Re: is Business Website through router forwading safe?
From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (sbradcpa_at_pacbell.net)
Date: 09/03/04
- Next message: rick926: "server reboots"
- Previous message: JohnB MSFT: "RE: Working with offline files issues"
- In reply to: Michael Appelmans: "Re: is Business Website through router forwading safe?"
- Next in thread: Michael Appelmans: "Re: is Business Website through router forwading safe?"
- Reply: Michael Appelmans: "Re: is Business Website through router forwading safe?"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 02 Sep 2004 22:13:52 -0700
Hun, if you can't afford patching tools, can you afford the risks?
If you live in California like I do, have two pieces of info on your
server [name and account/name and SS#] that could be used for identity
theft and some unauthorized person[s] get access to my box I am REQUIRED
to inform my clients.
Price of notification of my clients
Price of PR disaster
Price of HfnetchkPro 25 seats $620.
Which do you think I picked?
Next I don't have port 80 even open. My firm's web site is on an
outsourced web hoster. Do you HAVE to have your firm's web site on your
own box.
Risk analysis dear.
What data do you have.
What reasonable measures do you need to take to make your box secure?
Microsoft Patch Management, Security Updates, and Downloads:
http://www.microsoft.com/technet/security/topics/patch/default.mspx
Microsoft TechNet Security - Product Security Notification:
http://www.microsoft.com/technet/security/bulletin/notify.mspx
Next you do realize that there is a free hfnetchkpro for 1 server and 10
computers? You can't afford free to at least protect the server?
Michael Appelmans wrote:
> Thanks Susan. That's a lot to chew on. I had been relying on Windows
> update for patches. hfnetchkpro looks like the cat's meow but if you
> gotta ask how much it costs it probably isn't a solution for our very
> small business environment. I will look into SUS which is now WUS (what
> an acronym)?
>
> Also will subscribe to incidents.org. My users are gonna love me when I
> force them to adopt strong passwords.. err passPHRASES as they go
> remote. I had better find some more dice and hit DiceWords.com.
>
> Any links for security bulletins?
>
> Thanks for all the suggestions.
>
> Michael
>
>
> In article <evJHOYSkEHA.4092@TK2MSFTNGP10.phx.gbl>, sbradcpa@pacbell.net
> says...
>
>>Fact 80 is one of the most attacked ports
>>Fact IIS 6.0 has had VERY few vulnerabilitie [if any and is VERY rock solid]
>>Fact Is it a risk? Yes. But lets counter it shall we?
>>
>>Backups? Tested?
>>
>>Patching? Got SUS or hfnetchkpro?
>>
>>Signed up for security bulletins and know when they come out?
>>
>>Keep an eye on web happenings by subscribing to the RSS feeds from
>>www.incidents.org?
>>
>>Change those passPHRASES about every 90 days or so.
>>
>>
>>
>>Michael Appelmans wrote:
>>
>>
>>>I would like to open Business Website access through port forwarding so
>>>users can download the Connection Manager sbspackage.exe for VPN
>>>connections setup:
>>>
>>>If we have strong passwords is opening these ports safe?
>>>
>>>80 http
>>>443 https
>>>444 Sharepoint
>>>4125 Remote Web Workplace
>>>
>>>I'm just a bit nervous about exposing port 80 as this is not just a web
>>>server.
>>>
>>>Any comments on the security of this is appreciated.
>>>
>>>Michael
>>>
>>
>>
-- http://www.sbslinks.com/really.htm
- Next message: rick926: "server reboots"
- Previous message: JohnB MSFT: "RE: Working with offline files issues"
- In reply to: Michael Appelmans: "Re: is Business Website through router forwading safe?"
- Next in thread: Michael Appelmans: "Re: is Business Website through router forwading safe?"
- Reply: Michael Appelmans: "Re: is Business Website through router forwading safe?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
