> My point is that you would have less exposure to risk running alternatives
> because they aren't a massive target like IIS is.
Sorry bud but you're exposed with every server. I've got a T1 running in
here and I scan the logs. I get probed all of the time on all different
types of ports and as I mentioned before, MS is just the flavor of the
month. Don't be surprised that while everyone is making a big deal about
IIS, someone's alrady coming out with a new worm for Linux. There was a nice
juicy one just awhile ago that really slapped around several Linux admins.
You are exposed at the moment that you connect *any* server or pc, with any
OS, to the Net and to assume that you would have less exposure to risk by
not using MS/IIS would be naive. *YOU* are the main determining factor in
how secure your box will be. Yes, applying patches is a PITA but its part of
what goes with running a publicly accessible web server.
Here's my take on this, irregardless of OS. If a person does not know how to
properly manage their box or doesn't have the time to do it, then:
1) They shouldn't be putting it out on Net or
2) They should hire someone to do it.
The management of a webserver is essentially a full-time job and most people
treat that responsibility in a half-ass way. Then, when they get hacked,
they blame the OS. Its like raising a child. If you're not prepared to do it
the right way, then abstain, wear protecion or stay celebate! hehe.
Thanks for the opinions, bud.
Rey...
>
> Benjamin
>
>
> ----- Original Message -----
> From: "Costas Piliotis" <[EMAIL PROTECTED]>
> To: "CF-Talk" <[EMAIL PROTECTED]>
> Sent: Wednesday, September 26, 2001 6:19 AM
> Subject: RE: Check out what Gartner is recommending. Drop IIS!
>
>
> > You know it's funny though. A quick search at www.securiteam.com shows
> that
> > Apache and iPlanet have many vulnerabilities as well. Think perhaps
that
> > the research is simply political? Hackers seem to actually target IIS
> boxes
> > likely for their hatred of Micro$oft. I think there's more to this than
> > meets the eye...
> >
> > Remember, nothing's ever secure. As stated in the movie The Score: "If
> > someone built it, someone can break it".
> >
> >
> > -----Original Message-----
> > From: Benjamin Falloon [mailto:[EMAIL PROTECTED]]
> > Sent: Tuesday, September 25, 2001 12:42 PM
> > To: CF-Talk
> > Subject: Re: Check out what Gartner is recommending. Drop IIS!
> >
> >
> > Maybe a little OT, but my 2c.
> >
> > I wouldn't call that stupid at all.
> > Consider all of the attacks aimed squarely at IIS in the past few
months.
> > It's only going to increase. I've had personal experience with being
> hacked.
> > I run 2 internal IIS development boxes for CF and an internal hack
> replaced
> > *ALL* index.htm, default.htm files in all folders in the web serving
> > directory. Lucky more files where cfm.
> >
> > I'm not a 'server' admin (by title) but I can thank MS for this. If they
> > released a tighter web server with less vunerabilities maybe there would
> be
> > fewer viruses/hacks that could penetrate. People shouldn't need to have
to
> > patch every week.
> >
> > Doesn't that fact indicate that just *maybe* the software itself is
pretty
> > shaky?
> >
> > Consider this quote from the article,
> >
> > "Gartner remains concerned that viruses and worms will continue to
attack
> > IIS until Microsoft has released a completely rewritten, thoroughly and
> > publicly tested, new release of IIS,"
> >
> > Rewritten. That would be a good idea. Try to imagine a pair of pants
with
> as
> > many 'security' patches as is and will continue to be required for IIS.
> I'd
> > say the pants would be more patches than pants.
> >
> > Just a thought,
> >
> > Benjamin
> >
> > PS maybe apache would be a good alternative.
> >
> >
> >
> > ----- Original Message -----
> > From: "Rey Bango" <[EMAIL PROTECTED]>
> > To: "CF-Talk" <[EMAIL PROTECTED]>
> > Sent: Wednesday, September 26, 2001 3:03 AM
> > Subject: OT: Check out what Gartner is recommending. Drop IIS!
> >
> >
> > > Now, I've always found Gartner to sway in a particular direction based
> > > in the wind changes and the phases of the moon but this recommendation
> > > is
> > just
> > > plain stupid. Check it out:
> > >
> > > http://news.cnet.com/news/0-1003-200-7294516.html
> > >
> > > Rey Bango
> > >
> > >
> > >
> >
> >
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
