[There's a reason that Yoda is the unofficial mascot of SBS.  Size indeed matters not.] So Dana in his blog asks for a SBS MVPer.... - THE OFFICIAL BLOG OF THE SBS DIVA
Thu, Aug 19 2004 12:45 bradley

So Dana in his blog asks for a SBS MVPer....

So Dana Epp in his excellent Security blog has a post today asking for a SBS MVP and I just pinged up Dana with an MVP in his area, Steven Banks and another MVP, Jeff Middleton as well and posted this as a comment to his blog:

As I said to Dana, I'd recommend ISA 2000 at this time as we SBSers won't get a wizardized ISA 2004 until SBS sp1 comes out which is waiting on Windows 2003 sp1 [got that roadmap?]

IMHO if you open up for OWA, you DON'T have to open up port 80, you can fully function with a port 443.  Opening up Sharepoint for annonymous access [oh yeah that is something that is optional and we can do that too] is what I think is our potentially weakest issue going on in the future.

Before I'd budget for RSA keyfobs, I'd budget for a patch management solution as WUS/MUS isn't ready and SUS is not enough.  I'm a died in the wool www.Shavlik.com gal myself.

Because we are all on one box, because we are doing OWA, we can't do high security hardening and we have to say with Enterprise or Legacy settings.  We track pretty closely as a matter of fact with those CIS benchmarks.

This one vendor did a "test" of security issues with SBS 2003 http://www.predatorwatch.com/vulnerability_alerts.html  the problem is they are/were scanning it for vulnerabilities from the inside where all our "squishy ports" are.  Thus this is a totally bogus analysis as it isn't looking at the machine from where the attackers would be seeing it as.  And yes, I've pinged those folks about the inaccuracy of their press release and they fail to respond.

Honestly, patching, antivirus, firewall AND Passphrases and we do just fine out here.


Filed under:

# re: So Dana in his blog asks for a SBS MVPer....

Thursday, August 19, 2004 5:11 PM by bradley

Hey Susan,

Thanks for all the communication today. I apologize for not getting back to you sooner, but I have been swamped checking out a lot of email on the subject from others, including yourself.

Instead of responding to everyone individually... I have constructed a post on my blog to explain what is going on. You can read it at: <A HREF="http://silverstr.ufies.org/blog/archives/000674.html">http://silverstr.ufies.org/blog/archives/000674.html</A>

Thank you again for the information, and the kind words about the blog. I do hope you will continue to enjoy and find use of it.