RE: IIS
From: mbegley@purina.comDate: 01/11/02
- Previous message: Mike Carney: "RE: PIX with no rules"
- Maybe in reply to: Baba Bogdan: "IIS"
- Next in thread: DocValde: "Re: firewalls"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: mbegley@purina.com To: ABlevins@arrowheadgrp.com, irado@nettaxi.com, Charles_Hornat@standardandpoors.com Date: Fri, 11 Jan 2002 07:58:20 -0600
I believe that once the source code is open source, its security flaws are
open to more probing eyes. It's more likely to have its flaws found and made
more secure. MS is closed source and it's my belief that we'll be seeing
buffer overflows from them for years to come as they are found by trial and
error.
-Open source nut
-----Original Message-----
From: Andrew Blevins [mailto:ABlevins@arrowheadgrp.com]
Sent: Wednesday, January 09, 2002 11:20 AM
To: 'irado furioso com tudo'; Hornat, Charles
Cc: 'Baba Bogdan'; security-basics@securityfocus.com
Subject: RE: IIS
Why is it automatically easier to harden an open source product? Also, there
are a myriad of options to hardening an IIS box than just patches.
-Curious
-----Original Message-----
From: irado furioso com tudo [mailto:irado@nettaxi.com]
Sent: Tuesday, January 08, 2002 1:36 AM
To: Hornat, Charles
Cc: 'Baba Bogdan'; security-basics@securityfocus.com
Subject: Re: IIS
just my opinion:
a) there are lots more apaches than IIS
b) statistics is the art to lie.. (forgot the author)
c) it is easier to harden a open system than a proprietary.
c-1) And I donot know any other way to harden a IIS than obscure
patches.. which closes a lot of holes just opening new ones.
Hornat, Charles wrote:
> I recently read a statistic that said apache is hacked more than IIS web
servers. and I have also seen statistics go the other way. I did a quick
search in google to try and see if I could find a solid believable
statistic, and was unsuccessful. I found many individuals stating facts
without citing their references.
>
> Besides this, Does it really matter what web server you choose? I have
worked with many and would answer this with, the system is as secure as the
administrator of that system is knowledgeable. I know administrators who
can secure an IIS server and others who can secure Apache. Its like asking
which os is the most secure? There isn't really an answer.
>
> I am doing a study right now on OS's, and which are the most secure out of
the box and out of the box with the latest security patches applied. The
study consist of operating systems like Solaris 6 and 8, redhat, windows and
so on. We are using the latest nessus and nmap to scan the boxes and will
be writing our findings up on each os.
>
> Lets face it, Apache isn't more secure than IIS. They are both vulnerable
unless hardened and protected.
>
> Charles
>
>
>
> ________________________________________________________________
> The information contained in this message is intended only for the
recipient, may be privileged and confidential and protected from disclosure.
If the reader of this message is not the intended recipient, or an employee
or agent responsible for delivering this message to the intended recipient,
please be aware that any dissemination or copying of this communication is
strictly prohibited. If you have received this communication in error,
please immediately notify us by replying to the message and deleting it from
your computer.
>
> Thank you,
> Standard & Poor's
>
>
--saudações,
irado furioso com tudo. Linux User (SuSE) 179.402 explicando o padre marcelo ('o mala', the pope's boy, the pope's star): mer$&^ velha com roupa nova.
- Previous message: Mike Carney: "RE: PIX with no rules"
- Maybe in reply to: Baba Bogdan: "IIS"
- Next in thread: DocValde: "Re: firewalls"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
