Re: Default Web Configuration/Status

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

SEE MY COMMENTS INSERTED BELOW IN CAPS.


"gbchriste" <gbchriste@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:E1B1A927-080E-403B-8E79-FE568D902051@xxxxxxxxxxxxxxxx
The conventional wisdom is that SBS should not host the organization's
public
web site.

In our case, www.mydomainname.org points to a publiclly hosted web site at
an external host. intranet.mydomainname.org points to my SBS host and MX
record.

THIS IS CORRECT AND THE WAY YOU SHOULD HAVE YOUR EXTERNAL COMPANY PUBLIC
WEBSITE SETUP.

If so, what should the operational status and configuration of the Default
Web Site be? If I browse to the default web site via
intranet.mydomainname.org from outside the LAN, I get the SBS Welcome
screen
with the links for My Company's Internal Web Site, Network Configuration
Wizard, Remote Web Workplace, and Information and Answers.

WHAT YOU ARE SEEING IS THE SBS COMPANYWEB THAT SHOULD BE ACCESSABLE
INTERNALLY BY HTTP://COMPANYWEB AND YOU SHOULD HAVE BOTH ANNONYMOUS AND
INTEGRATED WINDOWS AUTHENTICATION ENABLED. NO NEED FOR YOUR EMPLOYEES TO
HAVE TO BE AUTHENTICATED FROM ACCESSING INTERNALLY.

Seems to me those are things I don't want the public to see. I don't give
the intranet.mydomainname.org URL out to anyone outside the organization
but
someone could still find that server via IP address.

FOR THE COMPANYWEB TO ALLOW ACCESS EXTERNALLY YOU SHOULD NOT ENABLE
ANNONYMOUS AND ENABLE INTEGRATED WINDOWS AUTHENTICATION. THIS SHOULD BE
ACCESSABLE EXTERNALYY FROM HTTPS://FQDN OR EXTERNAL IPADDRESS:444

But don't I have to have the Default Web up and operating for my
organization users? The main item of interest is RWW. I can point them
to
http://intranet.mydomainname.org/remote to get there but they are still
coming in to the default web on port 80.

FOR REMOTE THEY SHOULD BE GETTING THERE EXTERNALLY FROM HTTPS://FQDN OR
EXTERNAL IPADDRESS/REMOTE AND FOR OWA THEY SHOULD BE GETTING THERE BY
HTTPS://FQDN OR EXTERNAL IPADDRESS/EXCHANGE

Do I need to edit the default welcome page to remove all those links and
just put a message that directs people to www.mydomainname.org at our
external web host? Any other suggestions for reducing or eliminating this
attack surface?

Thanks,



.

Relevant Pages

  • Re: Activesync by Air not working after adding second Sharepoint Site!
    ... companyweb web site has been disabled and Anonymous access has been ... Integrated Windows authentication and Anonymous access is disabled. ...
    (microsoft.public.windows.server.sbs)
  • RE: Stopping information leakage
    ... pass NetBIOS authentication information to the host site. ... e-mailed the owner of the web site, ... wireless LANs require network security policies ... that are enforced to protect WLANs from known vulnerabilities and threats. ...
    (Incidents)
  • Re: [Full-disclosure] metasploit.com = 127.0.0.1
    ... In the meantime, if you want to access the Metasploit web site, ... We also host the main web server for Attack Research, ... attack consisted of a botnet-sourced connection flood against port 80 for the ...
    (Full-Disclosure)
  • Re: 2 Subdomains - 1 IP Address
    ... it only works on that computer and is not a replacement for DNS. ... You do not need WWW in your web site ... The host value is next, ... Localhost defaults to 127.0.0.1 or the TCP/IP localloop ...
    (microsoft.public.inetserver.iis)
  • Re: Outlook with Outlook Express?
    ... I can't log on to my c/panel at the host, ... I entered what I thought the tech and I ... Outlook, Outlook Express, Windows Mail, or any other E-mail client ... which I think I'll need on my Web site. ...
    (microsoft.public.windows.vista.general)