IIS vs Apache

Discussion in 'ASP .Net Security' started by Ashis Govind, Nov 10, 2003.

  1. Ashis Govind

    Ashis Govind Guest

    Hi,

    We have various sectors in our organisation arguing over
    the virtues of Apache over IIS, the primary argument is
    that IIS is insecure out of the box.

    Q's:
    Can IIS and the OS be made secure to rival Apache on Linux?
    Are the arguments put up by the IIS detractors well
    founded?
    Is this a common argument in other organisations?

    Any information on comparisons between the two Web Servers
    would be valuable.

    Thanks

    Ashis
    Ashis Govind, Nov 10, 2003
    #1
    1. Advertising

  2. Without getting into the "religious" battles here, it is possible to make
    IIS/W2K or W2K3 as secure and scalable as Apache/Unix using similar
    hardware. It cannot be said enough that poor system administration is not a
    product flaw. This is not to say that there have not been major flaws in
    both products - just that many of them would never have been as widely
    exploited had sysadmins actually kept up with patch management. And yes,
    this is a VERY common argument. Presently the shift is not so much which one
    is more "secure" rather which one is more "open". This is another
    misinformed argument as something that is both "secure" and "open" does not
    always make sense. If you're interested in documentation on hardening
    Windows 2000 Servers and IIS 5, let me know. The document for W2K3 and IIS6
    is almost complete as well.

    Kevin T. Price
    Co-Author ".NET Framework Security"
    Co-Author "Database Access with Visual Basic .NET"



    "Ashis Govind" <> wrote in message
    news:02c901c3a7c4$00436030$...
    > Hi,
    >
    > We have various sectors in our organisation arguing over
    > the virtues of Apache over IIS, the primary argument is
    > that IIS is insecure out of the box.
    >
    > Q's:
    > Can IIS and the OS be made secure to rival Apache on Linux?
    > Are the arguments put up by the IIS detractors well
    > founded?
    > Is this a common argument in other organisations?
    >
    > Any information on comparisons between the two Web Servers
    > would be valuable.
    >
    > Thanks
    >
    > Ashis
    Kevin T. Price, Nov 11, 2003
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.

Share This Page