Re: Should webservers, eg. IIS 6 have anti--virus installed on them?
From: Paul Smith (paullocal_at_pscs.co.uk)
Date: 07/20/05
- Previous message: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: Should webservers, eg. IIS 6 have anti--virus installed on them?"
- In reply to: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: Should webservers, eg. IIS 6 have anti--virus installed on them?"
- Next in thread: Sarbjit Singh Gill: "RE: Should webservers, eg. IIS 6 have anti--virus installed on them?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 20 Jul 2005 08:56:00 +0100 To: "Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa@pacbell.net>, "Depp, Dennis M." <deppdm@ornl.gov>
At 17:17 19/07/2005, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote:
>Okay..... so then
>
>no OWA
>no WSUS
>no Sharepoint
>
>We do get to do file and printing on this server or is that banned as
>well? Define 'web server' folks because these days we 'are' running
>IIS/web servers in our domains because [at least in the case of WSUS] it's
>actually helping us reduce risk and not increase it.
I'd say that if the web server is internet facing, then don't run anything
on it unless you absolutely must, and I'd be very, very reluctant to put
them on a domain. They should preferably be in a DMZ with a firewall
between them and the Internet and another between the LAN and the Internet
facing servers (or use a firewall with a built in 'DMZ' facility) - and
don't just allow anything between your LAN and the DMZ, but have tight
restrictions on both firewalls.
It's cheaper to buy another low cost server PC (a few hundred UKP) to use
as your Internet facing web/mail/ftp server than it is to fix your main
domain server when it's been trashed..
If your web server is LAN facing only, then run whatever you want on it,
depending on your trust of your LAN users (IMHO). There's no harm in
running two web servers, one for OWA, WSUS, Sharepoint, etc for your local
users, and one without the dangerous stuff for your customers. If you have
remote users, set up VPNs and then they can access the internal web server
through that.
Paul VPOP3 - Internet Email Server/Gateway
support@pscs.co.uk http://www.pscs.co.uk/
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: Should webservers, eg. IIS 6 have anti--virus installed on them?"
- In reply to: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: Should webservers, eg. IIS 6 have anti--virus installed on them?"
- Next in thread: Sarbjit Singh Gill: "RE: Should webservers, eg. IIS 6 have anti--virus installed on them?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
