IIS vs Apache

A

Ashis Govind

Hi,

We have various sectors in our organisation arguing over
the virtues of Apache over IIS, the primary argument is
that IIS is insecure out of the box.

Q's:
Can IIS and the OS be made secure to rival Apache on Linux?
Are the arguments put up by the IIS detractors well
founded?
Is this a common argument in other organisations?

Any information on comparisons between the two Web Servers
would be valuable.

Thanks

Ashis
 
K

Kevin T. Price

Without getting into the "religious" battles here, it is possible to make
IIS/W2K or W2K3 as secure and scalable as Apache/Unix using similar
hardware. It cannot be said enough that poor system administration is not a
product flaw. This is not to say that there have not been major flaws in
both products - just that many of them would never have been as widely
exploited had sysadmins actually kept up with patch management. And yes,
this is a VERY common argument. Presently the shift is not so much which one
is more "secure" rather which one is more "open". This is another
misinformed argument as something that is both "secure" and "open" does not
always make sense. If you're interested in documentation on hardening
Windows 2000 Servers and IIS 5, let me know. The document for W2K3 and IIS6
is almost complete as well.

Kevin T. Price
Co-Author ".NET Framework Security"
Co-Author "Database Access with Visual Basic .NET"
(e-mail address removed)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top