× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. December 2001

Re: Is IIS worth the risk?

It doesn't take a reasonable excuse for a large part of the hacker community
to target IIS. (btw-IIS is not just NT, but also W2K & XP). The Gartner
warning which
started this about IIS clearly stated that for whatever reason, MS & IIS
will
continue to be a target. They also stated that IIS will continue to be
vulnerable
until MS rewrites it from scratch. Till then the patches will continue. That
makes
the cost of using/maintaining IIS very high. Why hackers do it is
irrelevant.
IIS is now a target of favor. If using IIS, make a business decision as to
what to do.

If you want to know more about the "why" and "how", read 'Know your Enemy -
the
Honeynet Project' about a group tracking both Win & unix hackers.
imho
jim franz

----- Original Message -----
From: "Adam Lang" <aalang@rutgersinsurance.com>
To: <midrange-l@midrange.com>
Sent: Monday, December 31, 2001 1:43 PM
Subject: Re: Is IIS worth the risk?


> I know, but the article was geared towards IIS and not email viruses, so
the
> desktop user base is a bit irrelevant.  How much of the Windows user base
is
> actually NT?  And then how many actually have IIS running?
>
> Server insecurity being blamed on the number of users making it a juicier
> target is a cop out.  Not a justified excuse.
>
> Adam Lang
> Systems Engineer
> Rutgers Casualty Insurance Company
> http://www.rutgersinsurance.com
> ----- Original Message -----
> From: "Jim Franz" <franz400@triad.rr.com>
> To: <midrange-l@midrange.com>
> Sent: Monday, December 31, 2001 12:57 PM
> Subject: Re: Is IIS worth the risk?
>
>
> > I think the article's description of "gigantic install base" refers to
the
> > desktops,
> > not the servers. Email virus generally attack desktop Outlook & Outlook
> > Express
> > (because it's easy and causes great "panic"). Behind the 26% IIS servers
> on
> > the
> > net are an incredible amount of desktops. Someone could theoretically
> > interfere
> > with the 5250 data stream, but who would notice?
> > imho
> > jim franz
> >
> > ----- Original Message -----
> > From: "Adam Lang" <aalang@rutgersinsurance.com>
> > To: <midrange-l@midrange.com>
> > Sent: Monday, December 31, 2001 11:31 AM
> > Subject: Re: Is IIS worth the risk?
> >
> >
> > > Quote from article:
> > >
> > > "Worms, site defacements, and DDoS (distributed denial of service)
> attacks
> > > strike non-Microsoft servers daily. Microsoft simply makes a juicier
> > target,
> > > mostly by virtue of its gigantic installed base, than any of its
> > > competitors."
> > >
> > > Which is a load of crap.  This justifies email viruses.  Apache owns
60%
> > of
> > > the webserver market.  IIS about 20 to 25%.
> > >
> > > Adam Lang
> > > Systems Engineer
> > > Rutgers Casualty Insurance Company
> > > http://www.rutgersinsurance.com
> > > ----- Original Message -----
> > > From: <jpcarr@tredegar.com>
> > > To: <midrange-l@midrange.com>
> > > Sent: Monday, December 31, 2001 11:09 AM
> > > Subject: Is IIS worth the risk?
> > >
> > >
> > > >
> > > > Neat article.
> > > >
> > > > http://www.infoworld.com/articles/tc/xml/01/12/24/011224tcpcp.xml
> > > >
> > > > Maybe should write to the writers and name some server that may not
> have
> > > > had any publicity about being the target of viruses.
> > > >
> > > > John
> >
> >
> >
> > _______________________________________________
> > This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
> list
> > To post a message email: MIDRANGE-L@midrange.com
> > To subscribe, unsubscribe, or change list options,
> > visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-l
> > or email: MIDRANGE-L-request@midrange.com
> > Before posting, please take a moment to review the archives
> > at http://archive.midrange.com/midrange-l.
> >
> >
>
>
>
> _______________________________________________
> This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
> To post a message email: MIDRANGE-L@midrange.com
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-l
> or email: MIDRANGE-L-request@midrange.com
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/midrange-l.
>
>

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.