Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Setup Behind Microsoft.com

Posted by kdawson on from the matter-of-scale dept.

Toreo asesino writes "Jeff Alexander gives an insight into how Microsoft runs its main sites. Interesting details include having no firewall, having to manage 650 GB of IIS logs every day, and the use of their yet unreleased Windows Server 2008 in a production environment.

4 of 412 comments (clear)

  1. Better response: by Rik+Sweeney · · Score: 0, Flamebait

    At this point we still don't use firewalls for MS.COM sites and don't have any plans on the books to put them in place. Here is the short answer as to why:

    1. We run Linux.

    --
    Summation 2
  2. Re:They do use firewall by LibertineR · · Score: 0, Flamebait

    No, dufus. A true firewall inspects individual packets.

  3. Re:Router ACL= Firewall by udippel · · Score: 1, Flamebait

    SUREURCORRECT!

    2. Router ACLs are in place to block unnecessary ports

    Right-o ! Shows what a brainwashed, single-minded dim he is. Doesn't say "(Microsoft) Firewall v.0.38.2a" on the shrink-wrapped package; and voilà, isn't (a firewall). That's how they keep the masses unwashed and in admiration. (But I digress.)

    Actually, the whole thing is a disgrace, but what to expect ... !?

    2. We have ~650GB/day of IIS logs [...] Just IIS logs are a challenge without trying to parse another ~650GB of firewall logs.

    Why is an IIS log size just as large as a firewall log ? Makes me wonder, if he thinks they were the same ??
    650GB of what ? ASCII text or gzip ?

    3. 5+ years ago, there wasn't a firewall solution that would scale to our needs and this forced us to focus on network, host, and application security.

    I'd never would want their stuff for free even. Because the use of the word 'forced' is absolutely wrong. Program security is the alpha and omega of security; and anyone who wants to have his software taken seriously would look into exactly these. Not into firewalls.

    5. Application security is critical since a firewall is likely going to allow traffic on the correct port and protocol through to the web servers so IIS/ASP.NET/Applications must deal with these requests gracefully.

    This is so right, see above. But the mentality implies he is unaware of the fact that predictable and graceful behaviour is what we want in the applications in the first place.

    6. We do run AV on our servers when we can. At times product adoption means we don't install it, but we do normally run AV.

    Makes one wonder what this is supposed to tell us. At times they don't get an AV running on their own boxen ? Can someone point out to me, which logic underpins non-usage of AV for 'product adoption' ? Like, on those boxen containing Vista ?

  4. Re:Microsoft brainwashing by kernelpanicked · · Score: 0, Flamebait

    Troll, FUD, Flamebait, wow guys get some original material or shut up already. I didn't find anything directly on update.microsoft.com but a very quick google search will show you just how "secure" Microsoft keeps their own shit.

    http://www.news.com/2100-7349_3-6085589.html
    http://www.zone-h.org/content/view/227/31/
    http://news.zdnet.com/2100-1009_22-6085589.html
    http://www.infoworld.com/articles/hn/xml/00/11/03/001103hnhacker.html
    http://archives.cnn.com/2000/TECH/computing/01/10/ms.taiwan.idg/index.html
    http://news.zdnet.co.uk/internet/0,1000000097,2086058,00.htm

    There are many more but I'm not really in the mood for doing other folks homework for them.

    --
    Ubuntu: If at first you don't succeed, blindly slap a sudo in front of it