Skip to content Skip to main menu Skip to utility menu

How are people securing their Intranets?

Home Forums GovIntranetters How are people securing their Intranets?

Tagged: 

This topic contains 5 replies, has 3 voices, and was last updated by  Gdunn15 3 years, 2 months ago.

  • Author
    Posts
  • #1225

    Gdunn15
    Participant

    Hi everyone,

    Thanks to Luke for creating and sharing such a fantastic theme. This has really helped us with our intranet replacement project. We’re looking forward to being able to launch soon. It should be a massive improvement!

    I think we’ve got most things covered, but the biggest question we have is about authentication and security for the intranet.

    Could anyone shed any light on how you have gone about securing the site? We are a large organisation and like many we use Active Directory on our network. Does anyone have any experience securing a site built with this theme via Active Directory? I’m aware there are some plugins for connecting with AD, has anyone used one?

    Any information on this would be a big help!

    Thanks,

    Gary

  • #1227

    Dazbert
    Participant

    HI There,

    We have done a number of things to secure the site, including locking the server to the GSI network. We are putting a SSL certificate in place once we go live.Ive also got a password generator for when we are creating a new user. You can also do a number of other things such as:

  • Change your login URL
  • Limit login attempts
  • remove any info from error messages
  • have a second admin user in case one gets hacked
  • There are a number of plugins you can use to do the above

    Of course the biggest thing is to have regular backups taken in case of a problem. We are also going to do some pen testing to ensure that any holes can be plugged going forward.

    Hope this helps

  • #1228

    Gdunn15
    Participant

    Hi Dazbert,

    Thanks for getting back to me.

    Please forgive my ignorance, but is the GSI network what has now become PSN?

    We don’t have support internally for MySQL or PHP, so were considering putting the intranet on some cloud hosting that we already have. Our network guys say we need to either secure with authentication via active directory or restrict access by IP address (both preferably!).

    Did you require staff to go onto your intranet and register themselves? Or automate the process?

    Thanks again for your time.

  • #1229

    Dazbert
    Participant

    Hi!

    I guess PSN is the same sort of thing. GSI is the governemnt secure network. We have taken the IP addresses related to this and restricted access that way. We will also have SSL certification authentication in place. We also have minimal MySQL and PhP resource so we are using a managed cloud server and that seems to work well.

    With regards to staff, we are registering staff as thier area of business transferrs content. We are also encouraging people to sign up by offering the staff forums and social areas.

    Hope that helps!

    thanks

    Dazbert

  • #1232

    Luke Oatham
    Keymaster

    Hi all

    I think you’ve covered most things. We normally lock down by IP address so that only staff within the office network or using a VPN connection can view the intranet.

    Luke

  • #1238

    Gdunn15
    Participant

    Thanks Luke and Dazbert,

    We’ll definitely be locking down by IP.

    After a bit of discussion, we are looking at having it hosted on an internal box. We will also be trying out one or two of the AD connector plugins for account creation.

    Hoping to launch at the end of June so lots to do!

    Thanks again,

    Gary

  • You must be logged in to reply to this topic.