Securing SBS 2003

TheMSsForum.com: The Microsoft Software Forum

I've been looking for an article or white paper on how to secure a SBS server that is connected to the internet. There is a router between the Internet and the SBS. The issue that concerns me is that for external email to work, port 25 has to be open to the server. Also, to allow webmail, port 80 has to be open to the server. Obviously we have a static NAT setup so that anything hitting either port on the router is forwarded to the server. How secure is this? How can it be better secured

Thanks in Advance
Scott
Top

Re: Securing SBS 2003 by Jim

Jim
Fri Feb 27 22:44:56 CST 2004

Microsoft has some SBS specific security articles. Search over at
www.microsoft.com/sbserver I found this link
http://support.microsoft.com/default.aspx?scid=kb;EN-US;303323

A server that has no voltage running in it is pretty secure. Port 25
open is a small risk. You don't have to open 80 for webmail. Chad has
an article about SSL for OWA. Maybe at www.smallbizserver.net or
www.sbslinks.com

On the better routers I forward the ports I want to use like pptp,
1723, 25, 80, 443, 444, 3389 and whatever else I might need. Or maybe
less at some accounts.

"Scott" <s.carver@ncct.net> wrote:

>I've been looking for an article or white paper on how to secure a SBS server that is connected to the internet. There is a router between the Internet and the SBS. The issue that concerns me is that for external email to work, port 25 has to be open to the server. Also, to allow webmail, port 80 has to be open to the server. Obviously we have a static NAT setup so that anything hitting either port on the router is forwarded to the server. How secure is this? How can it be better secured?
>
>Thanks in Advance,
>Scott

Jim B. SBS MVP
remove the mvp to send email
Top

Re: Securing SBS 2003 by Susan

Susan
Fri Feb 27 23:46:32 CST 2004

This document helps you to more securely configure your Microsoft®
Windows® Small Business Server 2003 network. Completing the tasks in
this document helps you protect the availability, integrity, and
confidentiality of your network.
http://www.microsoft.com/downloads/details.aspx?familyid=f62b2722-267c-4642-b287-c31115ef10a4

This document helps you plan, install, deploy, and test Software Update
Services (SUS) Server 1.0 in order to update your Windows® Small
Business Server 2003 network.
http://www.microsoft.com/downloads/details.aspx?familyid=5f1cc6f0-79b7-4a95-bcab-49bee6d5df13

Patch, Firewall, Antivirus.

You can have your OWA only go through 443 rather than 80.

Jim Behning wrote:
> Microsoft has some SBS specific security articles. Search over at
> www.microsoft.com/sbserver I found this link
> http://support.microsoft.com/default.aspx?scid=kb;EN-US;303323
>
> A server that has no voltage running in it is pretty secure. Port 25
> open is a small risk. You don't have to open 80 for webmail. Chad has
> an article about SSL for OWA. Maybe at www.smallbizserver.net or
> www.sbslinks.com
>
> On the better routers I forward the ports I want to use like pptp,
> 1723, 25, 80, 443, 444, 3389 and whatever else I might need. Or maybe
> less at some accounts.
>
> "Scott" <s.carver@ncct.net> wrote:
>
>
>>I've been looking for an article or white paper on how to secure a SBS server that is connected to the internet. There is a router between the Internet and the SBS. The issue that concerns me is that for external email to work, port 25 has to be open to the server. Also, to allow webmail, port 80 has to be open to the server. Obviously we have a static NAT setup so that anything hitting either port on the router is forwarded to the server. How secure is this? How can it be better secured?
>>
>>Thanks in Advance,
>>Scott
>
>
> Jim B. SBS MVP
> remove the mvp to send email

--
http://www.sbslinks.com/really.htm

Top

Re: Securing SBS 2003 by Mark

Mark
Sun Feb 29 20:23:32 CST 2004

port 80 open is not going to securing your server! I would start there. I
don't like 25 open, but that's me.

--
Sincerely,
Mark Mancini, CCA, CCNA, Master CIW&CI, CNE 4&5, MCSE+I 4&2000
www.MCSE2000.com
www.AppLauncher.com



"Scott" <s.carver@ncct.net> wrote in message
news:42075E6A-6E23-4CFB-BA12-F69A5F5AC2E5@microsoft.com...
> I've been looking for an article or white paper on how to secure a SBS
server that is connected to the internet. There is a router between the
Internet and the SBS. The issue that concerns me is that for external email
to work, port 25 has to be open to the server. Also, to allow webmail, port
80 has to be open to the server. Obviously we have a static NAT setup so
that anything hitting either port on the router is forwarded to the server.
How secure is this? How can it be better secured?
>
> Thanks in Advance,
> Scott


Top

Re: Securing SBS 2003 by Susan

Susan
Sun Feb 29 21:11:10 CST 2004

Honestly you have way more anti-spam tools with hosting your own email
than outsourcing it. A patched server, and strong password/passphrase
go a long way to secure servers.

Mark Mancini wrote:

> port 80 open is not going to securing your server! I would start there. I
> don't like 25 open, but that's me.
>

--
http://www.sbslinks.com/really.htm

Top

RE: Securing SBS 2003 by s

s
Mon Mar 01 19:31:07 CST 2004

Thanks for "ya'lls" input. We do have complex passwords in place for every account that we have on our server. I have only opened forwarded port 443 on our firewall. I will be looking through the links and see what else I can come up with. Again, Thanks for the info

Scott
Top