Solved

changing http & ssl banners for iis 6.0

Posted on 2006-07-07
11
1,122 Views
Last Modified: 2012-05-05
Greetings All,

How does one change the banners that are displayed by iis 6.0 for http and ssl?  I have an exchange server that has owa setup and i would like to change the banner for port 443 (ssl).   Any advice on this issue would be greatly appreciated !
0
Comment
Question by:ligmania
11 Comments
 
LVL 6

Expert Comment

by:e_vanheel
ID: 17064676
goto your IIS manager.  Expand to your default web page and right click properties.  Goto the Custom Errors Tabs and change to the .HTML document that you want to change the error for.

If you want to modify the existing error pages they are located in C:\WINNT\help\iisHelp\common.

I hope that helps!
0
 

Author Comment

by:ligmania
ID: 17065361
The error pages i have are customized already.  My intention was to change banner so when people port scan my system they will see the open port but not the banner that indicates it is a microsoft system.  I want to change this banner for port 443 and 80.
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17067770
This should help you do it;

http://www.snapfiles.com/get/iisbannerchanger.html

Cheers,
Rajesh
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 13

Expert Comment

by:hstiles
ID: 17073716
If you would like a microsoft suppied and supported tool to do this, then you would need to download URLscan from Microsoft

http://www.microsoft.com/downloads/details.aspx?familyid=23D18937-DD7E-4613-9928-7F94EF1C902A&displaylang=en

It is pretty simple to implement.

Microsoft did not include the facility to remove the banner from within IIS because they do not regard it as that much of a security risk.  Strange that as it's one of the first things that pen testers pick up on.
0
 

Author Comment

by:ligmania
ID: 17075310
Rajesh,

Think would be good but the link you gave me http://www.snapfiles.com/get/iisbannerchanger.html is broken.  
0
 

Author Comment

by:ligmania
ID: 17075774
hstiles,

Even with urlscan installed nmap can still come up with the service name.  I configured urlscan to remove the server header but nmap still see's the header.  My only guess is the urlscan only gets invoked when it recieves a malformed request, thus if nmap sends a normal request to it urlscan is not run.  I also don't see any files created in the log directory to indicate it caught a suspicious attempt.
0
 
LVL 13

Accepted Solution

by:
hstiles earned 500 total points
ID: 17081077
Have a look att his article which states that removing server banners won't really help as nmap can still glean information about server trpe by using specially crafted packets.

http://www.securityadmin.info/noframes/faq.asp?banner

In fact, I'd say that the only guaranteed way to prevent someone finding out what web servers you are running would be to place them behind a proxy such as ISA or using a proxied HTTP rule on your firewall.  THis would create significant overheads on such a device though and would impact web server performance
0
 

Author Comment

by:ligmania
ID: 17081413
hstiles,

Would a load balancer such as BIG-IP help or work better than ISA ?
0
 
LVL 13

Expert Comment

by:hstiles
ID: 17082287
I'm looking at the website now.  It is a layer 7 device, so it's application aware.  I'm guessing all requests are handled by the device which uses some algorithm to determine the server best suited to handle the request.  I guess it would therefore protect against low level information gathering hacks like banner grabs.  I'm assuming you already have a BIG-IP as this would be somewhat overkill just for the purpose of stopping banner grabs.
0
 

Author Comment

by:ligmania
ID: 17085479
We have some units but they won't serve this network.
0
 

Author Comment

by:ligmania
ID: 17085486
Thanks everybody for the good feedback.
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

One of the biggest threats facing all high-value targets are APT's.  These threats include sophisticated tactics that "often starts with mapping human organization and collecting intelligence on employees, who are nowadays a weaker link than network…
As technology users and professionals, we’re always learning. Our universal interest in advancing our knowledge of the trade is unmatched by most industries. It’s a curiosity that makes sense, given the climate of change. Within that, there lies a…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question