Re: IIS vs. Apache Security
From: Jeff Cochran (jcochran.nospam@naplesgov.com)
Date: 11/15/02
- Next message: Mike: "Forms Authentication and Impersonation"
- Previous message: Teit Molter: "Visual Interdev , SSL and Verisign"
- In reply to: Karl Levinson [x y] mvp: "Re: IIS vs. Apache Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: jcochran.nospam@naplesgov.com (Jeff Cochran) Date: Fri, 15 Nov 2002 13:07:46 GMT
>> All software is only as good as the admin running it. That's just a
>> given. Plus, is your group concerned about IIS security or Windows
>> security? Will Apache be run on Windows, Linux or something else? So
>> far as I've seen, Websphere on AS/400 appears to have the fewest
>> vulnerabilities. If you're talking overall security, look at some of
>> the secure Linux options, such as En Guarde Linux, and stay away from
>> the mainstream stuff like Red Hat that ships in a far more open
>> configuration.
>
>That's a good point.
>
>OpenBSD is arguably one of the more secure ones, at least in the default
>install. [I notice they recently changed their motto from "no remote holes"
>to "Only one remote hole in the default install, in nearly 6 years!"] It
>requires somewhat more knowledge since there's no X-windows gui, but then X
>is one of the first things you'd want to consider disabling to secure a *nix
>host. Be sure you know how to secure a *nix computer before you choose to
>use it.
One last thing for the OP. GIGA Group has done a study on IIS
Security, and if it's *really* an issue you can order it from Amazon
($250). Look for:
"Don't Discard Microsoft IIS - Keep Security Knowledge Current: Giga
Collaboration "
Jeff
- Next message: Mike: "Forms Authentication and Impersonation"
- Previous message: Teit Molter: "Visual Interdev , SSL and Verisign"
- In reply to: Karl Levinson [x y] mvp: "Re: IIS vs. Apache Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
