Not sure if this is the right place to post this( i hope it is).
Yesterday I installed Umbraco 5( with the network administrator) on the server ( windows server 2003) of the company where i work. They also have other applications running on that server ( and of course they have to be able to run non-stop).
My question is, how safe is it to have Umbraco and the external website im trying to build on the company's server?
Yesterday evening i got an e-mail from the network administrator in which he says he strongly suggest we do not host the website on the company server; if there is a problem or a bug with the website then hackers could exploit this weakness and bring down the whole network. The letter also says they can't guarantee us protection if the new website comes on the server.
Thing is im a beginner when it comes to such things ( i actually have to work here for 6 months as an asignment from my university ) and my new boss has asked me for a reply. I can't really think of a proper answer ( i did try to find more info, but i suppose my language is not good enough when it comes to these things), so im wondering if anyone here on this forum does?
Well, AFAIK using umbraco 5 already is risky in the first place, because it's a CTP, not even alpha, beta or final. The software hasn't been finished yet, so there is a real chance security issues do exist.
Why do you want to use umbraco 5 at this point already?
It is IMHO indeed a good idea to not install an external web site on server within a company's internal network. There can be different scenario's for running things in a safer way, but this depends a lot on the company's policies regarding security. So I guess it is actually your network admin who should be telling you how to do this...
One way of solving this is of course hosting the site at an external hosting provider. Another way is to host the site on a separate company server that is accessible from the outside but that has no access to the company's internal network. Or very limited access through firewall etc., like for example for accessing a database server.
I did not want to get too technical in my previous post but DMZ is indeed something to use / take into account to add up security. And like you say, this is work for the network admin :-)
how safe is umbraco?
Hi,
Not sure if this is the right place to post this( i hope it is).
Yesterday I installed Umbraco 5( with the network administrator) on the server ( windows server 2003) of the company where i work. They also have other applications running on that server ( and of course they have to be able to run non-stop).
My question is, how safe is it to have Umbraco and the external website im trying to build on the company's server?
Yesterday evening i got an e-mail from the network administrator in which he says he strongly suggest we do not host the website on the company server; if there is a problem or a bug with the website then hackers could exploit this weakness and bring down the whole network. The letter also says they can't guarantee us protection if the new website comes on the server.
Thing is im a beginner when it comes to such things ( i actually have to work here for 6 months as an asignment from my university ) and my new boss has asked me for a reply. I can't really think of a proper answer ( i did try to find more info, but i suppose my language is not good enough when it comes to these things), so im wondering if anyone here on this forum does?
Well, AFAIK using umbraco 5 already is risky in the first place, because it's a CTP, not even alpha, beta or final.
The software hasn't been finished yet, so there is a real chance security issues do exist.
Why do you want to use umbraco 5 at this point already?
nope, wait, sorry, my bad. I installed umbraco 4.
Hi Roxana,
It is IMHO indeed a good idea to not install an external web site on server within a company's internal network. There can be different scenario's for running things in a safer way, but this depends a lot on the company's policies regarding security. So I guess it is actually your network admin who should be telling you how to do this...
One way of solving this is of course hosting the site at an external hosting provider. Another way is to host the site on a separate company server that is accessible from the outside but that has no access to the company's internal network. Or very limited access through firewall etc., like for example for accessing a database server.
Hope this helps.
Cheers,
Michael.
Hi again and thanks for the answer, it really helped.
It seems my boss wants to get a newer server for the company's main applications, so Umbraco may stay where it is.
I also found online something about DMZ, to add up on security. (not something i can set up, but definitely something for the network admin)
Greetings,
Roxana
Hi Roxana,
Good news!
I did not want to get too technical in my previous post but DMZ is indeed something to use / take into account to add up security. And like you say, this is work for the network admin :-)
Good luck further!
Cheers,
Michael.
is working on a reply...