How are people securing their Intranets?
2 Jun 2014 at 10:09 #1225
Thanks to Luke for creating and sharing such a fantastic theme. This has really helped us with our intranet replacement project. We’re looking forward to being able to launch soon. It should be a massive improvement!
I think we’ve got most things covered, but the biggest question we have is about authentication and security for the intranet.
Could anyone shed any light on how you have gone about securing the site? We are a large organisation and like many we use Active Directory on our network. Does anyone have any experience securing a site built with this theme via Active Directory? I’m aware there are some plugins for connecting with AD, has anyone used one?
Any information on this would be a big help!
2 Jun 2014 at 14:41 #1227DazbertParticipant
We have done a number of things to secure the site, including locking the server to the GSI network. We are putting a SSL certificate in place once we go live.Ive also got a password generator for when we are creating a new user. You can also do a number of other things such as:
- Change your login URL
- Limit login attempts
- remove any info from error messages
- have a second admin user in case one gets hacked
There are a number of plugins you can use to do the above
Of course the biggest thing is to have regular backups taken in case of a problem. We are also going to do some pen testing to ensure that any holes can be plugged going forward.
Hope this helps
3 Jun 2014 at 11:03 #1228
Thanks for getting back to me.
Please forgive my ignorance, but is the GSI network what has now become PSN?
We don’t have support internally for MySQL or PHP, so were considering putting the intranet on some cloud hosting that we already have. Our network guys say we need to either secure with authentication via active directory or restrict access by IP address (both preferably!).
Did you require staff to go onto your intranet and register themselves? Or automate the process?
Thanks again for your time.
4 Jun 2014 at 14:22 #1229DazbertParticipant
I guess PSN is the same sort of thing. GSI is the governemnt secure network. We have taken the IP addresses related to this and restricted access that way. We will also have SSL certification authentication in place. We also have minimal MySQL and PhP resource so we are using a managed cloud server and that seems to work well.
With regards to staff, we are registering staff as thier area of business transferrs content. We are also encouraging people to sign up by offering the staff forums and social areas.
Hope that helps!
10 Jun 2014 at 19:10 #1232Luke OathamKeymaster
I think you’ve covered most things. We normally lock down by IP address so that only staff within the office network or using a VPN connection can view the intranet.
10 Jun 2014 at 20:08 #1238
Thanks Luke and Dazbert,
We’ll definitely be locking down by IP.
After a bit of discussion, we are looking at having it hosted on an internal box. We will also be trying out one or two of the AD connector plugins for account creation.
Hoping to launch at the end of June so lots to do!
- You must be logged in to reply to this topic.