Security Innovation's Microsoft/Linux web server security study [LWN.net]

Security Innovation's Microsoft/Linux web server security study

Posted Mar 23, 2005 15:04 UTC (Wed) by mormop (guest, #13775)
Parent article: Security Innovation's Microsoft/Linux web server security study

I still can't help but think that the main point of these studies is that
you shouldn't let people who don't have a clue set up publicly available
servers.

I remember a friend of mine who's a network manager for a multinational
architects set up Server 2000 on a fresh install with all the patches,
hotfixes etc. With IIS running to the outside world it took less than two
hours for the box to be hacked. Ultimately, hardening by someone who knows
what they're doing could have made all the difference and I still reckon
that any company that uses a default install on any platform gets what
they deserve for being to tight to pay to have it done properly.

(Log in to post comments)

Security Innovation's Microsoft/Linux web server security study

Posted Mar 24, 2005 12:21 UTC (Thu) by zotz (guest, #26117) [Link]

"I still can't help but think that the main point of these studies is that
you shouldn't let people who don't have a clue set up publicly available
servers."

The problem is, one of the selling points of MS is that their stuff is so easy and intuitive that you don't need to pay an expert to do it properly, anyone can do it. This is the take they push onto the public is it not?

all the best,

drew

http://www.archive.org/search.php?query=creator%3A%22drew...