptops already have encrypted
> partitions and strong passwords)

That sounds fair enough then.

Cheers

M

-- 
Matthew Smith
Smiffytech - Technology Consulting & Web Application Development
Business:      http://www.smiffytech.com/
Blog/personal: http://www.smiffysplace.com/
LinkedIn:      http://www.linkedin.com/in/smiffy
Skype:         msmiffy
Twitter:       @smiffy