Re: IIS vs. Apache Security

From: Karl Levinson [x y] mvp (levinson_k@excite.com)
Date: 11/14/02


From: "Karl Levinson [x y] mvp" <levinson_k@excite.com>
Date: Thu, 14 Nov 2002 16:22:07 -0500


"Jeff Cochran" <jcochran.nospam@naplesgov.com> wrote in message
news:3dd5f464.16380914@msnews.microsoft.com...

> All software is only as good as the admin running it. That's just a
> given. Plus, is your group concerned about IIS security or Windows
> security? Will Apache be run on Windows, Linux or something else? So
> far as I've seen, Websphere on AS/400 appears to have the fewest
> vulnerabilities. If you're talking overall security, look at some of
> the secure Linux options, such as En Guarde Linux, and stay away from
> the mainstream stuff like Red Hat that ships in a far more open
> configuration.

That's a good point.

OpenBSD is arguably one of the more secure ones, at least in the default
install. [I notice they recently changed their motto from "no remote holes"
to "Only one remote hole in the default install, in nearly 6 years!"] It
requires somewhat more knowledge since there's no X-windows gui, but then X
is one of the first things you'd want to consider disabling to secure a *nix
host. Be sure you know how to secure a *nix computer before you choose to
use it.