[There's a reason that Yoda is the unofficial mascot of SBS. Size indeed matters not.] Websites on SBS - THE OFFICIAL BLOG OF THE SBS DIVA
Tue, Apr 25 2006 23:25 bradley

Websites on SBS

Susan, I haven't been able to find much on this. Have you written anything on whether it is safe to host a public anonymous website on a SBS server? If it's safe to do so, where can I find something on best practices?

 

Well it depends.....would "I" host a public website on my SBS box?  Heck no.  Why?  Because of the data on my box is why. 

 

What's the important thing to remember about doing this?

 

It's about the data ..... what is on that box?  Know that you need to patch soon after patch Tuesday...know that you need to ensure you have a good firewall.. and no folks.. having servers with merely Windows Firewall is not good enough.. you need to have auditing enabled.... mind you that a SBS box with all it's defaults and ISA and daily email and the addition of Dana's Firewall Dashboard (which isn't just a tool for ISA by the way...) could make for a well monitored website... but it honestly comes down to that data.  There is more risk with port 80 open.  There is more risk hosting a public website, putting out the welcome mat for any and all... so the "best practice" in doing it on a SBS box?

 

Ask yourself if the data on that box requires extra paranoia and proper protection.  If it does... then maybe hosting a web site on a domain controller isn't the wise thing to do....

Filed under: ,

# re: Websites on SBS

Wednesday, April 26, 2006 4:19 AM by TechSoEasy - Jeffrey B. Kane

What most people forget or don't realize is that you don't need to use a "server" to host a public website. If it's a fairly simple site, you can easily use an old Pentium III machine running Windows XP Pro and IIS 6.0 -- with that machine placed on the Perimeter of the LAN in a DMZ.

But I generally don't even know why most people would want to do that... considering that many ISP's offer hosting along with DSL service these days. Most all of my clients use http://Sonic.net which for around $60.00 per month offers 6.0mbps ADSL along with a web hosting package, and MX backup. Seems like that would be a smarter decision than taking the risk of having your SBS box open to unauthenticated traffic. Not to mention the drag it could cause on your server's resources and bandwidth.

Jeffrey B. Kane
TechSoEasy - NetSoEasy

# re: Websites on SBS

Wednesday, April 26, 2006 10:47 AM by mark

A little confusion then...Every time I see a document about RWW, needed ports include 80, including the presentation "Microsoft Windows Small Business Server 2003 Remote Web Workplace feature overview" by Frank Brown & Ray Fong. So is this not true? Apparently not 80, since I just closed it and can still connect. But 443 appears to be required, that is unless I change it to 444.
So what's the deal...exactly what ports really are needed for RWW?

# re: Websites on SBS

Wednesday, April 26, 2006 11:43 AM by Paul Bishop

RRW nees 443 and 4125.

This is all I open as standard and will work as long as your users know they have to enter HTTPS:// to access the RRW

If you open port 80 then they can just enter http and it will direct them to the secure site automatically.

Port 444 is required to make your Sharepoint site accessable from the outside. As standard this does require a valid domain username and password to access it but there are many things you can do to change the behavour of your sharepoint.

# re: Websites on SBS

Wednesday, April 26, 2006 12:16 PM by mark

ah ha! OK, I now see why it's in the list (or at least one possible)...for RPC over HTTP for remote Outlook users. I assume that's probably changeable too though. I'll dig some more. Thanks