: Do internal intranet websites need to be secure? The question is in the title. Does an internal site need to have https security? For example we have an internal site that handles our client's
The question is in the title.
Does an internal site need to have https security?
For example we have an internal site that handles our client's license keys -- do we need for that to be secure since it is on out internal network?
(The website is secured with IIS and windows user validation)
More posts by @Jamie184
3 Comments
Sorted by latest first Latest Oldest Best
Whenever you use windows passwords to logon you should also use SSL. (This is more vital if you allow basic auth) This is to avoid privilege escalation both for your own users and as a multilayered security strategy.
If you have open wireless access for your visitors on the same network, and it's not served over https then it's easy for visitors to intercept other people's network traffic to your intranet.
If the content on your network is sensitive and there are users who do not have the privileges required to view some or all of that content then you will want to use SSL on your intranet. Fortunately setting up SSL on your Intranet isn't difficult and you can use a self signed certificate since there is no need to verify your company's identy.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.