Migrating Company Intranet to Cloud - Security

Discussion in 'Security' started by Ryan P., Jul 27, 2017.

  1. Ryan P.

    Ryan P. New Member

    Hi All,

    Not very well versed in this type of thing so all suggestions are appreciated. We currently have an in house server for a small company running a host of PHP / SQL based intranet apps.

    It's taking up far too much of my time to maintain this server in house. I already have a VPN with web / email hosting with KH (which has been awesome.)

    Looking to migrate my intranet to the cloud. Issues I see are the apps that we're using aren't hardened at all. They have basic user authentication for local employee security but nothing I'd trust out on the web.

    One idea I've had is request the VPN firewall be set to only allow our dedicated office IP address to access specific directories.

    Is there a better solution? Perhaps something hardened that once logged in allows softer access to our suite of hosted apps?

    Thanks in advance for your ideas.
     
  2. KH-Jonathan

    KH-Jonathan Director of Managed Services Staff Member

    If it only needs to be accessible by internal employees and assuming it's an office with a static IP or range of IPs, the firewall could simply disallow all incoming traffic to ports 80/443 except for from specific whitelisted ranges.
     
  3. Ryan P.

    Ryan P. New Member

    Great, is that a fairly secure way to proceed? I don't know how easy IP spoofing is.

    To be honest, the data is not massively critical (more scheduling based) but may include some client specific information that we would want to protect as best we can.
     
  4. phpAddict

    phpAddict Active Member

    IP spoofing on the internet is pretty hard, I'd say nearly impossible, as you need an ISP willing to spoof it, be on the same subnet, and it would cause the true owner of that IP's entire network to loose their internet connection. On an internal network it's usually easy to spoof an IP, but that doesn't affect public IPs. I'd say you're mostly safe with the method Jonathan suggested. The only vulnerability is say someone managed to get remote access to one of your client's systems and found a link to access your intranet.
     

Share This Page