A computer physically isolated from your intranet is the safest way to have Internet access, and the easiest to plan and configure. You can install Internet Information Server on it and use Internet Explorer to see and be seen by the Internet. Even the most clever hacker cannot browse your intranet without physical access. Of course, the computer running Internet Information Server is still open to attack and should be securely configured as described in the Internet Information Server Installation and Administration Guide.
Figure 3.7 Physical isolation security model
A limitation to this configuration is that you cannot share files between the intranet and the Internet. You have to use floppy disks or temporary network connections to share information between the two systems.
You can expand this scenario to create a small intranet of user kiosks and IIS servers connected to the Internet server by installing the RIP for Internet Protocol service.
The type of configuration you choose depends on the size of your organization and on how much Internet access you want to give to your users. For example, if you have a single computer connected to the Internet, it runs Internet Information Server. IIS provides information to share with Internet users, and (optionally) serves as an Internet client that uses Internet Explorer or other Internet software. For this computer to serve as an Internet client, however, it must be physically accessible to employees because it is not on the intranet.
To give users in your organization easier access to the Internet, you can set up a physically separate network. This network consists of the Internet server, additional Internet servers (such as additional IIS servers used as mirrors of the primary IIS installation), and individual workstations, or kiosks. The kiosks can be located in conference rooms, hallways, libraries, or in special offices throughout the company. Individuals who are heavy users of the Internet can have kiosks in their offices. The kiosks can be used to retrieve information from your Internet server, to place new information on the server, and to gather information from the Internet at large. This type of scenario, however, requires additional cable installation because all Internet-connected computers are physically separate from your intranet.