Re: Public Website on SBS 2003
- From: "Maxibo" <totallyanon@xxxxxxxxx>
- Date: Wed, 1 Mar 2006 22:04:57 -0000
Hi Sam
First and foremost, hosting and PROTECTING a website is specialist field and
needs specialist equipment to do it properly. This costs 0000's of $$$ / £££
etc.
As leythos says you need to open HTTP port to the www. Your website at an
ISP has only a few username / passwords. Your SBS has many username and
passwords increases potential for a hacker to get in. HTTP port is one of
the most probed ports out there. What else is on that server at your ISP,
certainly not your critical / confidential data. (ok, if you have a ' shop '
then there maybe customer infomation, but this is on an ISP setup).
How much do you think their equipment cost, hundreds of thousands if not
more, usually they are sitting in a data centre which has millions spent.
Do you have the backup facility ( or time for that fact) to fully test a
security patch before you put it on the live system, could you cope with a
DOS attack. Just a couple of issues to think about. An ISP has staff just
watching logs for attacks 24 / 7 . Nothing is 100% secure, except disconnect
from the internet / Lan , disable all external devices, cdrom, floppy, usb
and just maybe that would be secure... ;-).
Microsoft is correct that you can host a website but let me just ask, if you
have premium and sql installed, haven't put a password on the default SA
account, open port 80 and say for some reason have FTP anonymous connections
then I could create an administrative local user on your server and
potentially escalate this to a domain administrator. I couldn't do this at
an ISP as its not on a DC (usually apache or linux so wouldn't have a DC
....lol) Its stuff like this you have to be aware of. We have enough to learn
on the SBS box and the networking, let alone learning protecting a website.
If you hadn't put a password on the default SA account ( generally service
pack for sql hasn't been applied) and had ftp anonymous I need something
else to assist connections, you'd be surprised howmany client for microsoft
network settings are on servers internet connections.
BTW, I have some knowledge of hackers as we have to learn how they do it to
protect ourselves.... ;-)
Hope this has been of some use.
"Leythos" <void@xxxxxxxxxxx> wrote in message
news:z5oNf.112642$tK4.92432@xxxxxxxxxxxxxxxxxxxxxxxxx
In article <3A01F1E0-C3E6-4254-92D9-07A207D27BD4@xxxxxxxxxxxxx>,
Yosemite.Sam@xxxxxxxx says...
The Microsoft bragware about Windows SBS 2003 mentions several times that
you
can host your public web site. It already has Exchange/OWA facing the
internet, and with 2 network cards facing one out and one in is the
gateway/proxy for internal internet traffic. SharePoint and RWW are also
brag points.
So why is it that it SEEMS at least, that the general consensus of this
and
any other news groups I?ve watched seems to be that you are crazy to host
a
public web site on your SBS 2003 server.
I attended a Microsoft TS2 and asked the presenter about this and he
replied
that It should be safe enough. It was recommended to use a firewall
router
between the SBS and the internet, but just to help keep some of the load
off
the SBS internal firewall
Somebody clue me in.
Because you don't expose HTTP to the server - you only expose HTTPS and
other non-standard ports.
Exposing your DC to a public internet is always a bad idea, and with the
number of exploits, why would you want to expose HTTP to the public?
--
spam999free@xxxxxxxxxx
remove 999 in order to email me
.
- Prev by Date: sbs CAL's vs Windows 2003 CAL's
- Next by Date: Re: License Wizzard
- Previous by thread: sbs CAL's vs Windows 2003 CAL's
- Next by thread: Re: Public Website on SBS 2003
- Index(es):
Relevant Pages
|
