How to Maintain a Secure Small Business Server Installation

Article translations Article translations
Article ID: 303323 - View products that this article applies to.
This article was previously published under Q303323
This article has been archived. It is offered "as is" and will no longer be updated.
Expand all | Collapse all

On This Page

Summary

This article describes how to maintain a secure Small Business Server (SBS) installation.

More information

To maintain a secure network of any kind always demands diligence on the part of the system administrators that operate it. Because SBS is a comprehensive suite, administrators of SBS installations need to be aware of the security of each suite component. All patches and security bulletins will first appear on the following Microsoft Security Web site:
http://microsoft.com/security
All SBS administrators are urged to subscribe to the Microsoft Security Notification service:
http://www.microsoft.com/technet/security/bulletin/notify.mspx
For a comprehensive list of all of the security patches that are available, use the following Microsoft Security Bulletin Search Web site:
http://microsoft.com/technet/security/current.mspx
Administrators are encouraged to use the Security Bulletin Search in conjunction with subscribing to the Security Notification Service to maintain their servers in the most secure state possible.

Hotfixes are patches that are released between service packs and that are designed to address one or more specific issues. After you apply a hotfix, you are normally required to restart your computer. If you do not restart your computer after you install a hotfix, the hotfix may not be installed properly. Note that you can use the QChain.exe tool to install multiple hotfixes in the same session, with only a single reboot. For additional information about the QChain.exe tool, click the article number below to view the article in the Microsoft Knowledge Base:
296861 Use QChain.exe to Install Multiple Hotfixes with Only One Reboot
Service packs are larger, much more inclusive packages that are designed to address a wide range of issues, including security. Users that are running the latest service pack of a product are normally protected from most vulnerabilities that have been identified up to the date of the Service Pack release. To obtain a list of the latest service packs that are available for each SBS suite component, please see the following Microsoft TechNet Service Packs Web page:
http://support.microsoft.com/default.aspx?PR=sp&FR=0&SD=TECH&LN=EN-US&CT=SD&SE=NONA
Small Business Server 2000 Service Pack 1 (SP1) includes updates for the operating system, server applications, and security features that have been released since the general product availability date in April 2001. For more information, see the following Microsoft SBS Web page:
http://www.microsoft.com/downloads/details.aspx?familyid=F4FC58D0-1FAC-4927-84D7-189FA1B690BE&displaylang=en
IMPORTANT: Unless a security bulletin specifically warns against installation on SBS, any security bulletin that is released for any of the suite components can be safely applied to SBS. As always, carefully read the release notes for any hotfix or service pack before you apply it to production computers.

You can use the following actions as part of your overall security strategy when you deploy SBS 2000 installations:

General Microsoft Security Information

Microsoft Security home page

http://microsoft.com/security/

Security Bulletin Search

http://microsoft.com/technet/security/current.mspx

Secure Internet Information Services 5 Checklist

https://www.microsoft.com/technet/archive/security/chklist/iis5cl.mspx?mfr=true

Windows 2000 Internet Server Security Tool

http://www.microsoft.com/technet/security/tools/locktool.mspx
Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.

CERT Coordination Center: Steps for Recovering from a UNIX or NT System Compromise

http://www.cert.org/tech_tips/win-UNIX-system_compromise.html
Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.

URLScan Security Tool

http://www.microsoft.com/downloads/details.aspx?familyid=23d18937-dd7e-4613-9928-7f94ef1c902a
URLScan is designed to make an IIS installation secure by default. This means that upon installation of the tool, IIS will not accept a variety of HTTP requests. Therefore, some SBS applications, like Outlook Web Access, may not function properly until the URLScan.ini file is edited to allow that functionality. Full details, including sample configurations, for editing URLScan can be found in the "urlscan.txt" file included with the download.

Properties

Article ID: 303323 - Last Review: February 27, 2014 - Revision: 7.0
Applies to
  • Microsoft Small Business Server 2000 Standard Edition
  • Microsoft BackOffice Small Business Server 4.5
Keywords: 
kbnosurvey kbarchive kbenv kbhowto KB303323

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com