Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

XP Pro vs NT/2k/2k3 for IIS

Posted on 2006-03-30
7
Medium Priority
?
239 Views
Last Modified: 2010-07-27
Quick question. At my job we run a webserver on NT 4. This is the last of the NT4 boxes currently running. We have a W2K3 server running IIS as well just waiting on the move.

I am not by far a "web" guy by means of support. I installed IIS on a XP Pro workstation to test some changes I was making to our Intranet site. In this process, I was learning a bit more on how all this stuff works. I decided to design a website for our own department soon after.

   The question I have is whats the difference in security when running a published website on my XP pro box vs on one of our web servers? I currently have my workstation ported to an ext IP address. but port 80 is off. One of the guys said "I better tighten my workstation up" before he opens port 80. He suggested to me to put the website on the NT4 box (port 80 open of course)... can anyone tell me the differences in this? How unsecure is XP to NT4 or even Windows 2003 for that matter..

Thanks
0
Comment
Question by:sumfknguy
6 Comments
 
LVL 97

Expert Comment

by:Lee W, MVP
ID: 16338148
All I can say is IIS 6 was rewritten from the ground up in 2003 and 2003 is FAR more secure than XP or NT4 (I'd say especially NT4).
0
 
LVL 32

Expert Comment

by:r-k
ID: 16338424
It's a good idea to install all known patches, whether XP or 2000/2003 server.

This is just my opinion, but I would think IIS on XP should be fairly secure if all you have open is port 80.
I would also avoid using that XP station for email, web browsing etc. on any regular basis.

However, IIS on XP is somewhat limited in features compared to IIS to Win/server.

Run MBSA to check for any missing patches etc.
0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 400 total points
ID: 16338886
IIS 5-6 are vast improvments over iis4, agreed. While XP is also more secure than NT4, IIS still needs to be treated seperately, doesn't matter what OS you have running it, the security of IIS depends on it's settings, and directory/file permissions. Read up on the best practices and tools used to secure IIS, again for the most part, the secuirty of IIS (5 and 6) depends more on those settings, rather than the OS running it. As always port 80 should be the only visible port from the outside, unless your running an FTP server or other such service...
http://www.microsoft.com/technet/security/tools/locktool.mspx
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/596cdf5a-c852-4b79-b55a-708e5283ced5.mspx?mfr=true
http://support.microsoft.com/default.aspx?scid=kb;EN-US;330692
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/c21037b2-8b41-4584-a187-8947c5efcf75.mspx?mfr=true 
http://www.securityfocus.com/infocus/1765

Apache is still the most previlent web-server used on the internet, and in my opinion more secure by default, however IIS6 can be made just as secure.
-rich
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 25

Expert Comment

by:SStory
ID: 16344249
I think leew is right. It was rewritten and should be more secure than something that was out in 1997--long before the bad boys got so much smarter in their attacks.

no matter what you use, if you open port 80, it is an open hole, a potential for attack.

Software such as Ethereal can help you know what kind of traffic is happening on that machine.  There is also a bunch of software from System Internals such as TCPView that show you what traffic is occurring.

You probably want to set up some sort of firewall if you don't already have one.  When you said port 80 was off, I assume maybe you do have a firewall?

There are issues dealing with max number of connected users with XP that you didn't have with NT4.

HTH,

Shane
0
 
LVL 32

Expert Comment

by:r-k
ID: 16344534
Yes, do consider the limitations on XP, such as a max of 10 simultaneous connections, plus others such as not being able to host multiple sites etc. Best to see first if any of those would apply in your case.
0
 
LVL 5

Expert Comment

by:floorman67
ID: 16367984
Windows Server 2003 is THE choice for server setups.

connection pooling, connection release time, scalability through upscale, faster performance that previous versions of windows, enhanced security-auditing-centralized user authentication and authorization, improved volume shadow copy, improved storage management (FSRM/SAN), the list goes on and on and on .. did i mention scalability ?

http://www.microsoft.com/windowsserver2003/evaluation/overview/family.mspx

0

Featured Post

Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Considering today’s continual security threats, which affect Information technology networks and systems worldwide, it is very important to practice basic security awareness. A normal system user can secure himself or herself by following these simp…
Securing your business data in current era should be your biggest priority. Numerous people are unaware of the fact that insiders commit more than 60 percent of security breaches. You need to figure out the underlying cause and invoke your potential…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question