This seems really basic, but I couldn't find an answer already ... we are looking to deploy a website to an IIS server, and a database to a separate server. We aren't sure how to best secure this for access by internal users and internet.
The IIS Server is not connected to the domain, and neither is the database at the moment. Should it be? Also, if we use SQL Server authentication instead of Windows Authentication, should we just hard-code the user/password into our internal apps?
I guess it comes down to if you trust your domain administrators and the domain. If you suspect the domain administrators are corrupt and the most likely hackers to attack your system, you might not want to join the domain, otherwise, joining the domain should have security benefits, such as participating in group policy.
When SQL and IIS are on different boxes, often the best you can get is sql authentication because setting up delegation is tricky and many server admins don't know how to do it. If you can figure it out, windows authentication is preferable.
If you can't avoid using passwords, encrypt passwords when you can.
There's a few questions here:
A.
HELL NO!!
It's 2011, I would even question why your hosting the website on the same premises as your internal users. unless your premises are actually in a datacentre & then you'd want to make sure the internet facing boxes are in a DMZ or a totally seperate network. Cost is no excuse, there are many VPS's out there that can probably do better for cheaper then what your doing internally.2. Q. How to best secure this for access by internal users and internet?
A. Assuming your internal users are your sysadmins, only give your sysadmins access in through rdp, block all other traffic in/out of your internal network & the public facing boxes. If their needs are more complex, consider setting up a non point-to-point vpn for them.
3. Q. If we use SQL Server authentication instead of Windows Authentication, should we just hard-code the user/password into our internal apps?
A. This is really an application design option. Avoid storing connection strings in clear text with hardcoded passwords! Yes, the best way to avoid it is to use windows authentication. Assuming your using something like asp.net there are ways of encrypting the web.config even if the application doesn't support encryption.