Security Basics mailing list archives
Betr.: RE: "Secure" Web Hosting?
From: "Philip Wagenaar" <p.wagenaar () accon nl>
Date: Tue, 30 Nov 2004 11:13:00 +0100
Hi, You do know that IIS 6 is a totally diffrent product then IIS 5,4,3? In my opinion it is easy to say IIS is insecure. But I haven't seen any hard facts about IIS 6 saying that it is insecure. Also just because apache is used more and open source doesn't mean it is better or anything. But you can't just ask I want to run a webserver, what shoud I use? What are you going to use the webserver for? Do you need to support PHP? ASP? ASP.NET? CGI? of just HTML? Or only images? And securing your HTTP server is 50% your choice of HTTP server and 50% firewall, logging, IDS, monitoring etc... And if you are going to host webapplications (cgi,php,asp,asp.net,etc). Then you also have to focus on how are you going to be sure that the webapplications aren't going to be a securityleak? Can you 'sand-box' the webapplications? Met vriendelijke groet, Philip Wagenaar Junior Projectleider ICT AccoN Accountants & Adviseurs ICT Projecten & Advies Postbus 5090 6802 EB Arnhem The Netherlands tel. +31 (0)26-3842384 fax. +31 (0)26-3630222 mobile: +31 (0)6-25388935 MSN/E-mail: p.wagenaar () accon nl http://www.accon.nl
"Keith Bucknall" <keith.bucknall () zen co uk> 27-11-04 15:37 >>>
Apache works on windows 200x servers fine and I would recommend using this instead of IIS.. ---------------------------------------------------------------------------- -------------------------------------------------------------------------- Many thanks..... Keith Bucknall -----Original Message----- From: Germano, Tomas [mailto:TGermano () metrovias com ar] Sent: 26 November 2004 12:53 To: 'Mark Spencer'; security-basics () securityfocus com Subject: RE: "Secure" Web Hosting? I think that you mount an Apache Web Server on a Windows 2000 or 2003 (I don t know if Apache work on W2003) and you secure the Operative Sistem, you are fine or more secure that usind IIS. I don t test IIS 6.0 over 2003 Sorry for my English Tomas A Germano Analista de Seguridad Metrovias. Argentina -----Mensaje original----- De: Mark Spencer [mailto:mspencer () evidentdata com] Enviado el: Miércoles 24 de Noviembre de 2004 11:49 Para: security-basics () securityfocus com Asunto: "Secure" Web Hosting? Hello all, I'm looking for suggestions on web hosting providers that pay particular attention to security issues, e.g. hardening networks, servers, and applications. On a somewhat related note, if I wanted to host a web server myself, what is the recommended platform for getting a web server online in a secure and intuitive fashion? I know that OpenBSD has an excellent reputation, but may be difficult to setup for someone that hasn't spent much time with BSD. What about EnGarde Linux? Thanks! Mark El contenido de este mail y cualquier archivo adjunto son confidenciales. Está dirigido solo a los destinatarios. Cualquier divulgación, distribución o copia de esta comunicación o cualquiera de sus contenidos está prohibida. Si Ud. ha recibido este mail por error por favor reenvíelo al remitente inmediatamente, borre el original y cualquier copia que resida en su computadora. ################################################################## Dit e-mailbericht is uitsluitend bestemd voor de geadresseerde. De informatie hierin is vertrouwelijk, zodat het derden niet is toegestaan om daarvan kennis te nemen of dit te verstrekken aan andere derden. Indien u dit e-mail bericht ontvangt terwijl het niet voor u bestemd is, verzoeken wij u contact op te nemen met de afzender en de informatie te verwijderen van iedere computer. Bij voorbaat dank. ================================================================== The information transmitted in this e-mail is intended only for the person or entity to which it is addressed and contains confidential information. Any review, retransmission or other use by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. Thank you. ################################################################## ##################################################################################### This e-mail message has been scanned for Viruses and Content and cleared by MailMarshal #####################################################################################
Current thread:
- Betr.: RE: "Secure" Web Hosting? Philip Wagenaar (Nov 30)