[ILUG] Re: Apache
kitten at psophos.com
Thu Nov 16 22:28:05 GMT 2000
On a somewhat different note here.
What do the people who are going to support this know?
Have they experience in Linux? Or just NT?
The implication of using SSL is some kind of ecommerce, or
secure access to the site, or parts thereof.
As such it's important that someone who will be maintaining the
setup is very aware of security issues surrounding the entire
system. Having a secure webserver is probably useless if the
rest of the system is wide open.
Picking the correct webserver has to fall into the available
knowledge of the people setting it up.
You cannot say Apache on Linux with mod_SSL if no-one who
administers the system knows Linux.
Don't depend on a firewall to block all attacks.
Also. What does this site hope to do? Will it need to talk to
anything else for content? Will Apache on Linux be enough. If it
will then persuading the management should be the least of your
worries. It'll take some wotk though :-)
I'd personally swing with Linux & Apache. But that's me.
IIS 4 on NT4. Has 18 security patches since coming out. I'm not
sure if SP6a applies any of those. If not you'll need to apply
about 14 to be secure.
IIS 5 only comes with W2K (I think). There are patches for it
Apache. Well you have to install the latest version.
And make sure that both are configured properly. Otherwise
In the case of SSL, look for information on it. There are ways
of subverting it. Cannot find the link anywhere.
"If it looks like a duck, and quacks like a duck, we have at least to
consider the possibility that we have a small aquatic bird of the family
anatidae on our hands". <?>
More information about the ILUG