Step 7:
Install SQL Server 6.5 SP5
Site Server's components need SQL Server SP4 or later to work properly. SBS SP1 upgrades SQL Server to SP3, but you can't install SBS SP4 on the SQL Server version that SBS includes (SQL Server in SBS is a custom version). However, if you install SQL Server 6.5 SP5 on top of SBS's SQL Server, you can run Site Server's components.
Step 8:
Install Site Server 3.0
Which Site Server components do you need to install? Most small businesses don't use complicated technologies such as Personalization and Membership (P&M) server components in their Internet shops. These components are flexible and powerful in big commercial stores and Web sites with millions of subscribers, but most of my small-business customers find this technology too difficult to use.
One problem with installing P&M components disappeared in late 1998. Before the release of SQL Server SP5, you couldn't install P&M components easily because they required SQL Server SP4 and a Site Server hotfix. With SQL Server SP5, you can easily install P&M components and forget about post-SP4 hotfixes. However, I usually clear the selection of the P&M components, as well as the knowledge management functions, when I install Site Server. In most cases, I need to install only the extended logging filter from the Site Server installation CD-ROM.
Step 9:
Install Site Server 3.0 Commerce Edition
To make this installation more secure, clear the selection of all samples and the software development kit (SDK). Leaving sample content on any production server is a dangerous practice.
Step 10:
Install Site Server 3.0 SP2
Yes, I know—too many service packs. However, you need Site Server 3.0 SP2 to get Site Server Commerce Edition to work properly with SQL Server 6.5 SP5 and to eliminate bugs in the original Site Server code.
Step 11:
Install NT Server 4.0 SP4
I'm lucky that we finally have SP4. Otherwise, I'd have to describe in this step which post-SP3 hotfixes you'd need to install.
Step 12:
Install NT Server 4.0 Post-SP4 Hotfixes
We live in a cruel world and can't seem to go for long without post-service pack hotfixes. However, installing these hotfixes is important for your e-commerce solution. Microsoft plans a special roll-up fix for release after every full service pack to install fixes to the service pack for all known problems. Unfortunately, I have no current information about how roll-up fixes will work.
Additional Tasks for Securing SBS
Now you have SBS, Site Server Commerce Edition, and all the necessary components installed, but you need to do more to secure your e-commerce server from intruders. First, make changes to the Registry to deny anonymous network access to your e-commerce server. NT has a special feature whereby anonymous logon users can list domain usernames and enumerate share names. NT uses this feature for interdomain communications in multidomain networks. The downside to this feature is that anyone can use it to get a list of domain users.
To disable this feature, run regedt32 and go to HKEY_LOCAL_MACHINE\ SYSTEM\CurrentControlSet\Control\Lsa. From the Edit menu, click Add Value, enter RestrictAnonymous for the value name, select REG_DWORD for the data type, and enter 1 for the data value. Exit the Registry Editor and restart the computer so that the change can take effect. To learn more about this Registry feature, see the Microsoft article "Restricting Information Available to Anonymous Logon Users" at http://support.microsoft.com/ support/kb/articles/q143/4/74.asp.
You need to complete the next task when you install your online store templates. Check the permissions in your store's Config folder. Every store a business creates in Site Server Commerce Edition has a Config folder in which Site Server stores important information about Order Processing Pipeline and databases. You'd be surprised by how many companies keep a site.csc file, which stores SQL Server account and Data Source Name (DSN) information and is accessible to anyone over the Internet. Check the security settings for the Config folder in the MMC, and change them if they threaten security. To make changes to these MMC security settings, open the Config Properties window of your store's Config folder, select the Directory Security tab, and clear all three check boxes in the Authentication Methods dialog box, as Screen 1 shows.
Next, implement sound security policies such as minimum password length and password-guessing blocking. Although many security consultants think that renaming the administrator account is useless, I recommend renaming the account and also denying administrative access over the network; the goal is to let only the person sitting at your e-commerce server access the system with the administrative account. I usually go one step further and create two decoy accounts with Administrator and Root names to trap novice intruders. Of course, you need to turn on all auditing features for these accounts so that you'll receive notification if the accounts come under attack. You can turn on these features in User Manager.
I always delete all shares that the SBS installation wizard creates, and I recommend that you delete them also. Further, make certain that administrators in your company know to delete these shares.
To secure SQL Server, I remove all unnecessary accounts (e.g., Probe, Guest), and I change the password for the sa account from the default clear password. In addition, I create special accounts with limited-access rights for working over the Internet. An example of such a special account is one I might name CommerceUser that has limited permissions for browsing for products in the online store and adding the products to the shopping basket. Special accounts can protect you from big problems if an intruder gets an account-password pair and tries to steal information from your database.
Finally, configure routers (or Proxy Server 2.0) to drop all IP packets for ports 135 through 139 and 1433 coming from the Internet. When you do this, you can be sure you've effectively blocked incoming NetBIOS over TCP/IP (NetBT) data and outside access to your SQL Server system. On Cisco routers, I use the easy commands in Listing 1 to add filters that close NetBT ports to access from outside the network.
If you've gone through the steps I've outlined, you now have a secure foundation for your SBS and Site Server online enterprise. I wish you good luck and success with your e-commerce venture.