Re: IIS vs. Apache Security

From: Jeff Cochran (jcochran.nospam@naplesgov.com)
Date: 11/15/02


From: jcochran.nospam@naplesgov.com (Jeff Cochran)
Date: Fri, 15 Nov 2002 13:07:46 GMT


>> All software is only as good as the admin running it. That's just a
>> given. Plus, is your group concerned about IIS security or Windows
>> security? Will Apache be run on Windows, Linux or something else? So
>> far as I've seen, Websphere on AS/400 appears to have the fewest
>> vulnerabilities. If you're talking overall security, look at some of
>> the secure Linux options, such as En Guarde Linux, and stay away from
>> the mainstream stuff like Red Hat that ships in a far more open
>> configuration.
>
>That's a good point.
>
>OpenBSD is arguably one of the more secure ones, at least in the default
>install. [I notice they recently changed their motto from "no remote holes"
>to "Only one remote hole in the default install, in nearly 6 years!"] It
>requires somewhat more knowledge since there's no X-windows gui, but then X
>is one of the first things you'd want to consider disabling to secure a *nix
>host. Be sure you know how to secure a *nix computer before you choose to
>use it.

One last thing for the OP. GIGA Group has done a study on IIS
Security, and if it's *really* an issue you can order it from Amazon
($250). Look for:

"Don't Discard Microsoft IIS - Keep Security Knowledge Current: Giga
Collaboration "

Jeff



Relevant Pages

  • RE: Ten least secure programs
    ... contrary to the statistics. ... corrected virtually all current and yet to be discovered security issues ... with Linux. ... Subject: Ten least secure programs ...
    (Security-Basics)
  • Re: How to secure IIS?
    ... XP as well, because even if you don't install IIS, there are still a number ... If you think Windows 98 is secure, ... easy to attack, if there's no firewall... ... IIS security checklists] 3) install firewall and antivirus, ...
    (microsoft.public.inetserver.iis.security)
  • Re: Ten least secure programs
    ... Subject: Ten least secure programs ... only someone that's hard up to bash Linux users would assume this. ... > corrected virtually all current and yet to be discovered security issues ...
    (Security-Basics)
  • RE: [Full-Disclosure] RE: Linux (in)security
    ... We simply use alternate approaches to security. ... Microsoft for their platform of choice, so, we are simply changing with the ... I have never heard of a Linux vendor saying that Linux is "secure out of the ...
    (Full-Disclosure)
  • Re: Ten least secure programs
    ... it's probably better you leave the topic alone ... I said I do not have security issues with the programs I code. ... I didn't realize you were a Linux user, ... > the most widely used and secure UNIX flavors? ...
    (Security-Basics)