Re: IIS or Apache ....Microsoft or Linux

From: David (davidwnh@adelphia.net)
Date: 12/26/02 

From: "David" <davidwnh@adelphia.net>
Date: Thu, 26 Dec 2002 18:30:23 GMT

Apache's big advantage is that it doesn't run under root and IIS runs under
local system. So anything that gets by has different consequences. IIS can
be made just as safe as apache(to initial attack) because most abuses are
from known ,correctable vulnerabilities, but it does take a lot of research.
So the unknown favors apache, but it all comes down to the end user. If
someone can better configure a windows box than so be it. And if someone
needs to integrate his server with existing MS technologies than so be it.
As far as independent IDS, it is of no consequence since the security of a
server depends on the server itself since you are allowing public access.
Your IDS needs to be integrated with the server or filtering the server
traffic to have any effect. And that still means knowing the known
vulnerabilities to be effective. Neither server or platform is better for
everyone and someday some of you neophytes will realize this.

"Duane Arnold" <notme@notme.com> wrote in message
news:fEmO9.504021$NH2.34423@sccrnsc01...
> > Then someone, why do you use FreeBSD for web servers?
> > Microsoft replied by changing the banners on there web servers so that
it
> > looked liked IIS.
> >
> > Not even Microsoft believes in IIS why should you?
>
> Here we go with blowing this whole thing up out of proportion again.
>
> IIS, Apache, FreeBSD, Linux, MS, etc. etc. all of it is crap, because all
> of it is written by Humans. We are not infallible or invincible. So how
is
> it that anything we create can be all that. It's not and will never be all
> that. Any of this junk can be attacked and nothing is infallible or
> invincible.
>
> Duane :)
>
>

Relevant Pages

  • [NT] Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise
    ... This patch eliminates a newly discovered vulnerability affecting Internet ... in IIS 4.0 and 5.0, and could likewise be used to overrun heap memory on ... allowing code to be run on the server. ... * Microsoft has long recommended disabling HTR functionality unless there ...
    (Securiteam)
  • Re: Problem with connect computer wizard
    ... Make sure the Windows XP client is pointing to the SBS 2003 server as ... Please collect the IIS metabase and the latest IIS log files further ... This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)
  • RE: IIS Key pairs (how to export an IIS 4.0 self-issued Root CA a nd import into new IIS 4.0 box)
    ... IIS key to an Intel SSL acelerator ... it issues client certificates to the end users. ... Step I - Installing the New Server ... Install NT SP 3 ONLY ...
    (Focus-Microsoft)
  • Re: SBS 2003 After Service Pack 1 for SBS
    ... we can conclude the SBS 2003 SP1 has been applied ... Please help me collect the IIS metabase to check ... and using server management console to reproduce the problem. ... This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)
  • FW: Microsoft Security Advisory MS 03-007
    ... am trying to find a vulnerability tester/script and I could test it out ... Department of the Army server that had been compromised and that this ... announcement covers IIS 5.1 but not IIS 6, ... How a Hacker Uses SQL Injection to Steal Your SQL Data! ...
    (Focus-Microsoft)
Quantcast