Re: Taking Companyweb Externally

From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (sbradcpa_at_pacbell.net)
Date: 03/21/04 

Date: Sun, 21 Mar 2004 14:38:05 -0800

but isn't that assuming ISA?

Matthew which version of SBS do you have?

And regarding Security and open ports... I have NO open ports open on
this server at home, yet I have to run ad-aware on my sister's laptop
because she like to install Disney screensavers.

Don't just look at the firewall setup as your only security issue.

Firewall
Antivirus
Patching
Ensuring that your IE is scanned for spybotz and what not

Also be careful on SMTP publishing without taking out/adjusting the
default setup of the IP addresses in the SMTP server settings.

Tony Su wrote:

> Although my procedures are not endorsed,
> I strongly recommend what I outline in my paper at
>
> www.su-networking.com/faq/
> (Click on first link)
>
> Done correctly, IMO this is the most secure, flexible and
> powerful way to configure SBS2K3.
>
> If you do everything through Web Publishing without
> specifying the WAN IP address like how I describe, current
> configuration should be sufficient but if you specify the
> WAN address anywhere in ISA publishing rules, you can use
> the utility from isatools.org.
>
> So, for instance if you also follow my recommendation not
> to expose Exchange directly through the WAN interface and
> instead Server Publish the SMTP Server protocol, you will
> need this utility.
>
> Tony Su
>
>
>
>
>
>
>>-----Original Message-----
>>We currently have our http://companyweb and OWA setup so
>>only internal LAN users can view the content. We would
>>now both like to take those externally. We have our
>>server behind a 3com OfficeConnect firewall, and an
>>Actiontec DSL Gateway with a dynamic IP. I realize we'll
>>need DynDns.org or no-ip. Any suggestions on configuring
>>the server side and firewall and router (ports to
>>forward) would be great. Obviously, I'm interested in
>>the most secure setup, as this server holds all of our
>>company data as well. I understand that it is not the
>>best idea to host a site on the same server as company
>>data, but we only have 1 server. Any advice would be
>>very helpful.
>>
>>- Matthew
>>.
>> 

-- 
http://www.sbslinks.com/really.htm

Relevant Pages

  • Re: Interesting webserver intrusion (apache 1.3.31, mod_ssl 2.8.18, php 4.3.7)
    ... > fairly tight(only allowing 4 ports in), but perhaps I could tighten it ... The host systems firewall rules govern the access to the jailed system. ... What connections does your server need to ... Perhaps there is a 0-day for your ftp server out there. ...
    (Incidents)
  • Re: Add 2nd NIC after intial install?
    ... My biggest question with 1 NIC is: even if workstations are protected with individual firewall products, what is protecting the SBS server itself if ports are open for remote access through the Linksys firewall? ...
    (microsoft.public.windows.server.sbs)
  • Re: OWA 2003 in DMZ ??
    ... Thought I answered that but let me reiterate: High security is not ... something you'll be able to accomplish in that scenario that you have setup. ... Ports are mostly the same as E2K in E2K3. ... server will talk with. ...
    (microsoft.public.exchange.admin)
  • Re: Source Code to Filter out WindowsMessenger POP-UPS
    ... Zone Alarm does NOT support 'server'. ... Very few ports are open, ... >What you are asking for amounts to a firewall. ... I would NOT search for source code to compile ...
    (microsoft.public.inetserver.iis.security)
  • Re: Using Office Outlook with exchange server behind windows firewall
    ... On our network I have windows firewall turned on, on both my small business server and my windows xp workstations. ... Based on an article I read about all the ports that exhange may use I also tried making exceptions for ports ...
    (microsoft.public.windows.server.sbs)
Quantcast