> It's true that explorer is only loaded when somebody is > logged in. However, the GUI and a bunch of other (some > very unnessesary services for a server) are always running.
Windows Explorer IS the GUI. As for unnecessary services, you can turn all but nine of them off on Windows 2000. Again, you can easily confirm this by connecting to a Windows box through a command prompt, and using pslist to see what's running. > If you have configured the server properly, however, even > though an attacker will be able to get into the server, he > will not be able to do much. For example, if you do a default > install of ColdFusion, it will run as as Local System on > windows, an account which has full permissions to > anything on the server. If you do a default install of practically anything, it will be less secure than it should be. If you do a default install of practically anything, you have not configured the server properly. It is very easy to run CFMX with a non-privileged account in Windows. It typically can be set up in a matter of minutes. > As far as whether a firewall is needed, you don't need an > external firewall with linux. It has a very robust firewall > built in, either iptables, or on older version ipchains. You > can do anything with those firewalls that you can do with > hardware firewalls (In fact most hardware firewalls run some > version of linux). You can easily set up simple packet-filtering rulesets on Windows using IP security policies. But in any case, most security problems with web/application servers come from the web and application services and the applications they run, not from other things. Firewalls don't generally help too much with that. > Linux is just inherently more secure, has a lot of tools for > security as well. I would agree that, historically at least, Linux has been more secure by default. However, very few OSs are secure enough by default, and they therefore need to be configured by knowledgeable people to be secure enough for use on an untrusted network. So, as a general guide, you should probably work with the system you know best. Personally, I would rather be responsible for securing a Windows server than a Linux server, since I'm more familiar with Windows and how to secure it. > There are things you can do with linux that you can only dream > of doing on windows. The reverse is also true, for what that's worth. I can think of five or six things offhand that I can do with Windows that are very important to me - and I can't do them with Linux (or OS X, which I'd probably use if it weren't for those things). > The problem with linux is that it is a lot more difficult to > manage. There are no pretty GUI's to guide you, and a lot of > stuff has to get done through command line or configuration > files. However, most of the time, once you've configured > something, you don't have to worry about it, until you need to > make changes. With windows, things always tend to go wrong, > although it's gotten a lot better with Windows 2003. No, the problem with Linux is that it's a lot more difficult to manage, if you're not already knowledgeable about it. Windows is a lot easier to stumble around in. They both require significant amounts of knowledge to manage. Once you have that knowledge, though, things don't always tend to go wrong. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:225209 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
