I heard on the news this morning that there are 1.5 million web sites using
IIS that are subject to hacking by a tool readily available on the Internet.
I think that should end the discussion.
> -----Original Message-----
> From: Kunz, Peter [SMTP:[EMAIL PROTECTED]]
> Sent: Tuesday, June 15, 1999 5:15 AM
> To: [EMAIL PROTECTED]
> Subject: Re: Why not NT?
>
> Folks,
> I came across some nice Gartner Group reports. Here are some highlights:
>
> - SPA-03-1884 NT Server Security: When 'Good Enough' Is Not Enough
>
> For most server applications, the security of NT Server will not be an
> inhibitor to its deployment, but we recommend that NT Server be avoided
> for
> security-critical applications.
>
> Enterprises should not deploy NTS without assessing the likelihood of a
> sophisticated attack of the application deployes. For most enterprise
> applications, NT's ease of setup and configuration out of the box provides
> a "secure enough" platform that minimizes the risk of a security exposure;
> however, through year-end 2000, enterprises should avoid using NTS for
> security-ceritical server deployments sucha s firewalls for high-threat
> locations, as a focal point fo rsingle sign-on or for hosting
> Internet-based
> electronic systems.
>
> For security-critical deployments, NTS will remain less secure than other
> mature midrange OSs through 2001 because of Microsoft's desire to target
> vol�ume markets and increase revenue through continual product
> ehnhancements.
>
> [Long list of NT security lags and B-level OSs]
>
> - C-03-5070 Sun. Pulling Together a Security Strategy?
>
> We consider the firewall market to be composed of three different
> segments:
> a high security segement, a midrange segment and a low end that is served
> by
> firerwall appliances. Midsize enterprises should select firewalls on the
> basis of familiarity with the platform used, ease of use and the quality
> of
> securit yprovided by the vendior.
>
> - KA-03-7212 Essential Components opf a PC Security Software Decision
>
> [Lots of stuff on encryption]
>
> Microsoft OS Security Highlights; Risk of HandheldsP-06-7364 HP's
> VirtualVault: Running Ahead for a Secure Web
>
> [Nice piece ob a B-level compliant OS including Netscape Webserver]
> [Porting to NT difficult, as source code for B-level verification not
> available]
> Other vendors: Sun and Data General.
> [I'd expect to see B-level AIX (IBM) sometime soon]
>
>
> I recommend anyone with a GG subscription get teh CD and doe some
> research.
>
>
> cu
> -pete
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
