Security Basics mailing list archives
Re: Windows 2003 SBS for web server?
From: "Dan Tesch" <dan.tesch () comcast net>
Date: Fri, 18 Feb 2005 07:48:44 -0600
Jonathan- Thanks for the input, maybe I should clarify a little; The company I am working with already has two W2K IIS servers and we are replacing the hardware w/newer & faster - one box already went up with Server 2003 and we are now building the next - my question was regarding having an available license of SBS to use - our only requirement is IIS6 and load bal. which this contains. Specifically, I wanted to know if there is anything else I should be aware of outside of the normal securing and hardening of IIS which for this company - switching to an alternative is not on their agenda. I already did the install and after the normal 2003 install the server booted and asked to continue the install to which I replied cancel and a shortcut was left on the desktop to continue w/the other two disks for I guess Exchange. I have never managed a SBS and I thought I read something about a separate line of SP's - is this infact the case? do they come out at the same time as normal SP's? from a security standpoint is anything else different about a SBS edition? - I don't anticipate even setting up a domain - just left it at a workgroup - file sharing and client are unbound and I am going through hardening guidelines as if this were a normal 2003 server -am I missing something? Thanks
Do you really want to expose a Windows/IIS server to the Internet? Are you planning on storing any sensitive data on it? If you really want to use IIS, I'd strongly recommend that you (a) put it in a DMZ, (b) run ONLY IIS on that box, (c) rename the administrator account, and use that account/passwd combo on THAT box ONLY, (d) use the ODBC logging feature of IIS to log your IIS accesses & errors to a database server (you can run MySQL for free on an internal host, and install the MySQL ODBC drivers on the IIS box). If you don't have to run Active Server Pages (or any other dynamic content), consider a minimal installation of any Linux distro running the TUX web server. Much faster and easier to secure than IIS or Linux + Apache. If you DO need ASP, stick to IIS. If you can use PHP/JSP/Perl/CGIs, then consider Linux + Apache. Thanks & HTH Jonathan GlassOn Wed, 16 Feb 2005 09:23:25 -0600, Dan Tesch <dan.tesch () comcast net> wrote:Hello, can I get some feedback on using Windows 2003 Small Business Edition as a web server? Can I just turn off the Exchange stuff? What might I needto worry about with the built in Active Directory? - does SBS have it's own line of service packs? I have an extra license available but is this a bad idea from a security standpoint or other reasons? Thanks-- Jonathan Glass678-768-1445
Current thread:
- Windows 2003 SBS for web server? Dan Tesch (Feb 17)
- Re: Windows 2003 SBS for web server? Jonathan Glass (Feb 19)
- Re: Windows 2003 SBS for web server? Dan Tesch (Feb 19)
- RE: Windows 2003 SBS for web server? Steve Fletcher (Feb 24)
- Re: Windows 2003 SBS for web server? Dan Tesch (Feb 19)
- Re: Windows 2003 SBS for web server? Jonathan Glass (Feb 19)