Greetings All,
I'd like to ask for some clarification here. I know that
Ebay, Anandtech, et al. run on a purely Windows architecture
(for the ease of programming in .Net from what the folks at
Anandtech are saying) for their web-services and that works
well for them.
However, I know of no Windows architecture that is exposed
directly to the Internet. Every vendor/consultant/Admin I
have ever met is saying that in order for Windows to be
secure it must be protected by layers of protection (hardened
router, hardware firewall, etc).
On the other hand, I know of a number of LAMP-type servers
that are exposed directly to the Internet with no intervening layers.
Am I to take the statement that "IIS6 is a very secure
platform" to mean that IIS6 is only secure after it has been
hardened from its insecure default installation and protected
by layered security that prevents direct access to the Internet".
I may well be wrong here, so please feel free to correct me
if I'm out on a limb.
Thank you,
RandyW
The default install of IIS6 is actually quite secure once patched to the
most recent level - IMHO I would say it is more secure than a default
install of Apache (also patched). With IIS6 its not so much that you need to
do a lot of work hardening it, more that you have to be careful when turning
functionality on not to create any unnessecary exposure. I would say
exposing a LAMP (Linux-Apache-MySQL-PHP)machine to the internet directly
would be a foolhardy thing to do unless the machine was extremely hardened,
layers of protection are always good no matter what platform you have.
cheers,
Andrew
