Re: security on iis 5 open port router

From: karl [x y] (jamescagney90210@excite.com)
Date: 08/06/02


From: "karl [x y]" <jamescagney90210@excite.com>
Date: Tue, 6 Aug 2002 00:42:38 -0400


"Ian Hastie" <ian_a_hastie@hotmail.com> wrote in message
news:slrnaku9sb.lqq.ian_a_hastie@iahastie.local.net...
> But this avoids the issue. The track record of IIS is poor. There is
> no reason to assume this will change. When the next flaw is found, how
> do you inted to secure it against attack before a reliable workaround or
> fix is produced? Obviously no software is perfect, but IIS does seem to
> be worse than most.

I'm not saying you're right about the past performance of IIS, but take a
look at http://www.cert.org/advisories/ Since the last IIS vulnerability
listed there in April, there have been 16 other vulnerabilities found. One
of them affects MS SQL server. Pretty much all of the rest do not affect
Microsoft web servers, but a number of them do affect *nix web, DNS, SSH,
etc.



Relevant Pages

  • Re: Risk of hosting a shooting lane website
    ... # yea most of the public remotes for *nix get scanned a couple times ... run fine on IIS, they have been running on IIS free from hacks since IIS ... None of our Linux or Microsoft web servers have been compromised to ...
    (rec.guns)
  • Re: security on iis 5 open port router
    ... The track record of IIS is poor. ... > no reason to assume this will change. ... look at http://www.cert.org/advisories/ Since the last IIS vulnerability ... Microsoft web servers, but a number of them do affect *nix web, DNS, SSH, ...
    (microsoft.public.win2000.security)
  • Re: Fixed but no idea why.
    ... reverse DNS checks will work. ... itself as (EHLO/HELO hostname). ... this broken, there is absolutely no reason to alter the IIS behavior, ...
    (microsoft.public.inetserver.iis.smtp_nntp)
  • Re: Need help setting up remote desktop.
    ... I have been trying to work my way through this using the help files. ... The reason I wanted to use the web based method is that I wanted to temporarily ... those folders, the way I can with the people who are on the home network (D-Link ... I am assuming for now that is connected to the use of IIS, ...
    (microsoft.public.windowsxp.network_web)
  • Re: Help connecting to Access DB from web service
    ... so there is no compelling reason not to use it. ... The Access database is located on a different server than ... While developing / debugging the web service is hosted on my development ... When deployed it is being host with IIS. ...
    (microsoft.public.dotnet.framework.adonet)