How to grant access to Intranet site to External Users?

Question

Our company recently acquired few small companies. We are in the transition for getting all the files and documentation. I created a "Document Center" site for this project.

What is the best way give access to external users for our intranet site?

Thanks

Answer 1

Have them VPN in and then access it the same way everyone else does. Seriously. Opening up your Intranet site to the Internet is inviting no end of trouble and security risks.

For example, is your intranet farm completely up to date on its patches? How about the underlying OS? Does the service account that is used for the exposed application pool have any additional permissions? Has it been white-hat tested in any way?

How bad would it be if a hacker were to gain access to your Intranet site? Is there compromising data on there? Passwords? Server listings? Financial data? HR Data?

If this really has to happen and you don't have the option of standing up another farm in the DMZ, I'd recommend creating a completely new Web Application that uses a completely new Service account with the least privileges possible. Then configuring your firewall to allow traffic to that web app and only that web app and only on the specific port (preferably SSL). Bear in mind, this just reduces the risk but you are still in serious trouble if someone gets through. This is also NOT recommended by Microsoft in any way nor would I advise having something like this up 5 seconds longer than you absolutely need to. If you can disable it for non-working hours, so much the better.

Again, the VPN is really your best option for this.