Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Windows 2003 SBS for web server?

from [Jonathan Glass] Network Security [Permanent Link]
Subject: Re: Windows 2003 SBS for web server?
Date: Thu, 17 Feb 2005 23:47:34 -0500 
Do you really want to expose a Windows/IIS server to the Internet? 
Are you planning on storing any sensitive data on it?  If you really
want to use IIS, I'd strongly recommend that you (a) put it in a DMZ,
(b) run ONLY IIS on that box, (c) rename the administrator account,
and use that account/passwd combo on THAT box ONLY, (d) use the ODBC
logging feature of IIS to log your IIS accesses & errors to a database
server (you can run MySQL for free on an internal host, and install
the MySQL ODBC drivers on the IIS box).

If you don't have to run Active Server Pages (or any other dynamic
content), consider a minimal installation of any Linux distro running
the TUX web server.  Much faster and easier to secure than IIS or
Linux + Apache.  If you DO need ASP, stick to IIS.  If you can use
PHP/JSP/Perl/CGIs, then consider Linux + Apache.

Thanks & HTH

Jonathan Glass


On Wed, 16 Feb 2005 09:23:25 -0600, Dan Tesch <dan.tesch@comcast.net> wrote:

Hello, can I get some feedback on using Windows 2003 Small Business Edition
as a web server? Can I just turn off the Exchange stuff?  What might I need
to
worry about with the built in Active Directory? - does SBS have it's own
line of
service packs?

I have an extra license available but is this a bad idea from a security
standpoint
or other reasons?

Thanks





-- 
Jonathan Glass
678-768-1445
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: RealVNC / Windows 2000 Security, Jonathan Glass
Next by Date:  RE: CISSP without experience, James Michael Stewart
Previous by Thread:  Windows 2003 SBS for web server?, Dan Tesch
Next by Thread:  Re: Windows 2003 SBS for web server?, Dan Tesch
Indexes:  [Date] [Thread] [Top] [All Lists]