When it comes to setting up dedicated servers to run a website, one of the key questions that needs to be addressed is what web server software will be used. The key choice will be whether to opt for an open-source solution such as Apache HTTP Server or a closed alternative like Microsoft’s IIS. There are many things to consider and one of the major issues will be how secure the solutions are.
It was noted by news provider Opposing Views that opinions differ on which is the best solutions and each has pros and cons. Therefore, it offered some details about the benefits of both choices.
The key feature of open-source software is all its code is freely available for users to study and compile. Advocates of this solution claim it is therefore more secure because of the large community that can assess the technology and can report vulnerabilities quickly.
Looking for weaknesses in compiled code is also said to be very time consuming and take real expertise, so only hackers planning to profit from exploiting vulnerabilities are likely to make the effort.
On the other hand, solutions such as IIS are kept closed, with only the development team having access to the official copies of the source code. This means hackers would have to decompile the code themselves, which makes finding exploits more difficult. What’s more, IIS does not rely on volunteers to identify vulnerabilities, while the development team can create patches for the software much more quickly, as IIS is a business product with dedicated staff whose job is solely to focus on making the solution more secure.
It was observed by Opposing Views there is no overall consensus on which approach is better from a security perspective, so it will ultimately be up to you to weigh up the positives and negatives of each and make the best decision for your business, taking into account all factors, not just security.
However, it was also noted that no matter what web server software you opt for, insecure settings by the end user will make the solution a tempting target for hackers, so IT personnel need to make sure they are doing all they can to minimise their risk.