Betr.: RE: "Secure" Web Hosting?

["Philip Wagenaar" <p.wagenaar () accon nl>]

Hi,

You do know that IIS 6 is a totally diffrent product then IIS 5,4,3?

In my opinion it is easy to say IIS is insecure. But I haven't seen any hard facts about IIS 6 saying that it is 
insecure. Also just because apache is used more and open source doesn't mean it is better or anything.

But you can't just ask I want to run a webserver, what shoud I use?

What are you going to use the webserver for? Do you need to support PHP? ASP? ASP.NET? CGI? of just HTML? Or only 
images?

And securing your HTTP server is 50% your choice of HTTP server and 50% firewall, logging, IDS, monitoring etc...

And if you are going to host webapplications (cgi,php,asp,asp.net,etc). Then you also have to focus on how are you 
going to be sure that the webapplications aren't going to be a securityleak? Can you 'sand-box' the webapplications? 

Met vriendelijke groet,

Philip Wagenaar
Junior Projectleider ICT

AccoN Accountants & Adviseurs
ICT Projecten & Advies
Postbus 5090
6802 EB Arnhem
The Netherlands

tel. +31 (0)26-3842384
fax. +31 (0)26-3630222
mobile: +31 (0)6-25388935
MSN/E-mail: p.wagenaar () accon nl
http://www.accon.nl


> > > "Keith Bucknall" <keith.bucknall () zen co uk> 27-11-04 15:37 >>>
Apache works on windows 200x servers fine and I would recommend using this
instead of IIS..

----------------------------------------------------------------------------
--------------------------------------------------------------------------

 

Many thanks.....

Keith Bucknall

 

-----Original Message-----
From: Germano, Tomas [mailto:TGermano () metrovias com ar] 
Sent: 26 November 2004 12:53
To: 'Mark Spencer'; security-basics () securityfocus com 
Subject: RE: "Secure" Web Hosting?

I think that you mount an Apache Web Server on a Windows 2000 or 2003 (I
don t know if Apache work on W2003) and you secure the Operative Sistem, you
are fine or more secure that usind IIS.

I don t test IIS 6.0 over 2003

Sorry for my English

Tomas A Germano
Analista de Seguridad
Metrovias.
Argentina 

-----Mensaje original-----
De: Mark Spencer [mailto:mspencer () evidentdata com] 
Enviado el: Miércoles 24 de Noviembre de 2004 11:49
Para: security-basics () securityfocus com 
Asunto: "Secure" Web Hosting?


Hello all,

I'm looking for suggestions on web hosting providers that pay particular
attention to security issues, e.g. hardening networks, servers, and
applications. 

On a somewhat related note, if I wanted to host a web server myself,
what is the recommended platform for getting a web server online in a
secure and intuitive fashion?  I know that OpenBSD has an excellent
reputation, but may be difficult to setup for someone that hasn't spent
much time with BSD.  What about EnGarde Linux?  

Thanks!

Mark


El contenido de este mail y cualquier archivo adjunto son confidenciales.
Está dirigido solo a los destinatarios. Cualquier divulgación, distribución
o copia de esta comunicación o cualquiera de sus contenidos está prohibida.
Si Ud. ha recibido este mail por error por favor reenvíelo al remitente
inmediatamente, borre el original y cualquier copia que resida en su
computadora.



##################################################################

Dit e-mailbericht is uitsluitend bestemd voor de geadresseerde.
De informatie hierin is vertrouwelijk, zodat het derden niet is
toegestaan om daarvan kennis te nemen of dit te verstrekken aan
andere derden. Indien u dit e-mail bericht ontvangt terwijl het
niet voor u bestemd is, verzoeken wij u contact op te nemen met
de afzender en de informatie te verwijderen van iedere computer.
Bij voorbaat dank. 

==================================================================

The information transmitted in this e-mail is intended only for
the person or entity to which it is addressed and contains
confidential information. Any review, retransmission or other
use by persons or entities other than the intended recipient is
prohibited. If you received this in error, please contact the
sender and delete the material from any computer. Thank you. 

##################################################################

#####################################################################################
This e-mail message has been scanned for Viruses and Content and cleared 
by MailMarshal
#####################################################################################