I have been asked to open up port 80 and send traffic to a internal windows server. An application on the server will then ask for a username and password. I've done this in NAT open ports and forwarded all port 80 traffic to the internal IP. I'm just a bit concerned on the risks of opening up port 80 - can anyone give me some advice?

Many issues this could present you with. First thing to consider is if the Windows Server is a DC or does any other "mission critical" type job. Is it on its own network or is this just part of the man LAN? If that Windows box is for example a file server, then you are inviting all sorts of potential strangers into your network and letting them poke around on a box that could contain data you wouldn't want compromised.

Some would argue that its a reckless action whereas others may shrug thier shoulders. If you lost that box or its data due to a compromise or some other breach - what would the knock on effect be? Cost? Downtime etc. Everything has to be measured & then you can make a call on it.

Ultimately these things come down to money!