• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 228
  • Last Modified:

Masking the way Windows 2003 web server looks to crackers.

I want my 2003 IIS 6 web server to look like a Linux server or another server for that matter when people are scanning and probing the network. Is this possible?
0
bstearns
Asked:
bstearns
  • 2
1 Solution
 
UgrumCommented:
THe people who are scanning will be able to determine the OS that host is running with 99.999% probability - they will just use OS fingerprinting, the method which analyzes network packets at a very low level to find OS-specific patterns. Of course, the fact that the web server runs Windows 2003 does not neccessary means that the website itself is running on IIS 6.0 (you can install Apache and others...), but it's the most likely scenario.
As to hide, you can use some form of reverse proxy to publish your website on a host that is not running Windows.
0
 
bstearnsAuthor Commented:
Thank you for the help.
0
 
JamesDSCommented:
Ugrum is right

OS fingerprinting goes down to the very way in which certin IP packets are responded to - and while it is possible to change that what usually happens is you end up with a duff TCP stack :(

To be honest why would you want to hide it? IIS 6, when properly set up, behind a firewall and well patched is extremely secure and superior in terms of speed and functionality to best of the competitors.

If you want to protect against scans and probes (as you put it!) then install and properly configure a firewall, I recommend you look at www.kerio.com for some of the best personal and enterprise firewall software on the market today.

Cheers

JamesDS
0
 
bstearnsAuthor Commented:
Thank you JamesDS for your insight as well.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now