Solved

Security - is this stuff revelant anymore?

Posted on 2008-10-08
7
193 Views
Last Modified: 2013-12-04
In the past trying not to reveal the O/S and version of the web server was considered a plus.  Is this no longer revelant today?

The site uptime.netcraft.com reveals the O/S and the version of the webserver for some sites.  How do you prevent the version of the O/S and the web server from being revealed?  I'd like to know how this is done for Windows and IIS, and Linux and Apache.
0
Comment
Question by:Westez
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 17

Accepted Solution

by:
Andres Perales earned 125 total points
ID: 22669882
Not so much relevant as what procedures you use to secure your webserver.
You should not use an default installation of these webservers, best practice is to setup these server with your intallation and locations of files and folders, as well as authentication.
0
 
LVL 4

Assisted Solution

by:Patrick49er
Patrick49er earned 125 total points
ID: 22670618
From my reading in security articles, any information you can hide will help protect you in that the bad person has to do more work to discover what vulnerabilities your system could have.  By having that information, it helps the black hat to make a more directed attack.
0
 
LVL 4

Assisted Solution

by:smittyboom
smittyboom earned 125 total points
ID: 22672309
Older versions of IIS are still targeted. We were taught in my Ethical Hacking Class to look specifically look for IIS versions so that we could know the ease of holes of gaining access.
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 
LVL 4

Expert Comment

by:Patrick49er
ID: 22672612
Rule of thumb, use everything you can to stay off their radar as much as possible and stay current.  You can never relax with security.
0
 
LVL 40

Assisted Solution

by:noci
noci earned 125 total points
ID: 22673498
It used to be difficult to known which server you are talking to. Besides the web server (mis-/non-informing) a client now there also is fingerprinting based on values returned as a confirmation/reject on a port. Every OS and even versions of OS's have specific fingerprints.

If you tell you are running webserver Vx.y then a google dork will show an interested hacker where to go first... (spares a lot of crawling).
0
 

Author Comment

by:Westez
ID: 22679605
All - thanks for your input.  I just wanted to check out what the other members thoughts were on the subject.  I agree that anything you can do to reduce your exposure is beneficial.  I think that it's fair to split the points, hope everyone agrees.
0
 
LVL 4

Expert Comment

by:Patrick49er
ID: 22679837
No worries. :)  While points are great, I'm here for the knowledge. :)
0

Featured Post

Percona Live Europe 2017 | Sep 25 - 27, 2017

The Percona Live Open Source Database Conference Europe 2017 is the premier event for the diverse and active European open source database community, as well as businesses that develop and use open source database software.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
Preparing an email is something we should all take special care with – especially when the email is for somebody you may not know very well. The pressures of everyday working life stacked with a hectic office environment can make this a real challen…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
Suggested Courses

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question