Re: security on iis 5 open port router

From: Jeff Cochran (jcochran)
Date: 08/06/02

From: jcochran at naplesgov dot com (Jeff Cochran)
Date: Tue, 06 Aug 2002 12:59:12 GMT

>> If security is your major concern,
>What do you mean "if"??? If you are connected to the internet then
>security is always the main concern.

If security actually were your main concern, you wouldn't be
connecting to the internet, would you?

Secuirty is not an absolute, it's a balance between what is desired
and what is needed. You desire full protection, but you need to allow
others access. So you balance the risk with the reward.

> Obviously no software is perfect, but IIS does seem to
>be worse than most.

Software is never perfect, and security isn't a function of software.
It's a function of people, and any decent admin needs to understand
the software that's being run and how to best secure their environment
to meet their organization's needs. There's a major difference
between real-world and theory, and in the end, at least in the real
world, the organization still has to function.