Re: Where to put the server

From: TRD (tdejohnx2_at_hotmail.com)
Date: 02/09/04

• Next message: rpspiker: "Installing outlook 2003 cd from Action Pack"
• Previous message: Adamson Penhall: "Receiving mail"
• In reply to: Jeff Middleton [SBS-MVP]: "Re: Where to put the server"
• Next in thread: Darwood: "Re: Where to put the server"
• Reply: Darwood: "Re: Where to put the server"
• Messages sorted by: [ date ] [ thread ]

---

Date: Sun, 8 Feb 2004 22:23:50 -0500

Yes this scenario is far from normal. I am not trying to move the sbs2000 or
the the clients from the LAN. My delima is that I have a Win2003 server that
is running IIS for thier website. The IIS box is also home to a custom made
application that is tied into the data that the website uses.

Delima:
Do I put the IIS server on the LAN or do I place the IIS box in the DMZ and
enable Netbios over tcp/ip (which the custom app uses to communicate with
the clients). The application doesn't seem to be the best thought out
design. But I can't change that.

With the webserver in the DMZ and netbios running over tcp how safe is it
for the internal network. I have a SonicWall in front of the DMZ.

I am just thinking that the web server on the LAN is not a good idea. For
obvious reasons. Any ideas?

Thanks for the help.

TRD

"Jeff Middleton [SBS-MVP]" <jeff@cfisolutions.com> wrote in message
news:OyH4NdN7DHA.1716@TK2MSFTNGP10.phx.gbl...
> This conversation is quickly leaving the term "normal" out of the topic.
>
> If you have an SBS running as the DC of a domain with LAN clients, then
you
> can't put the SBS in DMZ without putting the clients in DMZ as well,
> otherwise they can't reach the SBS without tunning into the DMZ, and now
we
> have a circular condition that really makes no sense. Windows Networks
> pretty much still require Netbios, and doing it without Netbios is a bit
of
> an exotic concept no suited to most scenarios.
>
> The normal way to approach this situation with a single server would be to
> construct a normal LAN with the SBS and it's clients, then preferably run
a
> secure website on the SBS if you must, and keep the website behind either
a
> forward firewall, or ISA on the SBS. A preferred approach would be to
> acquire another server, perhaps running Windows Server Web Edition and put
> that machine in DMZ between a pair of firewalls, one of which seperates
the
> SBS LAN from the DMZ.
>
>
> "TRD" <tdejohnx2@hotmail.com> wrote in message
> news:erkzOpM7DHA.3304@tk2msftngp13.phx.gbl...
> > There is a custom application that they have. It has a piece that is
> > accessible from the internet and another seperate component that is for
> the
> > LAN users. It is not the best thought out software I have ever seen.
> >
> > "Darwood" <darrenw@nospamme.woodfordcomputers.co.uk> wrote in message
> > news:Odi9gHJ7DHA.1632@TK2MSFTNGP12.phx.gbl...
> > > If the web server is going to be accessible from the internet then put
> it
> > in
> > > the DMZ. If you leave it on the LAN then if it is compromised your
whole
> > LAN
> > > is vulnerable. Why do the clients need netbios access to the server?
> > >
> > > --
> > > Darwood
> > >
> > > Remove nospamme from email address to reply.
> > >
> > > "TRD" <tdejohnx2@hotmail.com> wrote in message
> > > news:ePatQLB7DHA.1592@TK2MSFTNGP10.phx.gbl...
> > > > I have an sbs2000 network with the standard 2 NIC setup. We are
going
> to
> > > > host a site on a Windows 2003 server that has a custom application
> that
> > > > clients on the local network need to acces. If I add this website to
> the
> > > > Windows 2003 box. Should I move the server to the DMZ or leave it on
> the
> > > > internal network?
> > > >
> > > > With the webserver on the LAN how big of a security risk will it be.
> > > >
> > > > If I move the server to the DMZ I still have a SonicWall in front of
> it
> > > but
> > > > will have to use netbios over tcp for the clients on the LAN to get
to
> > it.
> > > > Is this about the same as having it on the LAN??
> > > >
> > > >
> > > > TIA
> > > >
> > > > TRD
> > > >
> > > >
> > >
> > >
> >
> >
>
>

---

• Next message: rpspiker: "Installing outlook 2003 cd from Action Pack"
• Previous message: Adamson Penhall: "Receiving mail"
• In reply to: Jeff Middleton [SBS-MVP]: "Re: Where to put the server"
• Next in thread: Darwood: "Re: Where to put the server"
• Reply: Darwood: "Re: Where to put the server"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Re: ISA Server & a WiFi Hotspot (some DHCP for good measure too) ... have the LAN side of the wireless router be in the 10.0.0.x ... your SBS has two nics - its WAN nic is using 10.0.0.2 ... The SBS handles DHCP for the ... The SBS firewall not only keeps the wireless clients ... (microsoft.public.windows.server.sbs) Re: Web portal security ... win2003 standard server with IIS, SSL enabled and will be placed on ... So I will be fwding port 443 in firewall to my DMZ port. ... Well, assuming you are going to use teh SQL database from SBS, you can ... subnet than my LAN and map one to one from firewall to dmz. ... (microsoft.public.windows.server.sbs) Re: Where to put the server ... Put the 2003 IIS Server in the DMZ. ... SBS box or another LAN server. ... (microsoft.public.backoffice.smallbiz2000) Re: Exchange, OWA and SBS2003 ... If this is only SBS, it should be in the LAN. ... If you want to put the OWA in the DMZ, it should be the front-end Exchange. ... I'm planning to run SBS 2003 and I would like the server to host my ... (microsoft.public.windows.server.sbs) Re: Where to put the server ... > Requires access from internet and LAN. ... Suggest DMZ. ... >> If you have an SBS running as the DC of a domain with LAN clients, ... >> The normal way to approach this situation with a single server would be ... (microsoft.public.backoffice.smallbiz2000)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(18)