RE: Web Server on SBS Domain

Hello Tony,

Thanks for helping me out. Any suggestions on a low cost appliance that
would work well? What sort of setting should I have configured?

Thanks,

Andrew

"Tony Su" wrote:

> Andrew,
> Typically the best and most practical approach is to Web Publish your
> webserver behind your SBS just like how the SBS Setup configures RWW and OWA.
>
> By doing so, you are able to take advantage of ISA's special application
> filtering capabilities, which can be especially important today considering
> the increasing number of exploits over port 80.
>
> The architecture you're suggesting has the following drawbacks
> - You didn't specify a firewall ahead of your webserver, did you intend for
> it to be naked?
> - A VPN connecting a highly exposed target to your private network is not
> the best idea.
>
> An alternative that is something like what you describe but much better is a
> back to back FW DMZ... a FW in front that controls what traffic can touch
> your webserver in the DMZ and what traffic might be forwarded to a second
> firewall between your Webserver and your LAN. There are plenty of
> descriptions on the Internet if you want to consider that... but...
>
> IMO you'll be fine simply relying only on ISA (maybe a small appliance in
> front of your SBServer, too) to Web Publish your solution. This is also your
> easiest to set up because your webserver will reside in your LAN (not another
> zone), so your Webserver<>SQL security can be setup easily without having to
> cross firewalls.
>
> Tony
>
>
>
>
>
>
> "Andrew CC" wrote:
>
> > Hello everyone,
> >
> > Im currently running a web server box in my SBS2003 domain. Ive setup the
> > ISA server to allow this. I know that this may not be the best idea. The
> > ecommerce software I use needs the server to access the sql server on the SBS
> > 2003 box. I was thinking of taking the web server off the domain and
> > connecting it directly to the internet and creating a vpn attached to the
> > local network so the SBS server and Web server can exchange information.
> > Here are the questions I have:
> >
> > 1. Is this a good setup? What type of vpn should I use?
> > 2. Should I do the VPN over the internet or should I connect the computers
> > together (crosswire cable) for increased speed and security and run the vpn
> > that way?
> >
> >
> >
> >
> > --------- N2
> > | N1 SBS2003 (ISAserver2000+SQL)
> > | |
> > VPN Router
> > | |
> > | N1
> > |--------N2 Web Server
> >
> > N1 – Network Card 1
> > N2 – Network Card 2
> >
.

Relevant Pages

  • Re: Basic Question (dumb) regarding security
    ... It is not ok to host a public website on your SBS, but it is ok to host ... setup the network and the webserver properly so that only appropriate ... It would be less secure or meaningful to open more holes in ISA so ... Since ISA is an application server, ...
    (microsoft.public.windows.server.sbs)
  • RE: Web Server on SBS Domain
    ... webserver behind your SBS just like how the SBS Setup configures RWW and OWA. ... > Im currently running a web server box in my SBS2003 domain. ...
    (microsoft.public.windows.server.sbs)
  • Re: Hosting a public website on SBS 2003... opinions?
    ... to protect and monitor these systems, my clients don't wish to purchase ... Should a webserver vulnerability be found the services are able to address ... it without my client's staff being without the server while it restarts. ... All that said, I run my own sites on the LoungeAN SBS, both sisters complain ...
    (microsoft.public.windows.server.sbs)
  • Re: WWW on SBS2k3
    ... any Server application ... The world is moving towards operating over port 80 (and ... this is where I believe the future of SBS must ... >> Do not run a public web server on a DC. ...
    (microsoft.public.windows.server.sbs)
  • Re: hosting business card web site in SBS 2003 OK?
    ... MSR Consulting SBS Support wrote: ... inherently insecure because of exploits that are known in IIS. ... then the security of the server drops ... A compromise of the web server means there is no longer a firewall. ...
    (microsoft.public.windows.server.sbs)
Loading