RE: NT/2000 vs Unix based Web Servers
From: Trevor Cushen (Trevor.Cushen@sysnet.ie)Date: 07/12/02
- Previous message: Sedat DOĞRU: "Re: security question"
- Maybe in reply to: Mario Behring: "NT/2000 vs Unix based Web Servers"
- Next in thread: Steve Bremer: "RE: NT/2000 vs Unix based Web Servers"
- Next in thread: David Ellis: "RE: NT/2000 vs Unix based Web Servers"
- Reply: Steve Bremer: "RE: NT/2000 vs Unix based Web Servers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 12 Jul 2002 16:44:23 +0100 From: "Trevor Cushen" <Trevor.Cushen@sysnet.ie> To: "Johan De Meersman" <johan@ops.skynet.be>
Because if you are allowing port 80 through on your firewall and the web
server is badly or insecurely configured then exploits like MSADC.pl can
be used with ease against your web server.
Can I ask Mario Behring, is any of this helping at all??? :)
Trevor Cushen
Sysnet Ltd
www.sysnet.ie
Tel: +353 1 2983000
Fax: +353 1 2960499
-----Original Message-----
From: Johan De Meersman [mailto:johan@ops.skynet.be]
Sent: 12 July 2002 16:05
To: security-basics@securityfocus.com
Subject: Re: NT/2000 vs Unix based Web Servers
how about you take whatever webserver you fancy, and throw a *nix
firewall in front of it ? :)
Corio, Jim wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>I would say that you should run the web server on the Operating system
>that you are most familiar with in an environment that you are most
>familiar with. If you are a Windows administrator, then you will run
>the risk of misconfiguring a UNIX box and Apache when you make the
>move.
>
>One of the biggest failures in web site security is that you have to
>maintain both a system and an application and that is where most
>website exploitations happen is that they do one and not the other.
>Run the application on the OS that you are familiar with (and can take
>the steps to secure).
>
>Jimmy
>
>
>
>>-----Original Message-----
>>From: Mario Behring [mailto:mariobehring@yahoo.com]
>>Sent: Monday, July 08, 2002 9:25 AM
>>To: security-basics@securityfocus.com
>>Subject: NT/2000 vs Unix based Web Servers
>>
>>
>>Hi list,
>>
>>I have some websites running on Microsoft IIS on NT/2000 servers and
>>
>>
>I
>
>
>>have to justify a possible change to Unix servers running Apache or
>>IPlanet using CORBA. The reason is only one, more secure web
>>servers and
>>more secure web sites.
>>
>>Can you guys give me your opinion and some arguments whether
>>should I do
>>this change or not ?? Costs are not an issue here, please give me
>>technical and security arguments.
>>
>>Thanks in advance.
>>
>>Mario Behring
>>
>>
>>
>>
>>
>>__________________________________________________
>>Do You Yahoo!?
>>Sign up for SBC Yahoo! Dial - First Month Free
>>http://sbc.yahoo.com
>>
>>
>>
>
>-----BEGIN PGP SIGNATURE-----
>Version: PGP 6.5
>
>iQA/AwUBPSt+10Zk4thJjdFAEQKF8ACdGeRASTaag4cxFcJa3mofQS8xgvUAnRbq
>Cf6N7bUS7RC4GAlNUjQ1rT+j
>=KkrZ
>-----END PGP SIGNATURE-----
>
>
- Previous message: Sedat DOĞRU: "Re: security question"
- Maybe in reply to: Mario Behring: "NT/2000 vs Unix based Web Servers"
- Next in thread: Steve Bremer: "RE: NT/2000 vs Unix based Web Servers"
- Next in thread: David Ellis: "RE: NT/2000 vs Unix based Web Servers"
- Reply: Steve Bremer: "RE: NT/2000 vs Unix based Web Servers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
