This is the only server on a small (ten station) network. The OS is Windows Small Business Server 2003. The server provides shared applications and file service internally to the workstations. It does offer DNS service as well, so there does seem to be an "external facing" element.
To answer your question, yes, there is a remote IP address (located in Puerto Rico) in the server's SEP client security log with this PHP-CGI attack warning.
Given these circumstances, do you recommend that I check the security software (NIS) on the workstations as well, or is that not necessary?
Thanks again for your assistance.
John