Solved

changing http & ssl banners for iis 6.0

Posted on 2006-07-07
11
1,119 Views
Last Modified: 2012-05-05
Greetings All,

How does one change the banners that are displayed by iis 6.0 for http and ssl?  I have an exchange server that has owa setup and i would like to change the banner for port 443 (ssl).   Any advice on this issue would be greatly appreciated !
0
Comment
Question by:ligmania
11 Comments
 
LVL 6

Expert Comment

by:e_vanheel
ID: 17064676
goto your IIS manager.  Expand to your default web page and right click properties.  Goto the Custom Errors Tabs and change to the .HTML document that you want to change the error for.

If you want to modify the existing error pages they are located in C:\WINNT\help\iisHelp\common.

I hope that helps!
0
 

Author Comment

by:ligmania
ID: 17065361
The error pages i have are customized already.  My intention was to change banner so when people port scan my system they will see the open port but not the banner that indicates it is a microsoft system.  I want to change this banner for port 443 and 80.
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17067770
This should help you do it;

http://www.snapfiles.com/get/iisbannerchanger.html

Cheers,
Rajesh
0
 
LVL 13

Expert Comment

by:hstiles
ID: 17073716
If you would like a microsoft suppied and supported tool to do this, then you would need to download URLscan from Microsoft

http://www.microsoft.com/downloads/details.aspx?familyid=23D18937-DD7E-4613-9928-7F94EF1C902A&displaylang=en

It is pretty simple to implement.

Microsoft did not include the facility to remove the banner from within IIS because they do not regard it as that much of a security risk.  Strange that as it's one of the first things that pen testers pick up on.
0
 

Author Comment

by:ligmania
ID: 17075310
Rajesh,

Think would be good but the link you gave me http://www.snapfiles.com/get/iisbannerchanger.html is broken.  
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 

Author Comment

by:ligmania
ID: 17075774
hstiles,

Even with urlscan installed nmap can still come up with the service name.  I configured urlscan to remove the server header but nmap still see's the header.  My only guess is the urlscan only gets invoked when it recieves a malformed request, thus if nmap sends a normal request to it urlscan is not run.  I also don't see any files created in the log directory to indicate it caught a suspicious attempt.
0
 
LVL 13

Accepted Solution

by:
hstiles earned 500 total points
ID: 17081077
Have a look att his article which states that removing server banners won't really help as nmap can still glean information about server trpe by using specially crafted packets.

http://www.securityadmin.info/noframes/faq.asp?banner

In fact, I'd say that the only guaranteed way to prevent someone finding out what web servers you are running would be to place them behind a proxy such as ISA or using a proxied HTTP rule on your firewall.  THis would create significant overheads on such a device though and would impact web server performance
0
 

Author Comment

by:ligmania
ID: 17081413
hstiles,

Would a load balancer such as BIG-IP help or work better than ISA ?
0
 
LVL 13

Expert Comment

by:hstiles
ID: 17082287
I'm looking at the website now.  It is a layer 7 device, so it's application aware.  I'm guessing all requests are handled by the device which uses some algorithm to determine the server best suited to handle the request.  I guess it would therefore protect against low level information gathering hacks like banner grabs.  I'm assuming you already have a BIG-IP as this would be somewhat overkill just for the purpose of stopping banner grabs.
0
 

Author Comment

by:ligmania
ID: 17085479
We have some units but they won't serve this network.
0
 

Author Comment

by:ligmania
ID: 17085486
Thanks everybody for the good feedback.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Manual DNS and blocking mapped drives 8 90
Sudden performance loss on a Vista system. 14 145
Question on security Audit 2 94
audit logs in excel spreadsheet 1 46
Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Every computer eventually fails. When that happens, your valuable data is only as safe as your current backup.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now