Win Integ Auth, dilema on 'pop up' generated by SSL cert

[Magoo]

Here is the problem:
I must publish a Sharepoint site on the Internet (using ISA 2004). At the
same time I must make such sharepoint site available for the internal users
as well.
My question is this, assuming I don't have any sensitive information on this
site, do you agree that it should be OK if I require Windows Integrated
Authentication and do not use SSL ?

The reason is this, if I make the thing work with SSL, for the external
users tha will be alright because the name of the FQDN domain name should
match the certificate name installed on the server.
However, for users accesssing the site from the internal network, that would
generate a pop up to warn certificates don't match.

Please confirm implications of using Win Integrated Authentication only
instead of SSL (Internet use). From my understand that should be secure
enough, but I would like to confirm.

 

[Paul Adare]

microsoft.public.win2000.security news group, Magoo

Please confirm implications of using Win Integrated Authentication only
instead of SSL (Internet use). From my understand that should be secure
enough, but I would like to confirm.

Secure over the Internet? You realize that without SSL all of the data
transferred will be in clear text?
You could always terminate the SSL connection at the ISA server.

--
Paul Adare
MVP - Windows - Virtual Machine
http://www.identit.ca/blogs/paul/
"The English language, complete with irony, satire, and sarcasm, has
survived for centuries without smileys. Only the new crop of modern
computer geeks finds it impossible to detect a joke that is not clearly
labeled as such."
Ray Shea

 

[Magoo]

username/password credentials using during the authentication process should
be protected by Kerberos or NTLM when using Windows Integrated. Am I wrong ?

 

[Magoo]

Ah, and your ideaa should address my problem. I terminate the SSL on the
ISA, so that internal users don't get the certificate-dont-match warning.