Bridging the Firewall - Just how risky is it?

[Al Smith]

Hi,
We have had a website up and running for about two years now. It contains mostly ASP pages that allow our field personell to perform functions on the main computer, such as closing out service orders, inventory transfers between warehouses, etc. over the internet.

The website is running on an NT 4.0 and IIS5. The computer has a public IP address and is also connected to our intranet.

The data center now wants to shut down the website because of security concerns. "Someone could gain access to our internal network through the public IP."
Needless to say this is not going over well. We would have to hire about 5 people to simply perfom the functions now being done by the field personell themselves. Also the time delay is a concern.

It seems to me that after two years with no problems that the data center is being overly cautious.

Any input?

Thanks,
Al.

[sail3005]

i don't really understand what you are asking...

[JoshT]

There concerns are valid. Remember that nothing is ever completely secure.

Is the Web Server a stand-alone server or a member of a windows domain? There's less to worry about if its stand-alone.

Do you have all the IIS security patches up to date?

It seems to me that after two years with no problems that the data center is being overly cautious.

That statement is really bad logic. The amount of web server hacking has increased exponentially over the years. Do you audit your logs - I'd be surprised if the "kiddies" haven't at least sniffed your server a few times.