About Joseph Lima

Joseph Lima COO and Director of Product Development, Port80 Software

Joe Lima has led the product development and support teams at Port80 Software since its inception. He has worked for a variety of Internet, wireless and software development companies, specializing in research and development for server-centric technologies. A lecturer at the University of California, San Diego and a published author on Web server technologies, Joe Lima brings a depth of knowledge on HTTP and server systems coupled with an everyday understanding of the challenges faced by Web administrators.
Which Web Server Is “Winning”

A November 2003 survey published by the UK-based Internet services company Netcraft made the claim that the Apache Web server “has a significant percentage gain” over its chief rival, Microsoft’s Internet Information Services (IIS), and now controls over two-thirds of the global Web server market. Only days later, Port80 Software released a survey stating that “Microsoft IIS maintains dominance of the corporate Web server market” with 53.8 percent of the market. With two seemingly similar surveys drawing contradictory conclusions, clearly the question of whose software powers the majority of the Web server market demands a deeper examination.

Authentication in IIS

We often think about security measures as ways of protecting resources by preventing access to them. The need for authentication arises because, in the real world, keeping people out of protected areas is only half the battle. Authentication is about letting certain people (or processes) in, while keeping everyone else out. In practice, this usually means some people are going to have to be given secrets (passwords) that will form part of the credentials they need to present in order to gain access to protected resources. But since, as the old saying goes, the best way to keep a secret is not to, the distribution and exchange of access-providing secrets inevitably raises the level of risk to a secure system. A major goal of authentication, from a security point of view, is minimizing that risk – especially when users are being authenticated remotely, over publicly-accessible networks. Authentication is the process of poking minimally risky holes in one’s security.

Mask Your Web Server for Enhanced Security

Masking or anonymizing a Web server involves removing identifying details that intruders could use to detect your OS and Web server vendor and version. This information, while providing little or no utility to legitimate users, is often the starting place for crackers, blackhat hackers and “script kiddies”.