Re: isaserver.org gets SBS friendly

Frank,

I appreciate your comment. Let me take your metaphor a little further.
What you're suggesting is that I buy your convertible because it will take
me down the road and it's cheaper than a car with a roof. When I get down
the road and it starts raining, the roof does not come out, I get soaked,
and my electronics burn out, and I'm stranded by the roadside.

Taking that one step further, I come back to you and say "well this won't
work for me, because I want to drive AND stay dry." However, I can't return
the car, and I can't upgrade the car for a discount. I have to put the car
in the field and buy the car I really needed in the first place, spending
more than I would have anyway.

I appreciate the work they have done with SBS. A rose by any other name is
still a rose, and putting multiple services on the same platform is still
bad news.

Microsoft says SBS will run your business web site. However, they do not
say that this web site is more vulnerable to attack than any other IIS
implementation. Other MVP's say themselves that you should not run IIS
publically with SBS. It's a security risk. Why market it that way?

SBS might meet the budget needs of small business, but it snowballs
technology neophytes into a product which flaunts many features but in fact
only delivers on half, and does so with frequent downtime and unpatchable
vulnerabilities.

When you market a product to do something, and imply (by your brand), that
it is of high quality; then fail to deliver those features, knowingly
distribute it against common security practice, and furthermore do not have
an upgrade path out of that product line: it's at best misrepresentative,
and at it's worst criminal.



"Frank McCallister SBS MVP" <anonymous> wrote in message
news:ew3OoKZqFHA.616@xxxxxxxxxxxxxxxxxxxxxxx
> Hi David
>
> I own a convertible and that is kind of like saying I shouldn't lock my
> car because the thief will just cut the top :>) SBS Development team has
> put a great deal of time and research into integrating the extra products
> into SBS for just that, small businesses. Granted in a perfect world or
> unlimited budget we would have a separate server for each function,
> Exchange, ISA, AD, Sharepoint, etc. This meets the Enterprise standard.
> SBS meets the budget needs for small businesses with 5 - 75 users who also
> have need for firewalls to protect their data. When SBS migrated from
> W2000 to W2003 MS did remove one major security risk by removing TS App
> mode from the server and required a member server for this function. They
> added Remote Web Workplace (unique to SBS) so that a TS would not be
> required in many cases.
>
> --
> Frank McCallister SBS MVP
> COMPUMAC
> "Dvord Direwood" <dvord@xxxxxxxxxxx> wrote in message
> news:%23w2$Y8YqFHA.2696@xxxxxxxxxxxxxxxxxxxxxxx
>> I'm pretty dubious about that myself, since a well-known,
>> not-to-be-named-by-me MVP committed to security has said that Domain
>> Controllers and ISA Services DO NOT MIX. If isserver.org is really
>> committed to security, I don't see why they should support SBS unless
>> Microsoft has changed SBS to allow ISA to NOT run on the same box as the
>> DC.
>>
>>
>> "Steve Flynn" <steve@xxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:e9omEuYqFHA.2076@xxxxxxxxxxxxxxxxxxxxxxx
>>> Hi all,
>>>
>>> There is a new article (and promised future series of articles) at
>>> http://www.isaserver.org/articles/200sbsinstallpart1.html on running ISA
>>> server 2004 on SBS 2004 SP1.
>>>
>>> Well worth a read for SBS admins, written by Tom Schinder, one of the
>>> top ISA gurus. It's interesting to get the view from a dedicated
>>> ISA/firewall person on the security compromises we have to live with in
>>> the SBS community running everything on the one box. Schinder admits
>>> that isaserver.org has not always been the friendliest place in the past
>>> for SBS and promises this will change in future, which is a good thing
>>> because isaserver.org has always been one of the best resources for ISA
>>> server related info and promises to be even more useful in future with
>>> more content on SBS/ISA scenarios.
>>>
>>> Regards
>>>
>>> Steve Flynn
>>> MCSE, MCDBA
>>>
>>
>>
>
>


.

Relevant Pages

  • Re: RWW Timing
    ... If you have installed ISA, ... Expand the server node and highlight ''Monitoring''. ... In the following website you can find many useful resources related to SBS ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • Re: DHCP Issues. Very strange
    ... default order of rule in ISA 2004. ... Windows SharePoint Services intranet site, ... server certificate on Web server name column and then click Next. ... This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)
  • Re: SBS VPN setup?
    ... The 2-nic configuration is used when the SBS server will *also* act as your network's firewall. ... You purchase 2k3 PREMIUM and that comes with ISA to handle the firewall duties. ... To compare apples to apples, let us assume there is a network setup as I outlined above...and the firewall appliance is an ISA server, such as those available from Celestix. ...
    (microsoft.public.windows.server.sbs)
  • RE: ISA access rules, help
    ... please let me know whether you're using ISA 2000 or ISA 2004 ... (SBS SP0 or SBS SP1). ... the ISA server will not be used as a proxy server. ... Since SBS already used port 80, ...
    (microsoft.public.windows.server.sbs)
  • Re: SBS Advice Please
    ... Notice that the netgear router will be infront of ISA. ... Javier [SBS MVP] ... > SQL server as it is the protected patient data. ... >> always keeps a copy of the profiles (even if you are using roaming ...
    (microsoft.public.windows.server.sbs)