Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 202
  • Last Modified:

Security - is this stuff revelant anymore?

In the past trying not to reveal the O/S and version of the web server was considered a plus.  Is this no longer revelant today?

The site uptime.netcraft.com reveals the O/S and the version of the webserver for some sites.  How do you prevent the version of the O/S and the web server from being revealed?  I'd like to know how this is done for Windows and IIS, and Linux and Apache.
0
Westez
Asked:
Westez
4 Solutions
 
Andres PeralesCommented:
Not so much relevant as what procedures you use to secure your webserver.
You should not use an default installation of these webservers, best practice is to setup these server with your intallation and locations of files and folders, as well as authentication.
0
 
Patrick49erCommented:
From my reading in security articles, any information you can hide will help protect you in that the bad person has to do more work to discover what vulnerabilities your system could have.  By having that information, it helps the black hat to make a more directed attack.
0
 
smittyboomCommented:
Older versions of IIS are still targeted. We were taught in my Ethical Hacking Class to look specifically look for IIS versions so that we could know the ease of holes of gaining access.
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 
Patrick49erCommented:
Rule of thumb, use everything you can to stay off their radar as much as possible and stay current.  You can never relax with security.
0
 
nociSoftware EngineerCommented:
It used to be difficult to known which server you are talking to. Besides the web server (mis-/non-informing) a client now there also is fingerprinting based on values returned as a confirmation/reject on a port. Every OS and even versions of OS's have specific fingerprints.

If you tell you are running webserver Vx.y then a google dork will show an interested hacker where to go first... (spares a lot of crawling).
0
 
WestezAuthor Commented:
All - thanks for your input.  I just wanted to check out what the other members thoughts were on the subject.  I agree that anything you can do to reduce your exposure is beneficial.  I think that it's fair to split the points, hope everyone agrees.
0
 
Patrick49erCommented:
No worries. :)  While points are great, I'm here for the knowledge. :)
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now