Re: IIS6 on W2k3 DCs

From: James Riden (j.riden_at_massey.ac.nz)
Date: 01/14/05

Next message: David L Rice: "RE: PGP and Outlook"

Previous message: Stegman, William: "RE: local admin vs group policy and apps..."
In reply to: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: IIS6 on W2k3 DCs"
Next in thread: Fabrice Aubry: "Re: IIS6 on W2k3 DCs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: focus-ms@securityfocus.com
Date: Sat, 15 Jan 2005 09:32:35 +1300

"Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa@pacbell.net> writes:

> I may be laughed from here to kingdom come on this listserve...but I
> gotta ask....
>
> Common best practices for whom? Define a role please? What is
> "common best practices" may not be good enough for one person, but may
> be just fine for another. What are they doing with this box?
> Exposing it to the web as a web server...yeah I'd still argue that's
> insanity.
>
> But Small Business Server 2003 runs with IIS on our domain controller.
> Where's MY security risks these days? Not my server..nope......it's
> my desktops where my security risks lie.

I've seen a Windows 2000 domain controller get into trouble from
applying Service Pack 4, so I tend to be wary about putting anything
on a Windows server which isn't absolutely essential.

You asked "Common best practices for whom?" - I think probably for
bigger sites. I wouldn't even describe us as a big site, but we've
managed to tickle a few fairly obscure bugs in the past.

And if you think that's paranoid, you should see how UNIX-based sites
treat their Kerberos servers :)

-- 
James Riden / j.riden@massey.ac.nz / Systems Security Engineer
GPG public key available at: http://www.massey.ac.nz/~jriden/
This post does not necessarily represent the views of my employer.
---------------------------------------------------------------------------
---------------------------------------------------------------------------

Next message: David L Rice: "RE: PGP and Outlook"

Previous message: Stegman, William: "RE: local admin vs group policy and apps..."
In reply to: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: IIS6 on W2k3 DCs"
Next in thread: Fabrice Aubry: "Re: IIS6 on W2k3 DCs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Best Practice
... to one DNS server. ... Best practices for DNS client settings in Windows 2000 Server and in ... Windows Server 2003 ...
(microsoft.public.windows.server.migration)
What OS do you develop on?
... I see more and more people using Windows Server for their OS on the ... workstation they use for development. ... Is this pretty common? ...
(microsoft.public.dotnet.languages.csharp)
Re: [Full-Disclosure] DCOM RPC exploit (dcom.c)
... ** The r00t of the problem is a failure to follow best practices from ... > server; security HAS to come second to that. ... > As for how many are protected - not enough, which is again a cost issue. ...
(Full-Disclosure)
Re: OpenVMS - When downtime is not an option
... He shouldn't be doing it from the server. ... And that's assuming management understands the issue well enough to ... local management shortcomings aren't Microsoft security issues ... There are good practices and bad practices. ...
(comp.os.vms)
Re: KB917537 Failing
... four days after the patch released. ... mature server OS, an enterprise-class messaging system, and automated ... if you hit the "Restart" button ... here as I had assumed this would be a common problem.. ...
(microsoft.public.windows.server.sbs)