On TechRepublic: Five super-secret features in Windows 7
BNET Business Network:
BNET
TechRepublic
ZDNet
TalkBack 18 of 42:
Next »
« Previous
IIS is a big, fat, easy target
Wake up, Mike. When I was running security for a web-based gaming company, 99.998% (by actual count) of attacks were aimed at IIS. By simple mathematics, it would be obvious that *anything* else would be preferable, if only for "security by obscurity." Considering how easy it is to check what server's being used (a simple HTTP GET command will suffice), I'm amazed it wasn't more obvious why the attacks weren't working.

No, this whole thing is a combination of IIS being easy to compromise, and IE (pronounced 'AIEEEEE!') being not exactly bulletproof, either. As for Linux, I do recall a contact at XO Communications estimating that they couldn't put a Linux server out for more than four hours without it being owned, but I wrote that off to a lack of pre-installation hardening. I do know that Apache is practically ironclad when installed on a hardened Solaris box.

Finally, don't be too proud of those MCSEs. My experience with them is that they are absolute experts in how to rig a Microsoft environment, but have absolutely no clue about more heterogeneous environments. Of course, I've only worked with a couple hundred of them, so my experience may be somewhat limited.

As I don't shill for MS, I have to rely on defense in depth, multiple layers of security, IDS and IPS units, host-based detection, and careful app testing to assure our servers are secure enough that our customers aren't compromised when using our services. Something tells me that depending on MS to supply security is a bit like letting the fox guard the henhouse. Mike, I hope your eggs aren't all in one basket, lest they wind up all over your face.
Posted by: "Mysterious   Posted on: 06/25/04 You are currently: a Guest | Members login | Terms of Use
Reply to Story Reply to Message

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

Good News Bad News  Nullifidian | 06/25/04
and i thought this was an IE flaw...  Monkey_MCSE | 06/25/04
not antivirus companies, but the engineers, my typo(NT)  Monkey_MCSE | 06/25/04
IIS Suckers!  Jeff Spicoli | 06/25/04
Resilient IIS comes through again...  Mike Cox | 06/25/04
Re: Resilient...  issthatso | 06/25/04
Don't forget  michael-t | 06/25/04
8.5 (NT)  WhoIsDaMan | 06/25/04
Dreck!  AbsolutelyNot | 06/25/04
Give me specifics...  Mike Cox | 06/25/04
if you can't keep an IIS server from being hacked....  toadlife | 06/25/04
I can keep Apache from being hacked.  Immanuel Tranz-Mischen | 06/25/04
perhaps becuase  toadlife | 06/26/04
perhaps because  Immanuel Tranz-Mischen | 06/27/04
lucky  toadlife | 06/27/04
Answers - if you care  toadlife | 06/27/04
We Love The Microsoft Information Minister  Knorthern Knight | 06/25/04
IIS is a big, fat, easy target  "Mysterious | 06/25/04
5.5, You really didn't ...  Judas I. | 06/25/04
WOW, 2 posts  shallow_diver | 06/25/04
Hey doofus  TWRX | 06/26/04
Yep... Sure... And I've got a bridge I can sell you...  boomslang_z | 06/26/04
Catch a clue idiot - you can't detect sarcasm  boomslang_z | 07/14/04
3.5 - I don't know anyone who believes IIS is secure.  Xunil_Sierutuf | 06/27/04
Easy Fix  issthatso | 06/25/04
which web sites  rgriffith64@... | 06/25/04
I agree  d_jedi | 06/26/04
Please read the story next time  toadlife | 06/27/04
more than IIS  rgriffith64@... | 06/28/04
perhaps it was websites who's owners advertise heavily ...  oldskool | 06/27/04
Infected and Malicious Web Sites Should be Listed!  gec1000 | 06/28/04
Just use Mozilla, no one is targetting against its bugtrap  FilledOut | 06/25/04
Not mozilla, Firebird and Thunderbird  Nigel Johnstone | 06/25/04
Pardon me, Fire *fox*  Nigel Johnstone | 06/25/04
Not Firebird...  aldux | 06/25/04
Mozilla - UGH!  Confused by religion | 06/26/04
Opera  Immanuel Tranz-Mischen | 06/27/04
Opera - UGH!  toadlife | 06/28/04
Running Windows is playing Russian Roulette with ALL bullets!  Xunil_Sierutuf | 06/27/04
Infected and Malicious Web Sites Should be Listed!  gec1000 | 06/28/04
You Should Know  mrfab3 | 06/28/04
Nipped in the bud?  descombobulation | 07/03/04

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement
advertisement

Enterprise Applications

  • Check out some of the easiest and most powerful ways to boost productivity while saving money on your application infrastructure. See ZDNet's comprehensive Enterprise Application resource center, now!
  • New Online Dashboard
  • Read about top issues IT decision-makers face every day, plus get cost effective solutions to real life IT problems. Oracle Topline