[prev in list] [next in list] [prev in thread] [next in thread] 

List:       security-basics
Subject:    Re: Rif: Comparison of Web Servers
From:       jdog1016 <jdog1016 () hotpop ! com>
Date:       2003-04-25 4:08:49
[Download RAW message or body]

Yes, IIS is certainly harder to keep up with, because there are a lot 
more serious flaws found in it than Apache, and IIS is probably 
potentially insecure, because there is a pretty good chance that there 
is still serious holes in it.

Remo.Cornali@rcs.it wrote:

>
>
>
>  
>
>>comparing web servers from a security perspective?
>>    
>>
>
>A well-patched Apache is as secure as you can get.
>A well-patched IIS is also as secure as you can get.
>Miss just one patch, and your webserver, whatever it is, is unsecure.
>
>There is no such thing as a slightly unsecure webserver,
>anymore than there is a being like a slightly pregnant woman.
>You may, however, want to consider a webserver's MTBSP
>(Mean Time Between Security Patches).   ;-))
>Keeping up with IIS is a lot more work.
>
>Ciao!
>      Remo Cornali
>  
>


---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the 
world's premier event for IT and network security experts.  The two-day 
Training features 6 hand-on courses on May 12-13 taught by professionals.  
The two-day Briefings on May 14-15 features 24 top speakers with no vendor 
sales pitches.  Deadline for the best rates is April 25.  Register today to 
ensure your place.  http://www.securityfocus.com/BlackHat-security-basics 
----------------------------------------------------------------------------

[prev in list] [next in list] [prev in thread] [next in thread]