Re: Using SBS 2003 for all remote access.

Tech-Archive recommends: Fix windows errors by optimizing your registry

anonymous_at_discussions.microsoft.com
Date: 06/29/04 

Date: Tue, 29 Jun 2004 15:06:21 -0700

So above the built in firewall I should have another
piece of hardware between the SBS machine and the
internet? If I am allowing access to any ports open on
the web side of the SBS machine via the firewall anyway
how does it help?

Bill

>-----Original Message-----
>> I do not understand why have the second NIC connect to
a
>> hub? Would I be configuring that NIC to be the "local
>> network" and therefore all domain controller type
>> functions will use that NIC? The server already has two
>> NICs and I have a managed switch in the cabinet. So I
can
>> just connect that second NIC to a port in the switch
and
>> just block all outside access to that port. All of the
>> other machines in the cabinet are Server 2003 Web
edition
>> to be used for serving out our networked applications
and
>> web content we offer. They all have dual NICs so I
>> suppose I could configure the second NICs on all
machines
>> to be on an internal network and use some of the
>> functionality of the SBS machine for something. What I
>> don't know at this time, possibly for setting up
network
>> shares of the drives for accesing them via the VPN on
the
>> SBS machine.
>
>
>Blocking all outside access to that port in the switch
would work as well.
>Yes, basically, it would be to configure an "internal
network", so the
>domain controller functionality listens on that NIC, and
SBS configures its
>own firewall to block access from external/Internet
sources to those ports.
>Configuring the second NICs on all the other machines is
an option too, if
>you wanted any of the functionality gained from that.
Up to you really.
>The key thing with SBS is to just make sure there's an
active firewall up
>between it and the main Internet.
>
>David Jones
>SBS Product Team
>
>--
>This posting is provided "AS IS" with no warranties, and
confers no rights.
>
>
><anonymous@discussions.microsoft.com> wrote in message
>news:231e501c45e13$e5786a00$a401280a@phx.gbl...
>>
>> >-----Original Message-----
>> >"Bill" <anonymous@discussions.microsoft.com> wrote in
>> message
>> >news:2309d01c45e03$cd44fda0$a401280a@phx.gbl...
>> >> Are there any issues with using SBS 2003 Standard
for
>> >> remote access ONLY. All of our employees work
remotely
>> >> with broadband connections and right now we use a
POP
>> >> server for mail, a web based calander with way to
many
>> >> logins for scheduling, FTP for doocument transfer
and
>> AIM
>> >> for instant messaging. I would like to replace all
of
>> >> those methods with SBS. I plan on setting up an SBS
>> >> server in a co-location facility and have everyone
>> access
>> >> it via VPN. Are there any issues with this?
>> >
>> >Hi Bill,
>> >
>> >In addition to what others have said, it is extremely
>> important in this
>> >scenario for you to have a properly configured and
>> maintained firewall
>> >between the server and the Internet. Because SBS must
>> be a domain
>> >controller, and the baggage that comes with that, it
>> must have certain ports
>> >listening. Without a firewall, you risk exposing a
>> domain controller
>> >directly to the Internet, which is a major security
risk.
>> >This (the firewall) can be accomplished with a
hardware
>> device, or by using
>> >2 NICs in the server and putting the unused NIC on a
>> dummy hub. There are
>> >additional ways to configure a firewall on the server
>> while using only 1
>> >NIC, but SBS will not configure it as such.
>> >
>> >David Jones
>> >SBS Product Team
>> >
>>
>>
>> Thanks for all the help guys!
>>
>> Bill
>
>
>.
>

Relevant Pages

  • Re: Using SBS 2003 for all remote access.
    ... Yes of course only the ports needed ... the firewall config or will the wizard handle this for me ... >> the web side of the SBS machine via the firewall anyway ... >You would not want to allow all ports from the Internet ...
    (microsoft.public.windows.server.sbs)
  • Re: Using SBS 2003 for all remote access.
    ... > the web side of the SBS machine via the firewall anyway ... You would not want to allow all ports from the Internet to the SBS machine, ...
    (microsoft.public.windows.server.sbs)
  • Re: fileshare on my website
    ... the right ports open... ... mention fileshares in the subject and included the sbs machine in the ... internet account does not have access to the share on the sbs machine. ... the documents you want outside users to see to somewhere on the web server ...
    (microsoft.public.inetserver.iis.security)
  • Re: IIS 6 on SBS 2003 Standard Server
    ... but if you're SBS machine is doing the re-direct, you should not need to put ... If you want the 81 in there...just port forward directly from HW firewall to ... running Windows XP Pro. ...
    (microsoft.public.windows.server.sbs)
  • Re: Mutilple domain names on SBS
    ... So maybe the SBS machine ... connections and OWA because those ports might not be safe ... NIC with internet connectivity. ... >By hosting websites on the SBS you open the server to ...
    (microsoft.public.windows.server.sbs)