Solved

Security - is this stuff revelant anymore?

Posted on 2008-10-08
7
184 Views
Last Modified: 2013-12-04
In the past trying not to reveal the O/S and version of the web server was considered a plus.  Is this no longer revelant today?

The site uptime.netcraft.com reveals the O/S and the version of the webserver for some sites.  How do you prevent the version of the O/S and the web server from being revealed?  I'd like to know how this is done for Windows and IIS, and Linux and Apache.
0
Comment
Question by:Westez
7 Comments
 
LVL 17

Accepted Solution

by:
Andres Perales earned 125 total points
ID: 22669882
Not so much relevant as what procedures you use to secure your webserver.
You should not use an default installation of these webservers, best practice is to setup these server with your intallation and locations of files and folders, as well as authentication.
0
 
LVL 4

Assisted Solution

by:Patrick49er
Patrick49er earned 125 total points
ID: 22670618
From my reading in security articles, any information you can hide will help protect you in that the bad person has to do more work to discover what vulnerabilities your system could have.  By having that information, it helps the black hat to make a more directed attack.
0
 
LVL 4

Assisted Solution

by:smittyboom
smittyboom earned 125 total points
ID: 22672309
Older versions of IIS are still targeted. We were taught in my Ethical Hacking Class to look specifically look for IIS versions so that we could know the ease of holes of gaining access.
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 4

Expert Comment

by:Patrick49er
ID: 22672612
Rule of thumb, use everything you can to stay off their radar as much as possible and stay current.  You can never relax with security.
0
 
LVL 39

Assisted Solution

by:noci
noci earned 125 total points
ID: 22673498
It used to be difficult to known which server you are talking to. Besides the web server (mis-/non-informing) a client now there also is fingerprinting based on values returned as a confirmation/reject on a port. Every OS and even versions of OS's have specific fingerprints.

If you tell you are running webserver Vx.y then a google dork will show an interested hacker where to go first... (spares a lot of crawling).
0
 

Author Comment

by:Westez
ID: 22679605
All - thanks for your input.  I just wanted to check out what the other members thoughts were on the subject.  I agree that anything you can do to reduce your exposure is beneficial.  I think that it's fair to split the points, hope everyone agrees.
0
 
LVL 4

Expert Comment

by:Patrick49er
ID: 22679837
No worries. :)  While points are great, I'm here for the knowledge. :)
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

​Being a Managed Services Provider (MSP) has presented you  with challenges in the past— and by meeting those challenges you’ve reaped the rewards of success.  In 2014, challenges and rewards remain; but as the Internet and business environment evol…
Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
This video discusses moving either the default database or any database to a new volume.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now