|
Posted by Bernard Cheah [MVP] on October 16, 2007, 1:05 am
Please log in for more thread options To be more specific - IIS 4.0 - barely a product, IIS 5 - everything on by
default (zero trustworthy computing), IIS 6 - lessons learned (decent web
server), IIS 7 - best release ever (true application host).
and 5 is history, 6 is current, 7 and forward is the future.
and OP's is using w2k3 - nothing is ON by default, even with default
installation - no exploits so far on IIS FTP.
--
Regards,
Bernard Cheah
http://www.iis.net/
http://msmvps.com/blogs/bernard/
> qbernard@hotmail.com.discuss says...
>> yes - more IIS FTP are subjected for break in, but that's NOT because of
>> the
>> product.
>> the issue is the element between the monitor and the chair.
>
> While I somewhat agree with your post, there are MANY people/bots
> targeting MS FTP, and all it takes is a simple exploit to be found for
> the "element between the monitor and the chair" to be rendered useless.
>
> With the types of 'attempts' that I see daily on our FTP servers (and
> clients), they are all directed at MS exploits and security holes.
>
>> anything product without proper configuration is subjected to attacks as
>> well.
>
> Yes, but, the real difference is that MS FTP by default is easy to hack
> and has always been that way. Most third party Public Facing services
> are not defaulted that way.
>
> Yes, it's completely true that config makes all the difference, but, to
> default to open vs secure is the mistake that is common in MS products.
>
> I would love it if something like Vista (and Server 2008) abandoned the
> idea that it has to be compatible with older versions/software and was
> completely designed to be secure from the starting install.
>
> --
>
> Leythos
> - Igitur qui desiderat pacem, praeparet bellum.
> - Calling an illegal alien an "undocumented worker" is like calling a
> drug dealer an "unlicensed pharmacist"
> spam999free@rrohio.com (remove 999 for proper email address)
| 
XML Sitemap