Re: Build and publish asp .Net Website

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (sbradcpa_at_pacbell.net)
Date: 07/22/04 

Date: Wed, 21 Jul 2004 19:16:00 -0700

Well it's not the domain controller and they don't suddenly have your
entire AD structure as well.

While hacked is hacked... the issue is limit the damage.

Think in terms of a forest. You know that this one area just gets
NAILED with thunderstorms every near. And every year there is a
lightening strike that burns whatever vegitation is in that area.

You building a campsite in that area? Or are you going to build a burn
zone between you and that area ensuring that even if it gets zapped
again, you will be protected by a buffer zone of area that has no fuel
to feed the fire.

Which would you rather have?

Web server with a DMZ with a SBS 2003/firewall/perhaps IPsec filters,
you name it

or a SBS 2003?

Also you guys are not looking at it from what "kind" of data is in that
database. Is the application itself built securely. What 7 out of 9
web apps can be nailed per last I read? SQL injection attacks are much
more often these days.

In my biz [chicken little that I am] there is NO WAY you would EVER get
me to host a web site on my server. I have too much fidiciary
responsibility for my client's data. It's soooo much cheaper for me to
remove the risk completely that it's not funny. It's a no brainer. But
each industry is different and if you are in a development kind of
company you may want the experience.

Again.. what kind of data will be on that server.

Open Hack IV they secured a Win2k box with SQL on it without a firewall
with merely IPSEC.

We don't do that around here in SBS land. At the same time... we don't
get specificially targeted. We're roadkill.

If you cannot answer the following questions, you shouldn't be hosting a
web site on your SBS box:

1. Typically what exact day of the week do security bulletins come out?

2. What programs are not patched if you only use Windows Update?

3. What log files [or report] should you review on a regular basis?

4. Do you know for certain that the backup last night was successful?

5. If you don't know in what position the Security reading is on the
"to do" list is because you never read it in the first place.......

Susan
[chicken little]

anonymous@discussions.microsoft.com wrote:

> I'm agree with you. What is the difference between
> hosting a website on Small Business Server Premium and
> hosting on Windows 2003 Server + SQL Server ? If server
> is hacked, on both case you are hacked ...
>
>
>>-----Original Message-----
>>Sometime I'd like to see a paper created which clearly
>>outlines recommended procedures for doing things like
>
> this.
>
>>I don't think that there is any doubt that publishing
>
> your
>
>>own website in an SBServer network can be done and done
>>safely/securely, it's just a matter of knowing what
>>configurations put you at certain risk.
>>
>>So, for instance... if someone deployed a single, simple
>>HTML page with no script code <on> SBServer and
>
> Published
>
>>it using the Businesscard Publishing rule... would you
>>really be able to offer a convincing arguement that this
>>one page would put you at equal or greater risk than OWA?
>>
>>And, depending on the situation I would also suggest
>
> that
>
>>an economic and common sense case can be made to prefer
>>self-hosting if people knew how to do it properly.
>>
>>Tony Su
>>
>>
>>
>>
>>
>>
>>>-----Original Message-----
>>>Hi - you can but I don't recommend hosting a public
>>
>>website on any server on
>>
>>>your LAN, especially not your DC. Given how inexpensive
>>
>>external hosting
>>
>>>accounts are, you're much better off going that route
>
>>from a
>
>>>security/resource perspective.
>>>
>>>
>>>anonymous@discussions.microsoft.com wrote:
>>>
>>>>Can I host my own website(www.mywebsite.com) on Small
>>>>Business Server 2003 ? (like other Windows Server
>
> 2003)
>
>>>>Thanks in advance for your answer.
>>>
>>>
>>>.
>>>
>>
>>.
>> 

-- 
http://www.sbslinks.com/really.htm

Relevant Pages

  • RE: ICW Problem Error 0x80072581 Deleting the DNS record external NIC
    ... Make sure your SBS internal and external network interface DNS is ... Do you have any site hosted in the SBS server other than the four ... Check if the PUBLISHING record in DNS is an A record. ... check to see if there is a name record 'publishing'. ...
    (microsoft.public.windows.server.sbs)
  • Re: publishing multiple websites in ISA 2004
    ... Les Connor [SBS Community Member - SBS MVP] ... > hosted off of a second server that is a member server in the network. ... We can publish multiple internal websites through ISA ... > 816576 How to create a new virtual server or Web site in Internet ...
    (microsoft.public.windows.server.sbs)
  • RE: asp pages error
    ... I understand that you have installed some additional web sites on the SBS ... We strongly suggest customer that use an individual IIS server to hold ... Hosting a new web site ... This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)
  • Re: publishing multiple websites in ISA 2004
    ... hosted off of a second server that is a member server in the network. ... We can publish multiple internal websites through ISA ... INSIDE OF SBS NETWORK, IS SAFER THAN JUST ON THE SBS/ISA BOX, CORRECT? ... 816576 How to create a new virtual server or Web site in Internet ...
    (microsoft.public.windows.server.sbs)
  • Re: WSUS Client not yet reported
    ... having the web sites of "Default Web Site", ... In SBS R2, ... I would like to confirm how did you install WSS 3.0 on the SBS server? ... Microsoft Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)