Digital certificates vs. demilitarized zone

[proactive]

I have an intranet application, and now I want to let external users have access to it. Their task is to insert data into my application, not fetch any data. My server is hidden behind a firewall, and it's not yet accessible from the internet. The administration is concerned with security issues, so I have to create a secure environment.

Now, I have two possible solutions:
1. I can use digital certificates to authenticate the external users. It might seem like a huge job to provide everyone with a digital certificate, but that's ok. Also, I can set the firewall to only accept connections from a range of IP-addresses, as the external users have static IP's and won't be using the service from any other place than that.

2. I can put a server on the outside of the firewall (demilitarized zone), and create an application that will recieve a post from the external users and transport data thorugh the firewall and into my intranet application. Unauthorized users who post me data they're not supposed to won't be a problem, since I'm able to remove data that's not supposed to be inserted into the intranet application.

It seems both solutions will do, but I think no 1 is the better because digital certificates should be safe, and will remove the overhead of the extra server. And digital sertificates is kinda hot these days, so it's gonna make me look good

Anyway, has anyone got oppinions?

[niboreon]

Just an idea: Why not do both?

I'm always in favor of separating front-end processes from back-end processes. It's more work but the justification is in the redundancy you will be providing ... should one machine or the other go down you will be back into production sooner and have more time to solve the problem rather than donning your fire-fighter gear

First, I'd set up the outside machine.
Then, I'd set up the authentication mechanisms.
Then, I'd encrypt the data on the pass through and decrypt on the receipt.

Create a multistage project plan doing one step at a time, but always with the larger goal in mind.


That's 0.02cents worth.

[proactive]

niboreon: Of course that would be the best solution. But I don't think I'll have time to do both. I'm not sure it's nessecary either, but for the best security... I agree.

[niboreon]

Wholeheartedly, I agree that it's important to weigh the cost, time and goals factors into the equation.

Q: *HOW* secure does it need to be?


YASP = Yet Another Spare Time Project

Time is the enemy we all have to fight! That's why I suggested that you set it up as a multi-stage project plan.

Set a long term schedule, estimating time and costs and resources.


You had mentioned:

And digital sertificates is kinda hot these days, so it's gonna make me look good

So I assumed it would be new for you to deploy and therefore take longer than launching the 2nd machine. Do whichever option you "already" know and have the resources available to complete and get the users into production asap ... especially if this will generate revenue either indirectly or directly ... make it clear that further enhancements would be forthcoming. This meets production goals and gives you time for "professional growth".

[gold eagle]

If you have time - do both. I use both but the beauty is - I get someone else to pay!