Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

IIS6 Security and other web servers

from [Rivera Alonso, David] Network Security [Permanent Link]
Subject: IIS6 Security and other web servers
Date: Tue, 25 Jan 2005 15:52:08 +0100 

Dear friends,

I just want to throw a little question to know your opinion.
I was discussing yesterday with a friend about the quality of IIS6 from a
Security point of view.
He immediately said it's a bad choice, as previous Microsoft web servers.
I've read a few papers and I have this opinion: as it's been redesigned from
the ground (with all the previous failures in mind), with the security
perspective, with every little service and option disabled by default, and
so on, I told him that now, in my opinion, IIS6 is a good choice.
He loves GNU, Linux, and, logically, he thinks Apache is the king in
security.
Just because I felt curious, I went into www.securityfocus.com to check the
latest vulnerability advisories, for Apache and IIS6. Incredible, Apache
wins, it has many more (not to talk about the many releases since version
2.0)! In fact, I just found one alert about IIS6.

What do you experts think?
Of course, I know IIS was very dangerous before version 6.
But, maybe an IIS6 in a well configured, patched and securized Windows 2003
machine is al last a good choice to house Web Applications?
Or maybe it's too soon, there are few installed, and maybe in the future
it'll have as many holes as the predecessors?

What do you think?

best regards from Spain,

DAVID




=============================
Este mensaje se dirige exclusivamente a su destinatario.
Puede contener informacion confidencial sometida a secreto profesional o cuya 
divulgacion
este prohibida, en virtud de la legislacion vigente. No esta permitida su 
divulgacion,
copia o distribucion a terceros sin la autorizacion previa y por escrito de 
Iberdrola.
Si ha recibido este mensaje por error, le rogamos nos lo comunique 
inmediatamente
por esta misma via y proceda a su destruccion.

This e-mail is intended exclusively for the individual or entity to which it is 
addressed
and may contain confidential or legally privileged information, which may not 
be disclosed
under current legislation. Any form of disclosure, copying or distribution of 
this e-mail
is strictly prohibited, save with written authorisation from Iberdrola.
If you have received this message in error, please notify the sender 
immediately by e-mail
and delete all copies of the message.
=============================
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Multiple VPN connecions, Doll, Josh
Next by Date:  Re: I am searching for an good online infosec learning institution.. any suggestions?, Ismael Gonzalez
Previous by Thread:  SF new article announcement: Blind Buffer Overflows In ISAPI Extensions, Kelly Martin
Next by Thread:  Re: IIS6 Security and other web servers, Gary H. Jones II
Indexes:  [Date] [Thread] [Top] [All Lists]