Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1151
  • Last Modified:

changing http & ssl banners for iis 6.0

Greetings All,

How does one change the banners that are displayed by iis 6.0 for http and ssl?  I have an exchange server that has owa setup and i would like to change the banner for port 443 (ssl).   Any advice on this issue would be greatly appreciated !
0
ligmania
Asked:
ligmania
1 Solution
 
e_vanheelCommented:
goto your IIS manager.  Expand to your default web page and right click properties.  Goto the Custom Errors Tabs and change to the .HTML document that you want to change the error for.

If you want to modify the existing error pages they are located in C:\WINNT\help\iisHelp\common.

I hope that helps!
0
 
ligmaniaAuthor Commented:
The error pages i have are customized already.  My intention was to change banner so when people port scan my system they will see the open port but not the banner that indicates it is a microsoft system.  I want to change this banner for port 443 and 80.
0
 
rsivanandanCommented:
This should help you do it;

http://www.snapfiles.com/get/iisbannerchanger.html

Cheers,
Rajesh
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
hstilesCommented:
If you would like a microsoft suppied and supported tool to do this, then you would need to download URLscan from Microsoft

http://www.microsoft.com/downloads/details.aspx?familyid=23D18937-DD7E-4613-9928-7F94EF1C902A&displaylang=en

It is pretty simple to implement.

Microsoft did not include the facility to remove the banner from within IIS because they do not regard it as that much of a security risk.  Strange that as it's one of the first things that pen testers pick up on.
0
 
ligmaniaAuthor Commented:
Rajesh,

Think would be good but the link you gave me http://www.snapfiles.com/get/iisbannerchanger.html is broken.  
0
 
ligmaniaAuthor Commented:
hstiles,

Even with urlscan installed nmap can still come up with the service name.  I configured urlscan to remove the server header but nmap still see's the header.  My only guess is the urlscan only gets invoked when it recieves a malformed request, thus if nmap sends a normal request to it urlscan is not run.  I also don't see any files created in the log directory to indicate it caught a suspicious attempt.
0
 
hstilesCommented:
Have a look att his article which states that removing server banners won't really help as nmap can still glean information about server trpe by using specially crafted packets.

http://www.securityadmin.info/noframes/faq.asp?banner

In fact, I'd say that the only guaranteed way to prevent someone finding out what web servers you are running would be to place them behind a proxy such as ISA or using a proxied HTTP rule on your firewall.  THis would create significant overheads on such a device though and would impact web server performance
0
 
ligmaniaAuthor Commented:
hstiles,

Would a load balancer such as BIG-IP help or work better than ISA ?
0
 
hstilesCommented:
I'm looking at the website now.  It is a layer 7 device, so it's application aware.  I'm guessing all requests are handled by the device which uses some algorithm to determine the server best suited to handle the request.  I guess it would therefore protect against low level information gathering hacks like banner grabs.  I'm assuming you already have a BIG-IP as this would be somewhat overkill just for the purpose of stopping banner grabs.
0
 
ligmaniaAuthor Commented:
We have some units but they won't serve this network.
0
 
ligmaniaAuthor Commented:
Thanks everybody for the good feedback.
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now