With hosting the price point determines a lot of things. If you are on shared hosting then your concern is not just your app and the host, it's your app, the host security and everyone else' app on the box + their security practice/knowledge.
If you have your own server, then security is between you and the host provider and your support agreement. So you've reduced your surface down to you and the host (your practices / apps, the hosts provisioning system and your connectivity, etc). If your host uses ftp instead of ssh/scp etc then your vector of vulnerability is broadened. If not then reduced, etc. Really what it comes down to, is know your app and server configuration and what you can control. Steven Peck http://www.blkmtn.org On Wed, Jun 16, 2010 at 11:58 AM, Andrew S. Baker <[email protected]> wrote: > Depends on the vendor and the pricepoint. It's really a mixed bag. > > The result is either a lot of properly secured systems, or a boatload of > insecure ones. > > And the clients in need of that outsourcing are usually lacking the skills > or resources to verify. > > -ASB: http://XeeSM.com/AndrewBaker > > Sent from my Motorola Droid > > On Jun 16, 2010 7:58 AM, "Ziots, Edward" <[email protected]> wrote: > > ASB, > > > > Did you find that outsourced was better or worse than directly managed when > it came to security of the systems….? > > > > Z > > > > Edward Ziots > > CISSP,MCSA,MCP+I,Security +,Network +,CCA > > Network Engineer > > Lifespan Organ... > > From: Andrew S. Baker [mailto:[email protected]] > Sent: Wednesday, June 16, 2010 6:19 AM > > To: NT System Admin Issues > > Subject: Re: Time to verify your IIS setup > > > > True. My focus was not on IIS itself, but on whether the owners of the > affected systems were directly managing the boxes vs outsourced management > of the boxes. > > -ASB: http://XeeSM.com/AndrewBaker > > On Tue, Jun 15, 2010 at 7:17 PM, Ziots, Edward <[email protected]> wrote: > > Problem is that its not IIS in itself that is the problem is the > web-application running on IIS th... > > > > Z > > > > Edward Ziots > > CISSP,MCSA,MCP+I,Security +,Network +,CCA > > Network Engineer > > Lifespan Organizatio... > > From: Andrew S. Baker [mailto:[email protected]] > Sent: Tuesday, June 15, 2010 5:46 PM > > > To: NT System Admin Issues > Subject: Re: Time to verify your IIS setup > > > > More important to me is, "How many discrete managers of IIS > systems/environments does this represent?" > > > > I mean, on one level, if a single ISP hosting 500 discrete sites for clients > is a victim, that'... > > > -ASB: http://XeeSM.com/AndrewBaker > > On Tue, Jun 15, 2010 at 5:38 PM, Sam Cayze <[email protected]> wrote: > > Dang. > I was just curious... > > How many IIS sites are there in the world? Roughly 780K. So if the > ... > > > > > > > > > > > > > > > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
