Products

Solutions

Resources

Partners

Community

About

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen

HomeHomeUsing DNN Platf...Using DNN Platf...Administration ...Administration ...Isolate Login page to different serverIsolate Login page to different server
Previous
 
Next
New Post
8/30/2017 10:51 AM
 

Hi,

I am the host of a 7.2 DNN website for a company. There are people that are specialized in security that keep telling me:

"Isolate the login page in a different web server that is only accessible by VPN"

To avoid public access on this critical page and that could lead to brute force.

Is this even possible? never heard of it before.

I know there is IP Filters etc, but lets ignore these options.

 
New Post
8/30/2017 11:06 AM
 
Rashid,

our solution is to login on a Web Application Firewall using two-ways authentification (Username/Password, then the user gets a random PIN on his mobile phone that he has to enter). After this he is logged into the domain (with AD credentials) and can get what he is allowed to. Of course you can configure the environment in a way that the WAF Login is only accessible by VPN, but in my eyes this would be a bit of an overkill.

Happy DNNing!
Michael

Michael Tobisch
DNN★MVP

dnn-Connect.org - The most vibrant community around the DNN-platform
 
Previous
 
Next
HomeHomeUsing DNN Platf...Using DNN Platf...Administration ...Administration ...Isolate Login page to different serverIsolate Login page to different server


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out