Re: New server todo list

To each their own. I won't use FTP on an SBS box. Instead I transfer any files via RWW.
"Rosewood" <rosewood@xxxxxxxxxxxxxxxxxxxx> wrote in message news:A4607747-C86E-43BF-A526-4C60A9DB3D7F@xxxxxxxxxxxxxxxx
But that same attack vector (aka ddos, or whatever) would still be available via port 443.

I do FTP access because if I need to xfer files, there is no better way than FTP. If there was a way to make IIS use SFTP, I would but I've never seen that option.
"Steve" <newsgroup@xxxxxxxxxx> wrote in message news:OXuNrcjVIHA.4740@xxxxxxxxxxxxxxxxxxxxxxx
Its a security risk to run a public facing web site on SBS which has business critical data and running the risk of an attack that would bring down the entire server. Therefore port 80 should be closed. Port 21 (FTP) should also be closed and no public FTP server run on SBS.

"Rosewood" <rosewood@xxxxxxxxxxxxxxxxxxxx> wrote in message news:302CA736-6C5D-4E83-A3D1-E6C8F11D860F@xxxxxxxxxxxxxxxx
Explain this one to me please. (I mean other than you don't want people using RWW, OWA, etc. w/o SSL)

I often setup a simple company internet website on port 80. Is this in some kind of TOS violation with IIS or something?

Also, on RWW and OWA when you go to the non encrypted site, it always forwards you to the encrypted site. I've made my life easier by having it enabled b/c even if I tell them https://site.com/remote they still go to http://site.com/remote

So is there some reason other than passwords in the clear that you don't want port forwarded?

Thanks for the discussion
"Cris Hanna [SBS-MVP]" <crisnospamhanna@xxxxxxxxxxxxxxxxxxxxx> wrote in message news:%23LQdVFjVIHA.1204@xxxxxxxxxxxxxxxxxxxxxxx
More importantly Port 80 should not be open/forwarded at all!

--
Cris Hanna [SBS - MVP]
-----------------------------------------------------------
MVPs Do Not Work for Microsoft
Please do not contact me directly regarding issues
"Claus" <cjobes@xxxxxxxxxxxxx> wrote in message news:uLfOWxiVIHA.4972@xxxxxxxxxxxxxxxxxxxxxxx
Pretty good list. The only thing that jumps out is forwarding port 80. You
don't need it and you shouldn't open it. Some people in the group will argue
that 3389 shouldn't be open either. I personally like it as a second door
and with a strong password I don't really see a risk there.

One other item: I would install Exchange SP2 before installing the Server
SP2....and do have the fixes on hand that you might need to apply after
installing the server sp2 on an SBS box.

--
Claus
"Rosewood" <rosewood@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:2CB0448F-E398-4633-A2A6-BF146C0CD5FC@xxxxxxxxxxxxxxxx
> I've always liked the To Do list in Server Management in SBS2003. I also
> developed my own to do list and I found myself setting up a server for the
> first time in awhile this weekend and wanted some feedback and
> suggestions.
>
> Obviously you start with the install of SBS2003.
> I make sure to forward ports 3389 (RDP) 1723 (VPN PPTP) 443 (HTTPS) 80
> (HTTP) 25 (SMTP) 21 (FTP)
> Server 2003 SP2
> Exchange 2003 SP2
> Windows Update until no more updates left
>
> Set up Exchange 2003 for Spam filtering (IMF set to 8, Reject 5, add
> connection filtering, add relays.ordb.org bl.spamcop.net
> sbl-xbl.spamhaus.org )
> Make sure that SMTP connector to always run under delivery options
> Turn on message logging and SMTP logging
> Increase the storage and send and receive limits
>
> Go through the SBS2003 Todo list for the VPN, the Monitoring and Backup
> I add FTP through add/remove programs, then I make sure I turn off Anon
> access and make sure I turn on write access
>
> Configure my docs and desktop redirection
>
> Install SAV and then install SAV on all clients
>
> Install all apps on the clients
>
> Run one last pass of updates
> ----
>
> So, what obvious stuff am I missing?
> What other things should I be installing / configuring?
>
> Thanks for the feedback. I hope this can also be helpful to some.

Relevant Pages

  • CLOSING: Norton Personal Firewall 2003
    ... go back to NPF2002 because it detects port scans, ... wrong during uninstall, install or setup of rules and programs and what ... Just created a ghost from my present system on my "server" (which is ... I'll think i'll wait for Symantec to respond. ...
    (comp.security.firewalls)
  • Re: Installing WSS3 on remote SQL Server 2005 & Different Internet
    ... Well primarily DNN has been slow in its response time when I request a page. ... installing on should only be a front-end server. ... Not sure about the port. ... I'm attempting to install the recently released Windows Sharepoint Services ...
    (microsoft.public.sharepoint.windowsservices)
  • Re: Installing WSS3 on remote SQL Server 2005 & Different Internet
    ... I was going to use DotNetNuke for our intranet, but WSS3 is here, and I'm ... installing on should only be a front-end server. ... Not sure about the port. ... I'm attempting to install the recently released Windows Sharepoint Services ...
    (microsoft.public.sharepoint.windowsservices)
  • Re: Microsoft FTP Server problem on W2K?
    ... I have technical responsibility for this FTP implementation, ... Since PASV voids PORT, the client side ... connect to the server from" isn't implied by the text of the RFC. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Some questions
    ... > using my ftp software behind my router. ... > issued to server by the client. ... When PORT is used: ... > Can you give me a command line used in a browser to explain me what is the ...
    (comp.security.firewalls)