Microsoft's IIS and Apache HTTP are both equal. If they are both properly configured properly
they are resistant to almost all attacks. But then there are a few exceptions like an exploit
that allows a cracker access.

THE LARGEST REASON FOR WEB SERVERS AND BEING HACKED IS THE RESULT OF POOR ADMINISTRATION

Both IIS and Apache have exploits, but IIS's are more publisized. There is no webserver that
is better then the other. If you reley on just the default settings you deserved being hacked.

Networks shoule have multiple security defenses and plans. Such as the following

Border router
Perimeter network (DMZ)
software firewall
packet filtering/inspection from software or hardware
Change standard ports eg. Telnet, SSH
etc.

Just though i would point that out.