Security Risks??

Gerry Creager gerry.creager at TAMU.EDU
Fri Aug 19 12:28:05 PDT 2005 

Arnulf Christl wrote:
> Jennifer Zeisloft wrote:
> 
>> Hello All-
>>
>> We have been working locally with ms4w but would like to "go public".
>> My understanding is that there are some security risks involved in using
>> the ms4w installation as opposed to the Map Server installation.  Our
>> network administrator would like to know exactly what are the  security
>> and other issues with using ms4w before we switch to Map Server.  If
>> someone could explain this or point me to the documentation that
>> explains it, I would be very appreciative.  Thanks in advance!
>>
>> Jennifer Zeisloft
>>
>>
> Hey,
> none answered you yet? Thats strange.
> 
> MS4W basically *is* MapServer - no better or worse , but it includes
> loads of additinal goodies that you might or might not need. Regarding
> security issues, all that your admin has to do is close the doors on her
> system as she would in any security environment. That enough?

As I no longer administer Windows systems, I really can't speak to MS4W 
security save in sweeping terms.  Using it with Apache should be pretty 
safe, if, as noted above, your adiminstrator has taken care to close 
known problem holes... stuff common to Apache installs.

All of our security exercises have strongly suggested that a 
knowledgable intruder can readily take over most Windows systems. 
Please note: This isn't a Windows slam, but that's what we're seeing on 
our campus with our network security exercises.  One of the primary 
vectors we've seen exploited (ignoring mail trojans, etc) were IIS 
exploits.  We've seen very few Apache exploits on 
well-patched/well-protected WinXP systems.

So I echo the sentiment above:  Patch it all, close as many holes as 
possible, make sure there are security logging mechanisms to allow you 
to detect an intrusion, and you've probably done a good job.

At least in the source-version, implemented on Linux and Solaris, I've 
not seen any vulnerabilities reach out and scream at me.

Gerry
-- 
Gerry Creager -- gerry.creager at tamu.edu
Texas Mesonet -- AATLT, Texas A&M University	
Cell: 979.229.5301 Office: 979.458.4020
FAX:  979.847.8578 Pager:  979.228.0173
Office: 903A Eller Bldg, TAMU, College Station, TX 77843

More information about the MapServer-users mailing list