Security Risks??
Gerry Creager
gerry.creager at TAMU.EDU
Fri Aug 19 12:28:05 PDT 2005
Arnulf Christl wrote:
> Jennifer Zeisloft wrote:
>
>> Hello All-
>>
>> We have been working locally with ms4w but would like to "go public".
>> My understanding is that there are some security risks involved in using
>> the ms4w installation as opposed to the Map Server installation. Our
>> network administrator would like to know exactly what are the security
>> and other issues with using ms4w before we switch to Map Server. If
>> someone could explain this or point me to the documentation that
>> explains it, I would be very appreciative. Thanks in advance!
>>
>> Jennifer Zeisloft
>>
>>
> Hey,
> none answered you yet? Thats strange.
>
> MS4W basically *is* MapServer - no better or worse , but it includes
> loads of additinal goodies that you might or might not need. Regarding
> security issues, all that your admin has to do is close the doors on her
> system as she would in any security environment. That enough?
As I no longer administer Windows systems, I really can't speak to MS4W
security save in sweeping terms. Using it with Apache should be pretty
safe, if, as noted above, your adiminstrator has taken care to close
known problem holes... stuff common to Apache installs.
All of our security exercises have strongly suggested that a
knowledgable intruder can readily take over most Windows systems.
Please note: This isn't a Windows slam, but that's what we're seeing on
our campus with our network security exercises. One of the primary
vectors we've seen exploited (ignoring mail trojans, etc) were IIS
exploits. We've seen very few Apache exploits on
well-patched/well-protected WinXP systems.
So I echo the sentiment above: Patch it all, close as many holes as
possible, make sure there are security logging mechanisms to allow you
to detect an intrusion, and you've probably done a good job.
At least in the source-version, implemented on Linux and Solaris, I've
not seen any vulnerabilities reach out and scream at me.
Gerry
--
Gerry Creager -- gerry.creager at tamu.edu
Texas Mesonet -- AATLT, Texas A&M University
Cell: 979.229.5301 Office: 979.458.4020
FAX: 979.847.8578 Pager: 979.228.0173
Office: 903A Eller Bldg, TAMU, College Station, TX 77843
More information about the MapServer-users
mailing list