Re: Windows 2003 SBS for web server?

• Previous message: Kevin Alford: "RE: New to this: How to map network?"
• Maybe in reply to: Dan Tesch: "Windows 2003 SBS for web server?"
• Next in thread: Steve Fletcher: "RE: Windows 2003 SBS for web server?"
• Reply: Steve Fletcher: "RE: Windows 2003 SBS for web server?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "Security Basics" <security-basics@lists.securityfocus.com>
Date: Fri, 18 Feb 2005 07:48:44 -0600

Jonathan-

Thanks for the input, maybe I should clarify a little; The company
I am working with already has two W2K IIS servers and we are
replacing the hardware w/newer & faster - one box already went
up with Server 2003 and we are now building the next - my question
was regarding having an available license of SBS to use - our only
requirement is IIS6 and load bal. which this contains.

Specifically, I wanted to know if there is anything else I should be
aware of outside of the normal securing and hardening of IIS which
for this company - switching to an alternative is not on their agenda.

I already did the install and after the normal 2003 install the server
booted and asked to continue the install to which I replied cancel
and a shortcut was left on the desktop to continue w/the other two
disks for I guess Exchange.

I have never managed a SBS and I thought I read something about
a separate line of SP's - is this infact the case? do they come out at
the same time as normal SP's? from a security standpoint is anything
else different about a SBS edition? - I don't anticipate even setting
up a domain - just left it at a workgroup - file sharing and client are
unbound and I am going through hardening guidelines as if this were
a normal 2003 server -am I missing something?

Thanks

> Do you really want to expose a Windows/IIS server to the Internet?
> Are you planning on storing any sensitive data on it? If you really
> want to use IIS, I'd strongly recommend that you (a) put it in a DMZ,
> (b) run ONLY IIS on that box, (c) rename the administrator account,
> and use that account/passwd combo on THAT box ONLY, (d) use the ODBC
> logging feature of IIS to log your IIS accesses & errors to a database
> server (you can run MySQL for free on an internal host, and install
> the MySQL ODBC drivers on the IIS box).
>
> If you don't have to run Active Server Pages (or any other dynamic
> content), consider a minimal installation of any Linux distro running
> the TUX web server. Much faster and easier to secure than IIS or
> Linux + Apache. If you DO need ASP, stick to IIS. If you can use
> PHP/JSP/Perl/CGIs, then consider Linux + Apache.
>
> Thanks & HTH
>
> Jonathan Glass
>
>
> On Wed, 16 Feb 2005 09:23:25 -0600, Dan Tesch <dan.tesch@comcast.net>
> wrote:
>> Hello, can I get some feedback on using Windows 2003 Small Business
>> Edition
>> as a web server? Can I just turn off the Exchange stuff? What might I
>> need
>> to
>> worry about with the built in Active Directory? - does SBS have it's own
>> line of
>> service packs?
>>
>> I have an extra license available but is this a bad idea from a security
>> standpoint
>> or other reasons?
>>
>> Thanks
>>
>>
>
>
> --
> Jonathan Glass
> 678-768-1445

• Previous message: Kevin Alford: "RE: New to this: How to map network?"
• Maybe in reply to: Dan Tesch: "Windows 2003 SBS for web server?"
• Next in thread: Steve Fletcher: "RE: Windows 2003 SBS for web server?"
• Reply: Steve Fletcher: "RE: Windows 2003 SBS for web server?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]