From owner-freebsd-questions Fri Feb 8 23:10:23 2002 Delivered-To: freebsd-questions@freebsd.org Received: from freebie.atkielski.com (ASt-Lambert-101-2-1-14.abo.wanadoo.fr [193.251.59.14]) by hub.freebsd.org (Postfix) with ESMTP id 1980037B405 for ; Fri, 8 Feb 2002 23:10:20 -0800 (PST) Received: from contactdish ([10.0.0.10]) by freebie.atkielski.com (8.11.3/8.11.3) with SMTP id g197ABr67030; Sat, 9 Feb 2002 08:10:11 +0100 (CET) (envelope-from anthony@freebie.atkielski.com) Message-ID: <017801c1b138$d1504c30$0a00000a@atkielski.com> From: "Anthony Atkielski" To: "Charles Burns" , References: Subject: Re: Breaking permissions on Windows 2000 (Server Edition) Date: Sat, 9 Feb 2002 08:09:55 +0100 Organization: Anthony's Home Page (development site) MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-15" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Charles writes: > I doubt that anyone would say with a straight > face that a Windows server using, say, IIS, > is more secure than a (say) FreeBSD or Solaris > server running Apache or Zeus. It depends on the type of attack. Windows has traditionally been less secure against "out of band" attacks, which for Windows means anything supporting standard Internet protocols such as HTTP or FTP, with their inherent near-absence of security. Windows cannot profit from its various architectural features enhancing security when supporting these protocols, and the general complexity of the OS, combined with this exposure, makes it easy to open holes in security. However, Windows is much more secure against "in band" attacks; for example, breaking into a Windows NT/2000 domain _without_ using one of the security-free Internet protocols is far more difficult than it would be on UNIX. The problem, of course, is that many Windows servers are running insecure Internet protocols, and in those circumstances they have a disadvantage compared to UNIX. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message