On 02/25/2011 06:35 PM, shawn wilson wrote: > i don't think your examples are very good / secure. however, if you want > security, you might go with openbsd. http://allthatiswrong.wordpress.com/2010/01/20/the-insecurity-of-openbsd/ Security isn't a binary function, and it's not something that is shipped with operating systems or software. Security is implemented by the administrator, not the vendor. You can secure a Windows server just as hard as a GNU/Linux one, and if you don't think you can, you're fooling yourself. > however, if you are a restaurant with a small web site, you are probably > not getting that many visitors in the first place (defacement isn't > going to cost you much), you probably aren't taking in data (no > disclosure of loss of pii required), maybe you don't even have any form > fields (no sql injection, xss, xsrf, etc), maybe you even host it with a > hosting company so they've got their own security. so, you've got decent > security by default and you're losses would be minimal. so, you'd be > stupid to spend tons of money on securing your web page. Remind me not to hire you as my administrator. A small business is likely to lose much, much more when targeted with an attack than a global empire. Funds are usually tight, good technical expertise is hard to come by, and coming back from a compromise costs more time and energy due to limited resources than a mega corporation. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o
Attachment:
signature.asc
Description: OpenPGP digital signature