At 17:17 19/07/2005, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote:
Okay..... so then
no OWA
no WSUS
no Sharepoint
We do get to do file and printing on this server or is that banned as
well? Define 'web server' folks because these days we 'are' running
IIS/web servers in our domains because [at least in the case of WSUS] it's
actually helping us reduce risk and not increase it.
I'd say that if the web server is internet facing, then don't run anything
on it unless you absolutely must, and I'd be very, very reluctant to put
them on a domain. They should preferably be in a DMZ with a firewall
between them and the Internet and another between the LAN and the Internet
facing servers (or use a firewall with a built in 'DMZ' facility) - and
don't just allow anything between your LAN and the DMZ, but have tight
restrictions on both firewalls.
It's cheaper to buy another low cost server PC (a few hundred UKP) to use
as your Internet facing web/mail/ftp server than it is to fix your main
domain server when it's been trashed..
If your web server is LAN facing only, then run whatever you want on it,
depending on your trust of your LAN users (IMHO). There's no harm in
running two web servers, one for OWA, WSUS, Sharepoint, etc for your local
users, and one without the dangerous stuff for your customers. If you have
remote users, set up VPNs and then they can access the internal web server
through that.
Paul VPOP3 - Internet Email Server/Gateway
support@pscs.co.uk http://www.pscs.co.uk/
---------------------------------------------------------------------------
---------------------------------------------------------------------------
