-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I agree that's the way to do it! If there are just security reasons to change from IIS to *nix, that isn't a good dispute cause everyone has their own opinions on which web server is better or should I say more secure. Microsoft has so many vulnerabilities out of the box and that's why Microsoft has a bad name in the security community. But if you do want to go with IIS then you can make it secure. Sure it is not easy. I created documents for my company on how to make IIS secure for a dmz and it is a 30 page PDF, It takes a lot into consideration, then you can get a web firewall for IIS like EEYE'e web firewall which wraps around IIS or shadow enterprise web firewall at http://www.safety-lab.com/en/products/3.htm which also wraps around IIS. And for authentication and login pages you can get authentix which has its own IIS userdatabase so IIS doesn't use the internal user base for anytype of HTTP requests. And then put a firewall in front of the IIS box like checkpoint. But that's not all, you have to make a lot of changes to the registry to protect against syn, dos attacks and getting into the registry anonymously, run security scanners agains the server on a weekly basis, and KEEP UP TO DATE ON PATCHES!!!!! Everytime a new hole is found and I look at my IDS, everyone in the world is trying to get into the webserver via the new exploit that was announced. Sincerely,
Dave System/Security Engineer MCSE, CCSE, CCNA, CCA - -----Original Message----- From: Johan De Meersman [mailto:[EMAIL PROTECTED]] Sent: Friday, July 12, 2002 11:05 AM To: [EMAIL PROTECTED] Subject: Re: NT/2000 vs Unix based Web Servers how about you take whatever webserver you fancy, and throw a *nix firewall in front of it ? :) Corio, Jim wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >I would say that you should run the web server on the Operating >system that you are most familiar with in an environment that you >are most familiar with. If you are a Windows administrator, then >you will run the risk of misconfiguring a UNIX box and Apache when >you make the >move. > >One of the biggest failures in web site security is that you have to > maintain both a system and an application and that is where most >website exploitations happen is that they do one and not the other. >Run the application on the OS that you are familiar with (and can >take the steps to secure). > >Jimmy > > > >>-----Original Message----- >>From: Mario Behring [mailto:[EMAIL PROTECTED]] >>Sent: Monday, July 08, 2002 9:25 AM >>To: [EMAIL PROTECTED] >>Subject: NT/2000 vs Unix based Web Servers >> >> >>Hi list, >> >>I have some websites running on Microsoft IIS on NT/2000 servers >>and >> >> >I > > >>have to justify a possible change to Unix servers running Apache or >> IPlanet using CORBA. The reason is only one, more secure web >>servers and more secure web sites. >> >>Can you guys give me your opinion and some arguments whether >>should I do >>this change or not ?? Costs are not an issue here, please give me >>technical and security arguments. >> >>Thanks in advance. >> >>Mario Behring >> >> >> >> >> >>__________________________________________________ >>Do You Yahoo!? >>Sign up for SBC Yahoo! Dial - First Month Free http://sbc.yahoo.com >> >> >> > >-----BEGIN PGP SIGNATURE----- >Version: PGP 6.5 > >iQA/AwUBPSt+10Zk4thJjdFAEQKF8ACdGeRASTaag4cxFcJa3mofQS8xgvUAnRbq >Cf6N7bUS7RC4GAlNUjQ1rT+j >=KkrZ >-----END PGP SIGNATURE----- > > -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> iQA/AwUBPS778qraIKo8Q3RHEQITiwCgkHg7oIjWS+tTIuyRCSHf6XsKH6wAn0L5 tDPAs8gQtgnSoe9Vfk+bWiGd =SChH -----END PGP SIGNATURE-----
