Re: Windows 2003 SBS for web server?

[Jonathan Glass <jonathan.glass () gmail com>]

Do you really want to expose a Windows/IIS server to the Internet? 
Are you planning on storing any sensitive data on it?  If you really
want to use IIS, I'd strongly recommend that you (a) put it in a DMZ,
(b) run ONLY IIS on that box, (c) rename the administrator account,
and use that account/passwd combo on THAT box ONLY, (d) use the ODBC
logging feature of IIS to log your IIS accesses & errors to a database
server (you can run MySQL for free on an internal host, and install
the MySQL ODBC drivers on the IIS box).

If you don't have to run Active Server Pages (or any other dynamic
content), consider a minimal installation of any Linux distro running
the TUX web server.  Much faster and easier to secure than IIS or
Linux + Apache.  If you DO need ASP, stick to IIS.  If you can use
PHP/JSP/Perl/CGIs, then consider Linux + Apache.

Thanks & HTH

Jonathan Glass


On Wed, 16 Feb 2005 09:23:25 -0600, Dan Tesch <dan.tesch () comcast net> wrote:
> Hello, can I get some feedback on using Windows 2003 Small Business Edition
> as a web server? Can I just turn off the Exchange stuff?  What might I need
> to
> worry about with the built in Active Directory? - does SBS have it's own
> line of
> service packs?
>
> I have an extra license available but is this a bad idea from a security
> standpoint
> or other reasons?
>
> Thanks


-- 
Jonathan Glass
678-768-1445