Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
N
N
neonox2014-09-08 16:45:46
System administration
neonox, 2014-09-08 16:45:46

How do I set up secure access to the Company Portal?

Good day to all!
There is a corporate portal 1C-Bitrix. It stores all information about the company, customers, etc. Lots of confidential information.
The network architecture is as follows:
- a Mikrotik router with an L2TP + IPSec VPN tunnel
- a computer, ala "server" with Windows Server 2012 (AD with policies configured)
- a Bitrix virtual machine on the same "server"
The server itself is in a separate place, remote from office. Between office and "place" the VPN tunnel is lifted. Remote users can also connect via VPN.
Everything works well and it seems even convenient, but there was one BUT. There was a need to connect to the portal of customers and partners. And they are already uncomfortable / impossible / reluctant to create a VPN connection. This raises the question: how to organize a secure connection to the portal with minimal risk of hacking?
There is only one option, as I understand it - to pull the site out. What to choose?
1. Hosting
2. Leave the site running on the same server
The authorities are afraid to place the site on the hosting, due to a possible data leak. I'm afraid to open access to the site from the server, because if they break, then everyone will break.
What are the convenient, high-quality, effective ways to gain access to the portal?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
R
rain_on_radio, 2014-09-08
@rain_on_radio

Use of ACL to external ip addresses at least. If partners do not want to do vpn.

Report
C
Cool Admin, 2014-09-08
@ifaustrue

Open external SSL access for partners. Set the server not directly, but through nginx with the http -> https redirect.
Bitrix is ​​perfectly protected from vlob attacks. You can put any snort in bridge mode - but this is paranoia_mod

Report
S
Skif White, 2014-12-15
@aslan_im

It is possible to try through WS VPN, and to lift it directly inside. Tobish access will be only from under this VPN, and it will not look at the external Internet.

Similar questions
D
Dmitry2017-08-21 18:43:01
How to fix the error PG::ConnectionBad could not connect to server? 3Reply
J
Justin Bieber2017-01-11 07:48:46
How to manage access to a shared folder in domain zones of a local network? 2Reply
J
j4qn2019-06-04 15:32:48
Wyse SX0 S10 thin clients. how to connect them to the terminal server? 3Reply
S
Sergey2017-01-12 07:07:29
Implementation of 1c-connect into your network by a foreign organization. Minuses? 6Reply
P
Pavel2017-01-13 22:48:16
Is it possible to adequately configure bash ubuntu that is built into windows 10 to work? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question