Re: Running a web server on an SBS network !

Tech-Archive recommends: Fix windows errors by optimizing your registry

While I absolutely agree with the general consensus, I must offer an execption. That is that everyone has different requirments, and that the needs of the organization must provide the solution.

For example, I know of a case where the LOB (line of business) software collects info from the web site to feed managment information that drives their business. This is accomplished by using ISA to publish the web site on a member server on the LAN.

There is virtually no public access to this web site, it is used by the employees and contractors to report the activities of the business. It "could" be accessed by ip only (although it is not, since it serves some communication functions with potential clients of the business).

MS says that this is a secure as we can be without sacrificing the intelligence needed to run the business.

Based on the needs of the business, it makes no sense to say "Under no circumstances run a public web site on your LAN".

Anna Clark


"Cris Hanna (SBS-MVP)" <crisnospamhanna@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:e1XedlvxGHA.4240@xxxxxxxxxxxxxxxxxxxxxxx
If you absolutely must...and we don't recommend or suggest it....DMZ is the only way

--
Cris Hanna [SBS-MVP]
--------------------------------------
Please do not respond directly to me, but only post in the newsgroup so all can take advantage
"Blenky" <sblenkhorn@xxxxxxxxx> wrote in message news:1156364427.546166.296300@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

What type of hardware firewall do you have? My suggestion is to never
put a public web server on the same network as your internal network.
If your firewall is capable of having a separate network (DMZ) then I
would it up there and have a completely different network (subnet)
defined. That way even if the system is compromised, they have not
gained access to your internal network.

Sean


Roger Cook wrote:
> If it was desired to run a web server on a separate box on an SBS 2003
> network (currently no ISA - a single NIC and a hardware firewall) what
> would be the best approach ? - install a second NIC, ISA server and set up a
> screened subnet between the SBS box and the exterior firewall putting the
> web server on the WAN side of the SBS/ISA server?
>
> Roger Cook

Relevant Pages

  • Re: Security risks when running IIS without static ip as localhost
    ... > access this web server, it is purely for developing asp pages which will ... > network to a security risk. ... For example, one vector of compromise is someone receives, say, a worm email ...
    (microsoft.public.inetserver.iis.security)
  • Re: How vulnerable server will become if placed on DMZ ?
    ... >> I have a type of Web Server. ... > protect your internal network from a compromised web server. ... A DMZ can ... > network as compared to what you probably have now, a single firewall. ...
    (microsoft.public.win2000.security)
  • Re: oops again
    ... > When you want expose the web server on the local network to the internet, ... > to the internal IP of your web server. ... > You configure the Firewall on the Router to just block every single port. ... > network but does not prevent your PCs from contacting the Internet. ...
    (microsoft.public.inetserver.iis)
  • Re: NAT Settings for exposing an internal web server to the outside world?
    ... However the client machines that are trying to access the web server are behind the same router. ... Network A: 192.168.6.0/24 Call this the backbone network. ... 192.168.12.0/24 network containing the client machines that are trying to access the web server. ...
    (microsoft.public.windows.server.networking)
  • Internet Explorer, ICMP Redirect
    ... Subject: Internet Explorer, ICMP Redirect ... What could prevent transmissions from a client running Internet Explorer to ... -This client is on a private RFC 1918 network. ... -The web server network is reachable via a router on the "internal" network. ...
    (Focus-Microsoft)