In response to this quote
<< You should be scared, I'm pretty sure it was said a default, unpatched install of Win2K+IIS or RedHat 7 (provided you choose the default server install and let it install all the daemons it wants) will get cracked in under 10 minutes. >>
from this thread.
Is this really possible? How secure is a default install of IIS on XP with all the updates from Windows Update? I've always considered this to be secure and routinely run IIS webserver on a nonstandard port to download files from a certain 1 deep directory while I'm at school(nothing critical and only with read permission). Webroot does not have rwxb for any users. I could not get any of the authentication methods to work, so I just gave up and did this. This computer is also behind a nat based router with a very select number of ports mapped to it.
Has my M$ centric world lulled me into a false sense of security?
<< You should be scared, I'm pretty sure it was said a default, unpatched install of Win2K+IIS or RedHat 7 (provided you choose the default server install and let it install all the daemons it wants) will get cracked in under 10 minutes. >>
from this thread.
Is this really possible? How secure is a default install of IIS on XP with all the updates from Windows Update? I've always considered this to be secure and routinely run IIS webserver on a nonstandard port to download files from a certain 1 deep directory while I'm at school(nothing critical and only with read permission). Webroot does not have rwxb for any users. I could not get any of the authentication methods to work, so I just gave up and did this. This computer is also behind a nat based router with a very select number of ports mapped to it.
Has my M$ centric world lulled me into a false sense of security?
