Re: Replacement for unsecure telnet/ftp on Windows servers

"Robert Moir" <robspamtrap+msnews@xxxxxxxxx> wrote in message
news:eeE96F7yGHA.4968@xxxxxxxxxxxxxxxxxxxxxxx
Ian wrote:
IMHO you're better using third-party software for any kind of Internet
service. MS products have always had security issues with
buffer-overrun flaws, and there are so many of those
yet-to-be-discovered that I don't see that situation ever changing.

You do realise that if your criteria for product selection is a total lack
of security flaws then you've just locked yourself out of anything other
than an abacus?

Incidentally, you may want to take a long hard look at IIS 6. Microsoft
took a long hard look at the criticism of their previous web server
efforts prior to IIS 6, and made what appears to be a magnificent
response.

The legend of Microsoft's web servers always being swiss cheese may in
fact be no more.


To my understanding that "legend" is due nearly entirely to IIS 4 (and
the FrontPage server extensions). If memory serves correctly, after the
IIS 5 rollup was released (? mid 2002) IIS 5, and IIS 6 have had very
little patchwork logged against them, and what has been is not really for
the webserver but for layered options (asp, webdav).

The posters comments, when I first read them, made me think of an
ostrich, with head hidden in a hole, oblivious to what was going on
around it.

--
Roger


.

Relevant Pages

  • Web session tracking security prob. Vulnerable: IIS and ColdFusion (maybe others)
    ... SECURITY PROBLEMS WITH WEB SERVERS' SESSION TRACKING MECHANISMS. ... 2001 we reported the following problem (with specifics to IIS and SITESERVER) to the Microsoft Security Response Center. ... These vulnerabilities, especially when combined with well-known cross-site scripting vulnerabilities, could cause loss of confidentiality, failure of non-repudiation and fraud. ... The browser stores and returns the "ASPSESSIONID" or "CFID/CFTOKEN" values with each subsequent request to the web server. ...
    (Vuln-Dev)
  • Re: How to secure access to private network files via IIS 6.0?
    ... available for internet users. ... If we open up ports 139 or 445 for the web server in ... If You want to use IIS provide this users with certificates and use ... Astaro Security Linux -- firewall with Spam/Virus Protection ...
    (Security-Basics)
  • Re: Microsoft Security Bulletin MS03-007 - 815021
    ... Unchecked buffer in Windows component could cause web server ... Microsoft Windows 2000 All Versions ... immediately investigate alternatives to IIS, ... Although these Web servers have required some security patches, ...
    (microsoft.public.win2000.security)
  • Re: Microsoft Security Bulletin MS03-007 - 815021
    ... Unchecked buffer in Windows component could cause web server ... Microsoft Windows 2000 All Versions ... immediately investigate alternatives to IIS, ... Although these Web servers have required some security patches, ...
    (microsoft.public.security)
  • Re: Replacement for unsecure telnet/ftp on Windows servers
    ... buffer-overrun flaws, and there are so many of those ... of security flaws then you've just locked yourself out of anything other ... took a long hard look at the criticism of their previous web server ... Rob Moir, Microsoft MVP for Security ...
    (microsoft.public.security)