Re: Using SBS 2003 for all remote access.
From: David Jones [MSFT] (dajones_at_online.microsoft.com)
Date: 06/29/04
- Next message: SuperGumby [SBS MVP]: "Re: Mutilple domain names on SBS"
- Previous message: Melinda: "Sending Email From Exchange"
- In reply to: anonymous_at_discussions.microsoft.com: "Re: Using SBS 2003 for all remote access."
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 29 Jun 2004 15:49:53 -0700
<anonymous@discussions.microsoft.com> wrote in message
news:230bb01c45e2a$10127920$a301280a@phx.gbl...
> Makes perfect sense, Yes of course only the ports needed
> for the services we need access to on the web side would
> be open and I assume the built in firewall will handle
> that. BTW I plan on using Terminal Services for any admin
> on the server itself as it will be in a cabinet in a co-
> lo facility. Will I have to make sure this is allowed in
> the firewall config or will the wizard handle this for me
> when I setup remote access?
>
> Thanks David.
>
> Bill
After the server is installed, there will be a wizard called "Connect to the
Internet" - during that wizard you'll be able to enable the built-in
firewall, and there's a checkbox you can check to allow Terminal Services
in.
So both, basically - the wizard will do it, but you just need to make sure
and check the box for TS, as it won't be selected by default.
David Jones
SBS Product Team
-- This posting is provided "AS IS" with no warranties, and confers no rights. > > > >-----Original Message----- > >> So above the built in firewall I should have another > >> piece of hardware between the SBS machine and the > >> internet? If I am allowing access to any ports open on > >> the web side of the SBS machine via the firewall anyway > >> how does it help? > >> > >> Bill > > > >If the SBS machine has 2 NICs, one connected to your > internal switch that > >gets blackholed, or to create an internal network, SBS > itself can configure > >a firewall, and you can then only allow the ports you > need to be opened. > >If the SBS machine has 1 NIC, SBS itself cannot > configure the built-in > >firewall, and you would definately need another piece of > hardware. > >You would not want to allow all ports from the Internet > to the SBS machine, > >that's the security risk I'm talking about. You would > only want the ports > >needed for what your users need, such as for VPN, the > web server, Outlook > >over the Internet, etc. > > > >Adding another hardware firewall is an additional layer > of defense, but is > >not required if you let SBS configure the built-in > firewall. > > > >Does that make sense? > > > >David Jones > >SBS Product Team > >-- > >This posting is provided "AS IS" with no warranties, and > confers no rights. > > > > > ><anonymous@discussions.microsoft.com> wrote in message > >news:233ba01c45e25$4f592660$a501280a@phx.gbl... > >> > >> > >> >-----Original Message----- > >> >> I do not understand why have the second NIC connect > to > >> a > >> >> hub? Would I be configuring that NIC to be > the "local > >> >> network" and therefore all domain controller type > >> >> functions will use that NIC? The server already has > two > >> >> NICs and I have a managed switch in the cabinet. So > I > >> can > >> >> just connect that second NIC to a port in the switch > >> and > >> >> just block all outside access to that port. All of > the > >> >> other machines in the cabinet are Server 2003 Web > >> edition > >> >> to be used for serving out our networked > applications > >> and > >> >> web content we offer. They all have dual NICs so I > >> >> suppose I could configure the second NICs on all > >> machines > >> >> to be on an internal network and use some of the > >> >> functionality of the SBS machine for something. > What I > >> >> don't know at this time, possibly for setting up > >> network > >> >> shares of the drives for accesing them via the VPN > on > >> the > >> >> SBS machine. > >> > > >> > > >> >Blocking all outside access to that port in the switch > >> would work as well. > >> >Yes, basically, it would be to configure an "internal > >> network", so the > >> >domain controller functionality listens on that NIC, > and > >> SBS configures its > >> >own firewall to block access from external/Internet > >> sources to those ports. > >> >Configuring the second NICs on all the other machines > is > >> an option too, if > >> >you wanted any of the functionality gained from that. > >> Up to you really. > >> >The key thing with SBS is to just make sure there's an > >> active firewall up > >> >between it and the main Internet. > >> > > >> >David Jones > >> >SBS Product Team > >> > > >> >-- > >> >This posting is provided "AS IS" with no warranties, > and > >> confers no rights. > >> > > >> > > >> ><anonymous@discussions.microsoft.com> wrote in message > >> >news:231e501c45e13$e5786a00$a401280a@phx.gbl... > >> >> > >> >> >-----Original Message----- > >> >> >"Bill" <anonymous@discussions.microsoft.com> wrote > in > >> >> message > >> >> >news:2309d01c45e03$cd44fda0$a401280a@phx.gbl... > >> >> >> Are there any issues with using SBS 2003 Standard > >> for > >> >> >> remote access ONLY. All of our employees work > >> remotely > >> >> >> with broadband connections and right now we use a > >> POP > >> >> >> server for mail, a web based calander with way to > >> many > >> >> >> logins for scheduling, FTP for doocument transfer > >> and > >> >> AIM > >> >> >> for instant messaging. I would like to replace > all > >> of > >> >> >> those methods with SBS. I plan on setting up an > SBS > >> >> >> server in a co-location facility and have > everyone > >> >> access > >> >> >> it via VPN. Are there any issues with this? > >> >> > > >> >> >Hi Bill, > >> >> > > >> >> >In addition to what others have said, it is > extremely > >> >> important in this > >> >> >scenario for you to have a properly configured and > >> >> maintained firewall > >> >> >between the server and the Internet. Because SBS > must > >> >> be a domain > >> >> >controller, and the baggage that comes with that, > it > >> >> must have certain ports > >> >> >listening. Without a firewall, you risk exposing a > >> >> domain controller > >> >> >directly to the Internet, which is a major security > >> risk. > >> >> >This (the firewall) can be accomplished with a > >> hardware > >> >> device, or by using > >> >> >2 NICs in the server and putting the unused NIC on > a > >> >> dummy hub. There are > >> >> >additional ways to configure a firewall on the > server > >> >> while using only 1 > >> >> >NIC, but SBS will not configure it as such. > >> >> > > >> >> >David Jones > >> >> >SBS Product Team > >> >> > > >> >> > >> >> > >> >> Thanks for all the help guys! > >> >> > >> >> Bill > >> > > >> > > >> >. > >> > > > > > > >. > >
- Next message: SuperGumby [SBS MVP]: "Re: Mutilple domain names on SBS"
- Previous message: Melinda: "Sending Email From Exchange"
- In reply to: anonymous_at_discussions.microsoft.com: "Re: Using SBS 2003 for all remote access."
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
