> Besides this, Does it really matter what web server you > choose? Yes it does.
> I have worked with many and would answer this with, > the system is as secure as the administrator of that system > is knowledgeable. I know administrators who can secure an > IIS server and others who can secure Apache. exactly. Situation, knowledge, experience dictate the system to be used. That is why it matters what you use. > Its like asking > which os is the most secure? There isn't really an answer. > I am doing a study right now on OS's, and which are the most > secure out of the box and out of the box with the latest Did you not just say that there is no answer to this question? > security patches applied. The study consist of operating > systems like Solaris 6 and 8, redhat, windows and so on. why just these? what about 'big iron' stuff? > We > are using the latest nessus and nmap to scan the boxes and > will be writing our findings up on each os. Lots of info missing here. What is the reason for the test? Who is this directed toward? In other words, of what use will this be, and to whom? Seems overly broad to me. Whether a system is secure out the box means nothing. Feature to some, bug to others. > > Lets face it, Apache isn't more secure than IIS. They are > both vulnerable unless hardened and protected. yep but this is not a war of logic, but of 'religion'.
