Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Windows 2003 SBS for web server?

from [Dan Tesch] Network Security [Permanent Link]
Subject: Re: Windows 2003 SBS for web server?
Date: Fri, 18 Feb 2005 07:48:44 -0600 
Jonathan-

Thanks for the input, maybe I should clarify a little; The company
I am working with already has two W2K IIS servers and we are
replacing the hardware w/newer & faster - one box already went
up with Server 2003 and we are now building the next - my question
was regarding having an available license of SBS to use - our only
requirement is IIS6 and load bal. which this contains.

Specifically, I wanted to know if there is anything else I should be
aware of outside of the normal securing and hardening of IIS which
for this company - switching to an alternative is not on their agenda.

I already did the install and after the normal 2003 install the server
booted and asked to continue the install to which I replied cancel
and a shortcut was left on the desktop to continue w/the other two
disks for I guess Exchange.

I have never managed a SBS and I thought I read something about
a separate line of SP's - is this infact the case? do they come out at
the same time as normal SP's?  from a security standpoint is anything
else different about a SBS edition? - I don't anticipate even setting
up a domain - just left it at a workgroup - file sharing and client are
unbound and I am going through hardening guidelines as if this were
a normal 2003 server -am I missing something?

Thanks



Do you really want to expose a Windows/IIS server to the Internet?
Are you planning on storing any sensitive data on it?  If you really
want to use IIS, I'd strongly recommend that you (a) put it in a DMZ,
(b) run ONLY IIS on that box, (c) rename the administrator account,
and use that account/passwd combo on THAT box ONLY, (d) use the ODBC
logging feature of IIS to log your IIS accesses & errors to a database
server (you can run MySQL for free on an internal host, and install
the MySQL ODBC drivers on the IIS box).

If you don't have to run Active Server Pages (or any other dynamic
content), consider a minimal installation of any Linux distro running
the TUX web server.  Much faster and easier to secure than IIS or
Linux + Apache.  If you DO need ASP, stick to IIS.  If you can use
PHP/JSP/Perl/CGIs, then consider Linux + Apache.

Thanks & HTH

Jonathan Glass


On Wed, 16 Feb 2005 09:23:25 -0600, Dan Tesch <dan.tesch@comcast.net> wrote:
Hello, can I get some feedback on using Windows 2003 Small Business Edition
as a web server? Can I just turn off the Exchange stuff? What might I need
to
worry about with the built in Active Directory? - does SBS have it's own
line of
service packs?

I have an extra license available but is this a bad idea from a security
standpoint
or other reasons?

Thanks




--
Jonathan Glass
678-768-1445

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: New to this: How to map network?, Kevin Alford
Next by Date:  RE: Simple Scan, Burton Strauss
Previous by Thread:  Re: Windows 2003 SBS for web server?, Jonathan Glass
Next by Thread:  RE: Windows 2003 SBS for web server?, Steve Fletcher
Indexes:  [Date] [Thread] [Top] [All Lists]