Re: Hosting public web site in SBS2003

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (sbradcpa_at_pacbell.net)
Date: 06/11/04 

Date: Thu, 10 Jun 2004 17:13:54 -0700

ACCOUNTING FIRM? BEANCOUNTER wants to do this?

Webhost4life.com
readyhosting.com

Is he willing to throw off his beancounters and staff to patch that web
server?

Because OWA you can close up port 80 and only go through 443, RWW uses
authentication... Website means you open up for a web crawler.

You just said it yourself Buddy... "if this were my site"..... if you
don't feel comfortable, neither should he. Furthermore, he has
fiduciary responsibility to that client data, tax return information
with names and social security numbers and if he's using Lacerte or CCH
in an unecrypted database. I'm positive that Ultratax doesn't do any
better in protecting that data. He is willing to accept the risk for that?

Then you want to stick in Alan's "don't google me" robots.txt file
...which sort of defeats the purposes of having a web site.

I'll open up 443, accept the risk for that, but not open up 80 and
webhosting. That two different issues all together. Opening up for RWW
and opening up for a web site are two totally different things.

The alternative for TS is remote web workplace or a separate box for TS.
  Why? Because doing what he's doing right now on his domain controller
is considered insane and insecure.

Buddy Greenshield wrote:
> Yeah, I hear you! Spyware has really been a pain lately.
>
> They are a small accounting firm. The apps are Creative Solutions
> Accounting, CBS and UltraTax.
> So some pretty personal stuff.
>
> My question was more of "Accept the risk" because with SBS2K3 and ISA
> server, the use of SSL and security improvements in general, is the level of
> risk going down? I'm telling him all about OWA and RWW and these other web
> based features of SBS2K3. Are'nt these acceptable to deploy? I'm doing it
> already!
>
> If it were my site, I would probably outsource. But he wanted to do this, so
> that's why I have posted to this NG.
>
> Buddy
>
> "Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa@pacbell.net>
> wrote in message news:%236XmlUyTEHA.972@TK2MSFTNGP10.phx.gbl...
>
>>Buddy? What kind of firm data does he have on his server? Client
>>resposibility? Data responsibilty?
>>
>>The answer to whether he hosts a "local soccer club" web site on his box
>>is not "can it be done" as it can....but more of "what other data is he
>>putting into a potential for risk and can he mitigate that risk?
>>
>>Accept the risk
>>Mitigate the risk
>>Outsource the risk
>>
>>In my office I cannot accept the risk.
>>
>>To mitigate the risk in my firm I would put a separate server on the
>>side, set up a DMZ, ensure only web traffic went on that box... patch
>>immediately... watch the log file... for me it's way cheaper to
>>
>>Outsource the risk.
>>
>>What data does he have on the box.. and what level is he willing to do.
>>
>>That said, right now my server is the least of my worries. They [the
>>nasties/spybots and what not] are going after my desktops.
>>
>>Buddy Greenshield wrote:
>>
>>>I'm talking to a client who currently runs a W2K server as his DC and TS
>
> in
>
>>>application mode about ugrading to SBS2003 premium. The main benefit is
>
> to
>
>>>bring exchange into the mix.
>>>
>>>As part of the upgrade, he wants to host a web site for a local soccer
>
> club.
>
>>>I know that with SBS2000, the consensus is not to run an external web
>
> site
>
>>>from your SBS. However, with SBS2003 and it's ease of setting up
>>>certificate based web access, has the consensus changed on the issue?
>>>
>>>Also, I have heard that SBS2003 no longer supports TS in app mode. What
>
> are
>
>>>the alternatives? I can see keeping the old W2K server demoted to
>
> member
>
>>>server. What other alternatives exist? (I'm not sure about the app
>
> running
>
>>>on the TS. It's client / server, but it might use database technology
>
> that
>
>>>would make things undesirable to run across a wan link.)
>>>
>>>Thank you
>>>
>>>Buddy G
>>>
>>>
>>
>>--
>>http://www.sbslinks.com/really.htm
>>
>
>
> 

-- 
http://www.sbslinks.com/really.htm

Relevant Pages

  • Nessus & Webmin Security Questions
    ... *** Nessus reports this vulnerability using only ... and on the server side the nessusd with version 1.2.7. ... unknown High It is possible to read ... Risk factor: High ...
    (Debian-User)
  • Re: Breaking the rules?
    ... Depending on size and density of the server, you may not need to put ... everything on separate RAID drives, but having RAID configuration is a best ... Your risk is probably divided into several parts: ... > because if you lose either the logs or the EDB, ...
    (microsoft.public.exchange.design)
  • Re: Hosting public web site in SBS2003
    ... endorsing as for TS it locks down the server. ... But to host on your SBS?!?! ... > My question was more of "Accept the risk" because with SBS2K3 and ISA ... What kind of firm data does he have on his server? ...
    (microsoft.public.windows.server.sbs)
  • Re: Copy Active Directory Database to test server
    ... Sorry Mike, While I understand your position, your risk assessment of my ... server online for a period of days. ... My current sticking point is how to recover my AD from a failed hardware ... > HOWEVER from a disaster recovery, single point of failure and general ...
    (microsoft.public.windows.server.general)
  • Re: Copy Active Directory Database to test server
    ... > actually rely on your server infrastructure for business continuity the a ... > the risk of the single point of failure. ... >> My current sticking point is how to recover my AD from a failed hardware ... >> migrate the AD to a new hardware configuration. ...
    (microsoft.public.windows.server.general)