Solved

changing http & ssl banners for iis 6.0

Posted on 2006-07-07
11
1,136 Views
Last Modified: 2012-05-05
Greetings All,

How does one change the banners that are displayed by iis 6.0 for http and ssl?  I have an exchange server that has owa setup and i would like to change the banner for port 443 (ssl).   Any advice on this issue would be greatly appreciated !
0
Comment
Question by:ligmania
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
11 Comments
 
LVL 6

Expert Comment

by:e_vanheel
ID: 17064676
goto your IIS manager.  Expand to your default web page and right click properties.  Goto the Custom Errors Tabs and change to the .HTML document that you want to change the error for.

If you want to modify the existing error pages they are located in C:\WINNT\help\iisHelp\common.

I hope that helps!
0
 

Author Comment

by:ligmania
ID: 17065361
The error pages i have are customized already.  My intention was to change banner so when people port scan my system they will see the open port but not the banner that indicates it is a microsoft system.  I want to change this banner for port 443 and 80.
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17067770
This should help you do it;

http://www.snapfiles.com/get/iisbannerchanger.html

Cheers,
Rajesh
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 
LVL 13

Expert Comment

by:hstiles
ID: 17073716
If you would like a microsoft suppied and supported tool to do this, then you would need to download URLscan from Microsoft

http://www.microsoft.com/downloads/details.aspx?familyid=23D18937-DD7E-4613-9928-7F94EF1C902A&displaylang=en

It is pretty simple to implement.

Microsoft did not include the facility to remove the banner from within IIS because they do not regard it as that much of a security risk.  Strange that as it's one of the first things that pen testers pick up on.
0
 

Author Comment

by:ligmania
ID: 17075310
Rajesh,

Think would be good but the link you gave me http://www.snapfiles.com/get/iisbannerchanger.html is broken.  
0
 

Author Comment

by:ligmania
ID: 17075774
hstiles,

Even with urlscan installed nmap can still come up with the service name.  I configured urlscan to remove the server header but nmap still see's the header.  My only guess is the urlscan only gets invoked when it recieves a malformed request, thus if nmap sends a normal request to it urlscan is not run.  I also don't see any files created in the log directory to indicate it caught a suspicious attempt.
0
 
LVL 13

Accepted Solution

by:
hstiles earned 500 total points
ID: 17081077
Have a look att his article which states that removing server banners won't really help as nmap can still glean information about server trpe by using specially crafted packets.

http://www.securityadmin.info/noframes/faq.asp?banner

In fact, I'd say that the only guaranteed way to prevent someone finding out what web servers you are running would be to place them behind a proxy such as ISA or using a proxied HTTP rule on your firewall.  THis would create significant overheads on such a device though and would impact web server performance
0
 

Author Comment

by:ligmania
ID: 17081413
hstiles,

Would a load balancer such as BIG-IP help or work better than ISA ?
0
 
LVL 13

Expert Comment

by:hstiles
ID: 17082287
I'm looking at the website now.  It is a layer 7 device, so it's application aware.  I'm guessing all requests are handled by the device which uses some algorithm to determine the server best suited to handle the request.  I guess it would therefore protect against low level information gathering hacks like banner grabs.  I'm assuming you already have a BIG-IP as this would be somewhat overkill just for the purpose of stopping banner grabs.
0
 

Author Comment

by:ligmania
ID: 17085479
We have some units but they won't serve this network.
0
 

Author Comment

by:ligmania
ID: 17085486
Thanks everybody for the good feedback.
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There is a lot to be said for protecting yourself and your accounts with 2 factor authentication.  I found to my own chagrin, that there is a big downside as well.
Let's recap what we learned from yesterday's Skyport Systems webinar.
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses
Course of the Month9 days, 7 hours left to enroll

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question