XP Pro vs NT/2k/2k3 for IIS

Quick question. At my job we run a webserver on NT 4. This is the last of the NT4 boxes currently running. We have a W2K3 server running IIS as well just waiting on the move.

I am not by far a "web" guy by means of support. I installed IIS on a XP Pro workstation to test some changes I was making to our Intranet site. In this process, I was learning a bit more on how all this stuff works. I decided to design a website for our own department soon after.

   The question I have is whats the difference in security when running a published website on my XP pro box vs on one of our web servers? I currently have my workstation ported to an ext IP address. but port 80 is off. One of the guys said "I better tighten my workstation up" before he opens port 80. He suggested to me to put the website on the NT4 box (port 80 open of course)... can anyone tell me the differences in this? How unsecure is XP to NT4 or even Windows 2003 for that matter..

Thanks
sumfknguyAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Lee W, MVPTechnology and Business Process AdvisorCommented:
All I can say is IIS 6 was rewritten from the ground up in 2003 and 2003 is FAR more secure than XP or NT4 (I'd say especially NT4).
0
r-kCommented:
It's a good idea to install all known patches, whether XP or 2000/2003 server.

This is just my opinion, but I would think IIS on XP should be fairly secure if all you have open is port 80.
I would also avoid using that XP station for email, web browsing etc. on any regular basis.

However, IIS on XP is somewhat limited in features compared to IIS to Win/server.

Run MBSA to check for any missing patches etc.
0
Rich RumbleSecurity SamuraiCommented:
IIS 5-6 are vast improvments over iis4, agreed. While XP is also more secure than NT4, IIS still needs to be treated seperately, doesn't matter what OS you have running it, the security of IIS depends on it's settings, and directory/file permissions. Read up on the best practices and tools used to secure IIS, again for the most part, the secuirty of IIS (5 and 6) depends more on those settings, rather than the OS running it. As always port 80 should be the only visible port from the outside, unless your running an FTP server or other such service...
http://www.microsoft.com/technet/security/tools/locktool.mspx
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/596cdf5a-c852-4b79-b55a-708e5283ced5.mspx?mfr=true
http://support.microsoft.com/default.aspx?scid=kb;EN-US;330692
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/c21037b2-8b41-4584-a187-8947c5efcf75.mspx?mfr=true 
http://www.securityfocus.com/infocus/1765

Apache is still the most previlent web-server used on the internet, and in my opinion more secure by default, however IIS6 can be made just as secure.
-rich
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

SStoryCommented:
I think leew is right. It was rewritten and should be more secure than something that was out in 1997--long before the bad boys got so much smarter in their attacks.

no matter what you use, if you open port 80, it is an open hole, a potential for attack.

Software such as Ethereal can help you know what kind of traffic is happening on that machine.  There is also a bunch of software from System Internals such as TCPView that show you what traffic is occurring.

You probably want to set up some sort of firewall if you don't already have one.  When you said port 80 was off, I assume maybe you do have a firewall?

There are issues dealing with max number of connected users with XP that you didn't have with NT4.

HTH,

Shane
0
r-kCommented:
Yes, do consider the limitations on XP, such as a max of 10 simultaneous connections, plus others such as not being able to host multiple sites etc. Best to see first if any of those would apply in your case.
0
floorman67Commented:
Windows Server 2003 is THE choice for server setups.

connection pooling, connection release time, scalability through upscale, faster performance that previous versions of windows, enhanced security-auditing-centralized user authentication and authorization, improved volume shadow copy, improved storage management (FSRM/SAN), the list goes on and on and on .. did i mention scalability ?

http://www.microsoft.com/windowsserver2003/evaluation/overview/family.mspx

0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.