× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. December 2004

RE: Security (was RE: Why NOT the web?)

>Best security practices for IIS is to remove it and use something else.

That's as silly as a statement that says best practices for iSeries is
to remove it -- which sounds like what Art's client is saying. IIS is an
extremely secure and robust web server, especially IIS6 in WS2K3, IF you
set it up correctly. 

Want to use Apache instead of IIS? BugTraq shows 2,771 non-enhancement
bugs for Apache 1.3 and 2.0 alone. Never mind Tomcat, tapestry, Xerces,
XML*, Soap, etc. My favorite part of the search was the warning on the
top of the list of results: "This list is too long for ASF Bugzilla's
little mind;..."


-Walden


------------
Walden H Leverich III
President & CEO
Tech Software
(516) 627-3800 x11
WaldenL@xxxxxxxxxxxxxxx
http://www.TechSoftInc.com

Quiquid latine dictum sit altum viditur.
(Whatever is said in Latin seems profound.)
  


-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of James Rich
Sent: Thursday, 30 December, 2004 14:37
To: Midrange Systems Technical Discussion
Subject: Security (was RE: Why NOT the web?)

On Thu, 30 Dec 2004, Walden H. Leverich wrote:

> If you don't have a firewall blocking all but port web traffic to a
web
> server, you should be taken out back and shot. If you are browsing the
> web from a server you should be taken out back and shot. If you are
> running outlook on a server, you should be taken out back and shot. If
> you haven't followed best-practices for locking down IIS and running
> (and re-running) baseline security analysis you should be taken out
back
> and shot!

Best security practices for IIS is to remove it and use something else.

I also ask myself these questions:
   Why should browsing the web be so dangerous?
   Why should checking my email be so dangerous?

If a machine is so crappy that these simple tasks cannot be performed 
safely then get rid of that machine.  If I am working to resolve some 
issue on a server and the documentation is online are you telling me I 
need separate machine to read the online documentation?  That's 
ridiculous.  As I see it, anyone who introduces such inept machines into

my network needs to be taken out back and shot.

James Rich

It's not the software that's free; it's you.
        - billyskank on Groklaw
-- 
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.