Re: Windows 2003 Small Business Server & IIS Security
From: Paul Lynch (paul.lynch_at_nospam.com)
Date: 12/10/03
- Next message: Robert Waite: "Re: Windows 2003 Small Business Server & IIS Security"
- Previous message: cgar: "RE: IIS 4.0 security"
- In reply to: Robert Waite: "Re: Windows 2003 Small Business Server & IIS Security"
- Next in thread: Robert Waite: "Re: Windows 2003 Small Business Server & IIS Security"
- Reply: Robert Waite: "Re: Windows 2003 Small Business Server & IIS Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 10 Dec 2003 19:14:49 +0000
On Wed, 10 Dec 2003 13:35:13 -0500, "Robert Waite"
<bob2dev@tampabay.rr.com> wrote:
>Thanks.
>
>If the IIS Server is a standalone Workgroup (not domain member) with an NIC
>connection
>to an SBS CLIENT (with two NICs), then (with right ID/password), then I can
>connect from
>that client to IIS for updates? In other words, can a Domain member connect
>to a Wrokgroup member?
>I can even disable the 2nd NIC on the CLIENT when not updating.
>
>How well would this configuration work with TWO dedicate IPs assigned by my
>ISP.
>
>1. www.MyCompany.com points to Dedicated_IP_Address1 which connects to SBS
>(thru a Linksys firewall for a little extra protection) with SBS locked down
>for just approved company access as suggested by many here.
>
>2. www.PublicWeb.com points to Dedicated_IP_Address2 which connects to Web
>Server 2003 thru Sonicwall SOHO firewall (automatically blocks Denial of
>Service attacks such as Ping of Death, SYN Flood, LAND Attack
>and IP Spoofing, etc). [This has worked well for a year.]
>
>3. Web Server 2003 has a second internal NIC connecting to SBS so the Web
>Site can be updated.
>
>4. SBS rules/features/etc are used to limit what can be done from Web Server
>2003 on the SBS Domain.
>
>Thanks again!
>Robert
Hi Robert,
Yes, you could update the content on the standalone web server using
FTP. Just create a local user account and point that user's home ftp
folder at the root of the web content folders and you're set. Don't
forget to disallow anonymous ftp though.
For maximum security you could even consider removing the second
internal NIC from the www.PublicWeb.com server and just connect to it
via the internet when you want to update its content.
I would also consider moving the www.mycompany.com site and IP address
to the standalone box - unless of course you are using it for OWA.
Regards,
Paul Lynch
MCSE
- Next message: Robert Waite: "Re: Windows 2003 Small Business Server & IIS Security"
- Previous message: cgar: "RE: IIS 4.0 security"
- In reply to: Robert Waite: "Re: Windows 2003 Small Business Server & IIS Security"
- Next in thread: Robert Waite: "Re: Windows 2003 Small Business Server & IIS Security"
- Reply: Robert Waite: "Re: Windows 2003 Small Business Server & IIS Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
