RE: IIS6 on W2k3 DCs
From: Devin Ganger (DevinG_at_3sharp.com)
Date: 01/15/05
- Previous message: Laura A. Robinson: "RE: IIS6 on W2k3 DCs"
- Maybe in reply to: Joe Blatz: "IIS6 on W2k3 DCs"
- Next in thread: Jim Harrison (ISA): "RE: IIS6 on W2k3 DCs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 14 Jan 2005 16:40:46 -0800 To: <focus-ms@securityfocus.com>
Susan Bradley wrote:
> But Small Business Server 2003 runs with IIS on our domain controller.
> Where's MY security risks these days? Not my server..nope......it's
> my desktops where my security risks lie.
Anything you expose to the Internet is a security risk, especially when
it's just sitting there listening.
> Port 80 is closed on my server but IIS is still on there.
Which is why IIS is a lesser risk *for you*.
> Am "I" freaking out over IIS on my domain controller? Nope.
> Not at this moment.
As is good and proper, but when you're specifically being asked to put a
live (publicly accessible) webserver on a DC, that's different. To do so
is idiocy, not to put too fine a point on it, even if you're using SBS.
While SBS has a lot of value, the single-server configuration breaks a
lot of best practices in the name of financial convenience. (Exchange on
a DC, forex -- supported but not recommended.)
-- Devin L. Ganger Email: deving@3sharp.com 3Sharp LLC Phone: 425.882.1032 x 109 15311 NE 90th Street Cell: 425.239.2575 Redmond, WA 98052 Fax: 425.702.8455 --------------------------------------------------------------------------- ---------------------------------------------------------------------------
- Previous message: Laura A. Robinson: "RE: IIS6 on W2k3 DCs"
- Maybe in reply to: Joe Blatz: "IIS6 on W2k3 DCs"
- Next in thread: Jim Harrison (ISA): "RE: IIS6 on W2k3 DCs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
