RE: NT/2000 vs Unix based Web Servers
From: Trevor Cushen (Trevor.Cushen@sysnet.ie)Date: 07/16/02
- Previous message: Paul Hosking: "RE: windows ssh client"
- Maybe in reply to: Mario Behring: "NT/2000 vs Unix based Web Servers"
- Next in thread: hackerwacker: "Re: NT/2000 vs Unix based Web Servers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 16 Jul 2002 16:05:02 +0100 From: "Trevor Cushen" <Trevor.Cushen@sysnet.ie> To: <security-basics@securityfocus.com>
Can I add to this discussion that the security of the web server while a
high priority is not the only priority. We touched on the firewall in
front of the web server as part of this discussion but please also note
that the router which is very likely in front of everything needs a very
high level of security on it and like everything else we discussed they
do not come secure 'out of the box'. Access lists, and removal of
services on your router are vital steps. Just take a look at what is
possible with GRE tunnels to see some of the damage that can be done
quite easily.
Trevor Cushen
-----Original Message-----
From: RUSSELL T. LEWIS [mailto:RUSSELL_T._LEWIS@spectralresponse.com]
Sent: 16 July 2002 14:56
To: security-basics@securityfocus.com
Subject: Re: NT/2000 vs Unix based Web Servers
Trustix Secure Linux (www.trustix.com and on linux ftp mirrors) is a
perfect
example for a *nix distro that was also built with security as priority
#1. We
are still in the month trial period for their firewall and e-mail
servers based
on this free linux distro. Think of it as another alternative to the
secure
BSD, and I only mentioned it because some people get all hostile or
uncomfortable when talking about using linux or a BSD so now there are
two names
to float your boat. :->
The nest approach still lies in running what you know best so YOU know
it's
secure. Even if you run the most secure OS (via tweaks of out of the
box
settings), you gotta batten down the hatches of your web server as well.
So I'd
say your decision of *nix & apache or windows and IIS (or windows and
apache)
should be based on what you know the best, or can pay someone to know
the best.
-Russell
f00bar@rogers.com on 07/16/2002 03:09:06 AM
To: "Hornat, Charles" <Charles_Hornat@standardandpoors.com>
cc: security-basics@securityfocus.com (bcc: RUSSELL T. LEWIS/SPECTRAL
RESPONSE
INC./SPECTRALNT1)
Subject: Re: NT/2000 vs Unix based Web Servers
While it is generally true that default installations are insecure,
it is not absolutely true. OpenBSD (http://www.openbsd.com) comes
to mind as a secure default installation. Conversely to commercial
and most open source alternatives, the primary focus of OpenBSD is
security at the cost of all else. You have to know how to enable
the features you want, and accept the insecurities that come with
those features, including usability.
Some specialized Linux distributions follow similar principles to
OpenBSD. Not to trigger a distro jihad, I will avoid shortlisting
any distros and having my shortlist assumed to be comprehensive.
It's bad enough that I named a domestic product on a list that is
surely dominated by foreigners.
Anyone tempted to take that the wrong way should whois rogers.com
before flaming :-)
On Mon, Jul 15, 2002 at 16:31:20 -0400, Charles Hornat wrote:
>
> I really hate these religious debates over who is more secure, so I
did a
little study to see which is worse out of the box as well as with the
latest
security/cluster patches. www.securitywriters.org "OS Scan".
>
> Its a no win argument because both can be hardened and both are weak
out of
the box. Neither Unix vendors nor Microsoft thing security first when
designing
a new OS, primarily the focus is usability.
>
> Charles
>
- Previous message: Paul Hosking: "RE: windows ssh client"
- Maybe in reply to: Mario Behring: "NT/2000 vs Unix based Web Servers"
- Next in thread: hackerwacker: "Re: NT/2000 vs Unix based Web Servers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
