Chapter 5: SBS standard security [book excerpt]

Hello from WPC Houston! We now start Chapter 5 of Windows Small Business Server 2003 Best Practices. As you may know, I am posting up several pages per day of my purple book until SBS 2008 ships! BTW – that date is now defined as November 12th.

Enjoy the read….harrybbbb

Harry Brelsford

CEO, SMB Nation,


Chapter 5 Standard SBS Security

This chapter honors the all-important security discussion. Up until most recently, every year was dubbed the “Year of Security” by the popular media. That moniker has finally been retired with Microsoft announcing this as the “Year of SMB” with the launch of SBS 2003 in October 2003 at the Worldwide Partners Conference (WWPC) in New Orleans, Louisiana, USA.

BEST PRACTICE: With the completion of your basic SBS 2003

network for SPRINGERS over the last few chapters, if might be easy to believe your job as the SBSer is largely complete. But in reality your job has only begun! Did you know that the moment you completed the deployment of your SBS 2003 network, it was already badly and sadly out of date! “What?!” you say. Don’t be angry – this isn’t personal. SBS 2003 standard edition was released to manufacturing (RTM) on Tuesday, September 16, 2003, at 11:00am Pacific Standard Time. And SBS 2003 premium edition RTMed on Wednesday, October 1, 2003. On those respective dates, both products instantly started to age and become out of date from a patch management point of view. That is, a patch released on October 7, 2003, (as an example) would never be included out-of­the-box at startup in either of the original RTM SBS 2003 editions. You need to apply this update.

More encouraging words. This isn’t about working yourself out of a job when it comes to SBS, but rather about the fact that more work lies ahead of you than behind you. Most security tasks in the chapter are typically performed on an ongoing basis over the life of the computer network.

 Visit for the latest updates for any Microsoft product.

Of course this chapter continues the SPRINGERS methodology whereby you are deploying an SBS 2003 network for the imaginary Springer Spaniels Limited company.


So many folks in the SBS community equate security with a firewall it’s scary! If you were do conduct a focus group and engage in a word association game whereby you said the word “security” to a panel of SBSers, you’d be shocked, awed, amazed, and dazed at how many would utter the word “firewall.”

Truthfully, security is much more like a multi-headed Hydra beastie from Greek methodology. Certainly a firewall is one component of security, but it only joins other security elements as listed below:

                      Computer. Obviously much security attention will be devoted to mak­ing the computer system as secure as possible, including completing a secure setup, keeping all devices updated with the latest patches, using the security features and best practices that ship with SBS, and even supplementing SBS security with additional tools. All of this is dis­cussed in the chapter.

                      Physical. Later in the chapter, the physical element of security is dis­cussed whereby you might find yourself running to secure your SBS server machine (which someone could easily walk away with).

                      Management practices. Do you have a written security policy so that employees are educated on what workplace behaviors are acceptable or unacceptable?

                      Personal practices. I’ll only mention this here, but look at how you conduct your own affairs. Do you use a 900MHZ cordless telephone that neighbors can hear over a baby monitor (especially when you read your credit card)? Do you allow a minimum-wage valet to park your luxury car (and perhaps plant a “bug” from your business competitor)? Get paranoid right now about your personal security. Be aware of your surroundings. Enough said.


 Visit for additional SMB and SBS book, newsletter and conference resources.

Security is an evolving, ongoing concern that you “did” yesterday, “do” today, and “will do” tomorrow. It never ends and at no time can you become complacent and utter that our small business is completely secure. In fact, at the end of this chapter, I only point you to more intense security resources to march forward with.

BEST PRACTICE: Truth be told, achieving complete security on your SBS network is never truly possible, as my friend security author Roberta Bragg has reminded me. But a high level of computer security can be achieved by just turning both the server machine and client computer off (although Roberta cautions that wake-on LAN technologies might work around even this approach). The next level down on the security food chain would be to simply unplug the SBS server machine from the Internet. But since most of us live in the real world, are merchants of some trade, and seek to conduct business and consummate transactions, we have to be reasonable and practical and find a balance between security and business functionality. That might be a different experience for different people, but I want to set the framework for that decision making.


Leave a comment

Filed under Book

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s