On Wed, 2005-11-16 at 11:56 -0600, Thomas W Shinder wrote: > Hi Susan, > > I think you misunderstood what they were trying to communicate during > that Webcast, and the presenters didn't do a really good job at > explicating their positions. > > Many people think that there is no more perimeter (or edge), or that the > perimeter (or edge) somehow magically changed to the end point on the > corporate network. Neither assertion is true or believable. Sure, there > is a more heterogenous set of security zones that need to be segmented > from one another, but to say that there is no more "perimeter" or no > more "edge" is ridiculous at best, delusional at worst (sort of like > saying that SBS doesn't represent a security compromise).
Depends on what you consider a security compromise. Is it really a compromise if looking after a single server is only a small part of your overall duties (which is the case in most SBS deployments). Most will agree that it's not best practise to have everything on one box, but for it's purpose as the single server for a small company with often no IT staff, only having one box to look after means it gets more attention. You can argue against that with all the usual arguments about putting all these services on a single box, however as soon as you start adding boxes you decrease the attention span dedicated to each box and that is also a security compromise. Overall you make a choice between one server or many - both having merits and failings, which one is the compromise is specific to you. If however you choose based purely on cost THAT is quite likely to be a security compromise. Don't get me wrong I do NOT advocate having SBS with one interface on the net and one on the LAN, but if you have a cheap router with firewalling capabilities and a single SBS server, you are no more compromising than someone with a similar setup and a few more servers - this is how I see most SBS servers deployed. The important thing there would be your single server would get more attention than the other guys set of servers. In my opinion it doesn't matter how secure you are, if the administrator isn't paying attention then there is no point. I wouldn't write off the SBS choice as a compromise on Security all of the time, until you have weighed in all the factors, it's certainly not a delusional state to have an SBS box set up and be confident that you are on top of it from a security perspective. It is entirely situation dependant and the compromise may or may not exist depending on the other contributing factors. -- With Regards.. Barrie Dempster (zeedo) - Fortiter et Strenue "He who hingeth aboot, geteth hee-haw" Victor - Still Game blog: http://reboot-robot.net sites: http://www.bsrf.org.uk - http://www.security-forums.com ca: https://www.cacert.org/index.php?id=3
smime.p7s
Description: S/MIME cryptographic signature
