Any solutions re IIS security concerns with access to project server via extranet

[Android]

I understand there are some security concerns with providing extranet
access, because of IIS's security vunerabilities.

Is anyone aware of a solution?

Android.

 

[David Gage - Project MVP]

I don't know of any special IIS vulnerabilities with Project Server that
don't exist with normal external websites.

Take a look at the following KB article to run IIS Lockdown to further
secure Project Server.

http://support.microsoft.com/default.aspx?scid=kb;en-us;316398&Product=prjsvr2002

I am primarily referring to Project Web Access through an extranet
connection. If you are trying to connect Project Pro with Project Server
through an extranet then I have a few issues for you.

#1 - You will need to open up the SQL port so that Project Pro can connect
to the Project Server database. You could change the SQL port from the
default using cliconfg.exe on the server and clients but you are still
looking at opening a port to the database, which is definitely a security
risk.
#2 - Even if you don't mind opening the SQL port, there is still a MAJOR
performance hit in using Project Pro through a WAN/Extranet connection. The
recommended way around this is to use Terminal Services or Citrix.

 

[Android]

Thanks for the info.

I was not planning to give access via Project Pro. Only through Project Web
Access.

Android.

 

[Terrapin]

The article mentioned at this URL applies to the IIS lockdown tool with Project Central and Project Server 2002. Would the same procedure apply to Project Server 2003 running on Windows Server 2003? Thanks

http://support.microsoft.com/default.aspx?scid=kb;en-us;316398&Product=prjsvr200