Re: 12 companies, 1 SBS2003 server continued...
From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (sbradcpa_at_pacbell.net)
Date: 11/14/04
- Next message: PhilipM: "SBS2003 XP1 clients and Windows Update"
- Previous message: Lanwench [MVP - Exchange]: "Re: is there a limit on SBS Exchange message store?"
- In reply to: SuperGumby [SBS MVP]: "Re: 12 companies, 1 SBS2003 server continued..."
- Next in thread: Jeff L: "Re: 12 companies, 1 SBS2003 server continued..."
- Messages sorted by: [ date ] [ thread ]
Date: Sun, 14 Nov 2004 06:49:30 -0800
I'm also concerned about all those third party apps that Novell has
bundled with this platform.
I've got 5 Novell servers that I don't have quite the knowledge of
vulnerabilities on [and beleive me no moving, running OS these days
doesn't have vulns], there's a web server [Apache] on that sucker that I
don't quite keep an eye on the vulnerabilities.. but I do know enough
that it is actually more vulnerable that IIS 6 right now based on
exploits in the wild.
I know that patches for Microsoft come out second Tuesday of the month.
When do Novell's?
I know that I have the expertise and paranoia to support and do a risk
analysis of Microsoft servers. I don't have that on Novell.
I'd way much rather protect and defend something I know than something I
don't.
I have contacts that keep me aware of what's going on in the Microsoft
security world. I have none in Novell.
I would have to get up to date on Zenworks, get information about the
mulitple applications on Novell's security issues. That's a learning curve
FatPipe Networks Fatpipe Internet v1.2
Pervasive SQL 2000i v7.9.4
Apache 2.0.45
Tomcat 4.1.27
CyberPatrol for Novell BorderManager
MySQL 4.0.16
PHP 4.2.3
OpenSSH 3.6.1
Per Secunia
http://secunia.com/product/73/
http://secunia.com/product/328/
http://secunia.com/product/404/
http://secunia.com/product/101/
I would be evaluating the ability for that product to be patched. Those
third party apps are where my weaknesses are. Does Novell SBS bundle
their patches... we don't have WUS yet... but we will. Right now I have
Shavlik that patches my fleet.
What keeps me safe is information, not technology.
SuperGumby [SBS MVP] wrote:
> your local workstations.
>
> Let me qualify that a little. If you have 5 internet facing servers you are
> increasing your external attack surface. If you have some form of firewall
> in front of those systems you are probably reducing the overall attack
> surface but now need to maintain 5 servers which may provide various
> services to external clients.
>
> I believe Susan, and I, are more worried about what we 'invite' into our
> networks. eg. The MD wants VPN access but doesn't want the hassle of
> clicking a connectoid icon, so we put a VPN capable router at his home.
> Unfortunately this gives his kid's PC access to his work network, and Simon
> the 7yr old has just discovered Kazzaa.
>
> Similarly, Simon's secretary, Steve, discovered this 'great new thingamabob'
> on the weekend, cut it to CD and walked into the office Monday morning. The
> moment he puts that CD in a work system Susan will beat him around the head
> with her rather dented 2*4.
>
>
> "ChrisS" <ChrisR@nospam.com> wrote in message
> news:#ORSm#iyEHA.3952@TK2MSFTNGP10.phx.gbl...
>
>>What attack surfaces ?
>>
>>My SBS2003 server is in a locked room.
>>Behiend a Linksys firewall router, Server with 2 NIC
>>and ISA firewall
>>
>>I'm secure - right ??
>>
>>If I now put 5 x SBS2003 in the room....
>>
>>Who's gonna attack ??
>>
>>
>>"Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa@pacbell.net>
>>wrote in message news:%23RSY2aeyEHA.1296@TK2MSFTNGP10.phx.gbl...
>>
>>>Like I said... 5 servers to me are attack surfaces..not flexibility ;-)
>>>
>>>ChrisS wrote:
>>>
>>>>I always keep an open mind - if I don't know something I check it out
>>>>I try not to make a judgement on something I don't know anything
>
> about.
>
>>>>Obviously coming from a Pure Accounting background
>>>>(I installed my 1st Windows 3 months ago - till then I was a 'simple'
>>
>>user
>>
>>>>even Excel was installed for me)
>>>>
>>>>I am NOT an expert like you - that's why I'm still learning and
>
> keeping
>
>>an
>>
>>>>open mind
>>>>----------------------
>>>>
>>>>5 boxes - Missed the point, didn't you???....
>>>>I think the guy was suggesting 5 boxes gives flexibility!!
>>>>
>>>>I thought it was a great idea - each user in a small 5 user company
>>
>>could
>>
>>>>have his own Server!!!
>>>>Actually - I'm kidding in case you get the wrong end of the stick
>>>>
>>>>However, I can see advantages splitting the load, not having all my
>
> eggs
>
>>in
>>
>>>>one basket, patching acn be
>>>>done in stages (although I belive you don't need a patch a day like
>>
>>Windows)
>>
>>>>He didn't suggest TS on a DC either!
>>>>
>>>>Security.. oh yes, MS is THE stuff right!!
>>>>
>>>>PS: Today I installed my 1st Novell Server
>>>>Everything went smoothly and worked 1st time - just like the SBS2003
>>>>There are a FEW things I didn't like but mostly a pleasent experience
>>>>I love the web based management using a single consistent interface
>>>>For larger sites or where flexibility is important Novell looks more
>>
>>capable
>>
>>>>Will be repeating this tomorrow on another Hard Disk as I intend to do
>
> a
>
>>>>report on the
>>>>experience - doubt anyone will be interested here!
>>>>
>>>>"Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]"
>
> <sbradcpa@pacbell.net>
>
>>>>wrote in message news:ev26CPayEHA.1524@TK2MSFTNGP09.phx.gbl...
>>>>
>>>>
>>>>>And you don't have Sharepoint and Zenworks it not an easy patch tool.
>>>>>
>>>>>I don't need 5 servers to worry about their security issues. That's 5
>>>>>more attack surfaces you need to worry about.
>>>>>
>>>>>And TS on a DC is not a good thing. I'm putting additional servers in
>>>>>my SBS network. I need more server space.
>>>>>
>>>>>ChrisS wrote:
>>>>>
>>>>>
>>>>>>After posting here - I also posted my question at a Novell Small
>>>>
>>>>Business
>>>>
>>>>
>>>>>>newgroup
>>>>>>see response below.
>>>>>>
>>>>>>I've been given a Evaluation copy which I will be installing in the
>>
>>next
>>
>>>>few
>>>>
>>>>
>>>>>>hours!
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>>>>>Response from newgroup at (NNTP)
>>>>>>
>>>>>>novell.support.netware.small-business.6x <<<<<
>>>>>>
>>>>>>I think we need to be careful here. It IS possible to add Windows
>>>>>>servers to an SBS2003 network and they can be either member servers
>
> or
>
>>>>>>domain controllers; however, it is only possible to have ONE SBS2003
>>>>>>server and the SBS2003 server must be a domain controller at the root
>>
>>of
>>
>>>>>>the Active Directory.
>>>>>>
>>>>>>The usefulness of additional Windows servers in a SBS2003 network is
>>>>>>questionable. All of the applications bundled with SBS2003 have to
>
> be
>
>>>>>>installed on the SBS2003 server. It is not possible to install, say,
>>>>>>the bundled MS Exchange, MS SQL Server or MS ISA Server on a separate
>>>>>>Windows 2003 Server Standard Edition. This obviously has performance
>>>>>>and security implications, because of the overhead imposed by the
>>
>>server
>>
>>>>>>being a domain controller and (if conected directly to the Internet
>>>>>>using ISA server) the issues of having a domain controller connected
>
> to
>
>>>>>>the 'net.
>>>>>>
>>>>>>The only obvious use for a Windows 2003 Server in an SBS2003 network
>
> is
>
>>>>>>as a Terminal Server. MS has prevented the use of Terminal Services
>
> on
>
>>>>>>SBS2003 servers (apparently) because of 'security issues'.
>>>>>>
>>>>>>With Novell SBS6.5, it is possible to install up to 5 servers in the
>>>>>>eDirectory tree. There are no additional server licences to buy, and
>>>>>>there is no restriction on how the bundled applications are deployed;
>>>>>>therefore it is possible to have separate file and print, email
>>>>>>(Groupwise), Database (MySQL) and Bordermanager servers if you wish.
>>
>>In
>>
>>>>>>addition, up to 100 users are supported vs MS SBS2003 75 users. If
>
> you
>
>>>>>>want to have a Terminal Server, then a Windows 2003 Server Standard
>>>>>>Edition can be installed with the Novell client to provide remote
>>
>>access
>>
>>>>>>to the Novell servers.
>>>>>>
>>>>>>With regard to Chris's project, I would say that Novell SBS6.5 offers
>>>>>>far greater flexibility and capacity to provide the IT services to
>
> the
>
>>>>>>occupants of his units. Separate organisations can easily be set up
>
> in
>
>>>>>>eDirectory and, as has already been pointed out, each can have its
>
> own
>
>>>>>>Groupwise Postoffice and Internet domain (or several domains for that
>>>>>>matter). Each organisation could be granted rights over its own
>>>>>>organisation object in eDirectory enabling them to administer their
>
> own
>
>>>>>>users, printers, volumes and even their own server if necessary (this
>>>>>>may be possible in SBS2003 - I'm not that much of an expert with AD).
>>>>>>
>>>>>>I have found this page a useful SBS2003 resource and since it is from
>>>>>>the horse's mouth, I assume the information is accurate:
>>>>>>
>>>>>>
>>>>
>>>>
> http://www.microsoft.com/windowsserver2003/sbs/techinfo/overview/generalfaq.mspx
>
>>>>>>
>>>>>--
>>>>>http://www.sbslinks.com/really.htm
>>>>>http://www.msmvps.com/bradley
>>>>>https://www.ecora.com/ecora/jump/pm99.asp
>>>>
>>>>
>>>>
>>>--
>>>http://www.sbslinks.com/really.htm
>>>http://www.msmvps.com/bradley
>>>https://www.ecora.com/ecora/jump/pm99.asp
>>
>>
>
>
-- http://www.sbslinks.com/really.htm http://www.msmvps.com/bradley https://www.ecora.com/ecora/jump/pm99.asp
- Next message: PhilipM: "SBS2003 XP1 clients and Windows Update"
- Previous message: Lanwench [MVP - Exchange]: "Re: is there a limit on SBS Exchange message store?"
- In reply to: SuperGumby [SBS MVP]: "Re: 12 companies, 1 SBS2003 server continued..."
- Next in thread: Jeff L: "Re: 12 companies, 1 SBS2003 server continued..."
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
