Announcement

Collapse
No announcement yet.

Just exactly HOW vulnerable is IIS now?

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Just exactly HOW vulnerable is IIS now?

    How bad is it these days, even if well patched and up-to-date? The thought of running IIS on a Win2k server seems to give a few people palpitations - especially the network support guys at my place!

    If it really still is the devils spawn from a security point of view, are there any favourites for running web & FTP under Win2k Server, preferably free?

    TIA

    T.
    FT.
    Tags: None
  • #2
    If well patched and up-to-date? Pretty secure.

    All these vulnerabilities and attacks have been because admins refuse to apply new patches.

    Sorry folks, but the "wait for SP1" mentality doesn't apply to security fixes. You apply 'em RIGHT AWAY.

    - Gurm
    The Internet - where men are men, women are men, and teenage girls are FBI agents!

    I'm the least you could do
    If only life were as easy as you
    I'm the least you could do, oh yeah
    If only life were as easy as you
    I would still get screwed

    Comment

    • #3
      Actually, a little tidbit I found out:

      Slammer was fixed by a patch released by MS in July.
      Another patch released by MS in October opened the vulnerability again!
      Gigabyte P35-DS3L with a Q6600, 2GB Kingston HyperX (after *3* bad pairs of Crucial Ballistix 1066), Galaxy 8800GT 512MB, SB X-Fi, some drives, and a Dell 2005fpw. Running WinXP.

      Comment

      • #4
        Have not seen the Oct thing anywhere yet.......have you got a link to an article somewhere
        Lawrence

        Comment

        • #5
          Originally posted by Wombat
          Actually, a little tidbit I found out:

          Slammer was fixed by a patch released by MS in July.
          Another patch released by MS in October opened the vulnerability again!
          Haven't these people heard of regression testing?

          @Tony: Apache's supposed to be pretty popular under Windows. (I think.)
          Blah blah blah nick blah blah confusion, blah blah blah blah frog.

          Comment

          • #6
            I haven't heard that it was reopened... but I know it WAS fixed last July.

            - Gurm
            The Internet - where men are men, women are men, and teenage girls are FBI agents!

            I'm the least you could do
            If only life were as easy as you
            I'm the least you could do, oh yeah
            If only life were as easy as you
            I would still get screwed

            Comment

            • #7
              I can't find anything reasonable to support my source, so consider it retracted for now.
              Gigabyte P35-DS3L with a Q6600, 2GB Kingston HyperX (after *3* bad pairs of Crucial Ballistix 1066), Galaxy 8800GT 512MB, SB X-Fi, some drives, and a Dell 2005fpw. Running WinXP.

              Comment

              • #8
                Apache 1.3xxxxx
                ******yjanni@kuva.fi ****** Still loving my G400 MAX!!

                Comment

                • #9
                  I'm running Apache 2, PHP4.x, ActiveState Perl and MySQL on a Windows XP SP1 box and it works great! The built-in IIS5.1 has a limit on the number of allowed connections so it's no good unless you're running a really small server unless you get a server variant of Windows.
                  QDI KinetiZ 7E, Athlon XP 1800+, 1 GB PC133 SDRAM, ATi Radeon 9600 PRO 128 MB, SB Live! 5.1, Memorex 40x CD-RW, NEC ND-2500A DVD-/+RW, 120 + 80 GB Seagate Barracuda, Windows XP SP1, 17" LG L1710B TFT

                  Comment

                  Previous template Next
                  Working...
                  X