Re: Where to put the server
From: Jeff Middleton [SBS-MVP] (jeff_at_cfisolutions.com)
Date: 02/06/04
- Next message: Jeff Middleton [SBS-MVP]: "Re: Celeron anyone?"
- Previous message: Jeff Middleton [SBS-MVP]: "Re: Is wireless viable on and SBS network?"
- In reply to: TRD: "Re: Where to put the server"
- Next in thread: TRD: "Re: Where to put the server"
- Reply: TRD: "Re: Where to put the server"
- Reply: Darwood: "Re: Where to put the server"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 6 Feb 2004 11:39:24 -0600
This conversation is quickly leaving the term "normal" out of the topic.
If you have an SBS running as the DC of a domain with LAN clients, then you
can't put the SBS in DMZ without putting the clients in DMZ as well,
otherwise they can't reach the SBS without tunning into the DMZ, and now we
have a circular condition that really makes no sense. Windows Networks
pretty much still require Netbios, and doing it without Netbios is a bit of
an exotic concept no suited to most scenarios.
The normal way to approach this situation with a single server would be to
construct a normal LAN with the SBS and it's clients, then preferably run a
secure website on the SBS if you must, and keep the website behind either a
forward firewall, or ISA on the SBS. A preferred approach would be to
acquire another server, perhaps running Windows Server Web Edition and put
that machine in DMZ between a pair of firewalls, one of which seperates the
SBS LAN from the DMZ.
"TRD" <tdejohnx2@hotmail.com> wrote in message
news:erkzOpM7DHA.3304@tk2msftngp13.phx.gbl...
> There is a custom application that they have. It has a piece that is
> accessible from the internet and another seperate component that is for
the
> LAN users. It is not the best thought out software I have ever seen.
>
> "Darwood" <darrenw@nospamme.woodfordcomputers.co.uk> wrote in message
> news:Odi9gHJ7DHA.1632@TK2MSFTNGP12.phx.gbl...
> > If the web server is going to be accessible from the internet then put
it
> in
> > the DMZ. If you leave it on the LAN then if it is compromised your whole
> LAN
> > is vulnerable. Why do the clients need netbios access to the server?
> >
> > --
> > Darwood
> >
> > Remove nospamme from email address to reply.
> >
> > "TRD" <tdejohnx2@hotmail.com> wrote in message
> > news:ePatQLB7DHA.1592@TK2MSFTNGP10.phx.gbl...
> > > I have an sbs2000 network with the standard 2 NIC setup. We are going
to
> > > host a site on a Windows 2003 server that has a custom application
that
> > > clients on the local network need to acces. If I add this website to
the
> > > Windows 2003 box. Should I move the server to the DMZ or leave it on
the
> > > internal network?
> > >
> > > With the webserver on the LAN how big of a security risk will it be.
> > >
> > > If I move the server to the DMZ I still have a SonicWall in front of
it
> > but
> > > will have to use netbios over tcp for the clients on the LAN to get to
> it.
> > > Is this about the same as having it on the LAN??
> > >
> > >
> > > TIA
> > >
> > > TRD
> > >
> > >
> >
> >
>
>
- Next message: Jeff Middleton [SBS-MVP]: "Re: Celeron anyone?"
- Previous message: Jeff Middleton [SBS-MVP]: "Re: Is wireless viable on and SBS network?"
- In reply to: TRD: "Re: Where to put the server"
- Next in thread: TRD: "Re: Where to put the server"
- Reply: TRD: "Re: Where to put the server"
- Reply: Darwood: "Re: Where to put the server"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
