Need suggestions for demo'ing client work securely

[blu at vl.com (Tom Metro)]

kirblam at comcast.net wrote:
> ...I'm looking for suggestions for demo'ing client work that's more
> secure than simply opening up port 80. And I'd like to assume that there
> could be more than one client in the future so it should be something
> that could be repeated "n" times.

The simplest and most secure (with respect to your LAN) solution is to 
simply outsource this problem and purchase web hosting services. See the 
recent thread on web hosting providers.


> I have a Suse 9.3 box running behind a Linksys WRT54GS. My ISP is Comcast.
> My skills are mainly web development (12 years) not administration...

If you do go for an "in-house" solution, I wouldn't recommend a VPN for 
accessing a site that will be used as a demo or staging site for 
multiple clients. The overhead of installing VPN software and getting it 
working will inconvenience your clients.

SSL, as Derek Atkins suggested, is probably the next step in the right 
direction.

Better yet, upgrade your Linksys WRT54GS to a higher-end router that 
supports a real DMZ, place your Suse box into the DMZ and dedicate it to 
web hosting (i.e. remove any sensitive information, such as mail 
archives, from the machine). Install a software firewall on the machine, 
run intrusion detection software, and keep it current with patches.

If you want to be more adventurous, install OpenWRT on your Linksys 
WRT54GS, and save the cost of upgrading to another router.

  -Tom

-- 
Tom Metro
Venture Logic, Newton, MA, USA
"Enterprise solutions through open source."
Professional Profile: http://tmetro.venturelogic.com/