Re: security on iis 5 open port router

From: karl [x y] (jamescagney90210@excite.com)
Date: 08/06/02


From: "karl [x y]" <jamescagney90210@excite.com>
Date: Tue, 6 Aug 2002 00:42:38 -0400


"Ian Hastie" <ian_a_hastie@hotmail.com> wrote in message
news:slrnaku9sb.lqq.ian_a_hastie@iahastie.local.net...
> But this avoids the issue. The track record of IIS is poor. There is
> no reason to assume this will change. When the next flaw is found, how
> do you inted to secure it against attack before a reliable workaround or
> fix is produced? Obviously no software is perfect, but IIS does seem to
> be worse than most.

I'm not saying you're right about the past performance of IIS, but take a
look at http://www.cert.org/advisories/ Since the last IIS vulnerability
listed there in April, there have been 16 other vulnerabilities found. One
of them affects MS SQL server. Pretty much all of the rest do not affect
Microsoft web servers, but a number of them do affect *nix web, DNS, SSH,
etc.