News from PANUG - October 2, 2001
http://panug.org
GIGABIT TO THE DESKTOP
Companies like Intel are pushing the idea that having
Gigabit networks right up to desktop computers is useful.
Others point out that most PCs are not capable of
supporting sustained gigabit data rates - especially
desktop computers running Windows - and that it would
be a waste of money. PANUG would like to know whether
a session on gigabit desktop networking is something
you'd like to see at a monthly meeting. Please send your
comments to info@panug.org.
IIS AND DISASTER PLANNING
by Ed Sawicki ("Friends don't put friends in Outlook address books.")
While some companies have had enough of IIS security holes and
now have plans to replace it, it has not deterred many companies
from continuing their commitment to it. At a SANS security
conference last week, over 700 people showed up to hear how
they could better secure IIS. Presumably, this was not a 2
minute session where the speaker used one slide that said
"Upgrade to Apache or iPlanet - Thanks for coming and enjoy
the conference".
Other companies have begun to question the wisdom of continuing
to use IIS but need solid reasons from their employees or
consultants before converting. Paul Heinlein, an administrator in
Portland, recently gave these reasons for converting to Apache and
other free software:
1. You can have multiple Apache instances running on the same
machine (quite useful for testing - but impossible with IIS)
2. Write your own server-level modules - in C, Perl, or Python
3. Eight little letters: s-e-c-u-r-i-t-y
4. Web server needn't have a GUI-laden OS; can even run headless
(imagine that -- a server without a console; what will they
think of next?)
5. Choose your OS: a gazillion Unices, Windows, OS X, etc.
6. Choose your hardware platform: x86, Alpha, SPARC, PowerPC,
StrongARM, or even IBM big iron
7. Dissatisfied with the server code? Fix it
8. Get support from IBM, if you're so inclined
9. Keep your current version around for as long as you'd like;
no now-you-see-it-now-you-don't license to contend with
10. Apache can be completely, 100% administered via an ssh login
session and standard command-line tools
11. Choose your "active server pages" environment: PHP, Tomcat,
Perl, Python, Ruby, Enhydra, ...
12. ... and your own database: PostgreSQL, MySQL, mSQL, Oracle,
db3, or any ODBC/JDBC-compliant RDBMS of your choice
13. Feel free to be not locked into any of the choices you made
above: OS, platform, development environment, RDBMS
14. Deal with the Apache developers, who will acknowledge bugs
openly and fix them quickly (or see no. 7, above)
Additionally, Paul said "And, see, I didn't mention cost once."
Well, why not mention cost?
Because it doesn't appear to be a compelling argument. All the
software needed for running a web site or eCommerce site is free
yet saving money does not seem to be a good enough reason. This
may be because company management believes there are hidden
costs that exceed the cost of IIS. It's hard for me to understand
how people can believe this, given the IIS bugs and security holes,
but I'm no MBA.
If you're trying to get management in your company to move
from IIS to something else, like Apache or iPlanet, it seems that
another strategy is needed because traditional good reasons don't
work. One strategy that you've probably not tried before is
disaster planning and recovery - a timely topic given events
of the past few weeks.
Suggest to management that the best defense against
Internet-borne attacks is diversity. Let them know that most
attackers will be targeting Microsoft software and that many
of these attacks will be successful - causing downtime. The
company disaster plan should include backup servers running
non-Microsoft software. When the inevitable attacks disrupt
your Microsoft servers, your company can temporarily switch
to the backups until the danger is over. The benefit is little
to no downtime.
If you're nervous about making this pitch to management, give
me a call. Management will often give greater credence to
ideas that originate from outside the company - another concept
that's somewhat of a mystery to me.