"Karl Pierburg" <Ka**********@discussions.microsoft.com> wrote in message
news:55**********************************@microsof t.com...
Thanks, that's very helpful, and re-assuring.
Any downsides / upsides to using Casini over IIS? Would Cassini handle a
scenario like mine, with one visitor (or two, if I'm troubleshooting) at a
time any better or worse than IIS?
Finally, I like the implications that I could Add Casini to my install
page,
can I do something similar with IIS if I choose to say on that path?
Thanks for your help.
"John Timney ( MVP )" wrote:
There is one major downside to using IIS: it's a target. It takes an
impressively small amount of time for an unprotected IIS instance to get
infected once exposed to the public Internet. Unless you specifically locked
down each and every user's local install of IIS, you've left them extremely
vulnerable. Once one of those laptops gets infected, your user is going to
jack that machine back into your LAN the next time they are in the office
and now you've got an infected IIS server running inside your corporate
firewall. Before you know what's going on, your main IIS server(s) - the
ones you thought were safe because they're behind your firewall - will
probably be infected as well. There's a mess just waiting to happen.
Cassini, I believe, will mitigate a great deal of risk in it's default setup
because it will only accept local connections. Of course, you can lock-down
IIS, including restricting it to local connections, but you have to take
responsibility for making these changes yourself and keeping the machines
patched and training your users to always, always, always keep their local
firewalls running, and etc, etc, etc, etc...
Please think about security as you are designing your systems. The world
does not need another batch of infected IIS instances trying endlessly to
spread some virus/worm to every other machine they can find.
Good luck,
Ryan LaNeve
