Solved

Security - is this stuff revelant anymore?

Posted on 2008-10-08
7
190 Views
Last Modified: 2013-12-04
In the past trying not to reveal the O/S and version of the web server was considered a plus.  Is this no longer revelant today?

The site uptime.netcraft.com reveals the O/S and the version of the webserver for some sites.  How do you prevent the version of the O/S and the web server from being revealed?  I'd like to know how this is done for Windows and IIS, and Linux and Apache.
0
Comment
Question by:Westez
7 Comments
 
LVL 17

Accepted Solution

by:
Andres Perales earned 125 total points
ID: 22669882
Not so much relevant as what procedures you use to secure your webserver.
You should not use an default installation of these webservers, best practice is to setup these server with your intallation and locations of files and folders, as well as authentication.
0
 
LVL 4

Assisted Solution

by:Patrick49er
Patrick49er earned 125 total points
ID: 22670618
From my reading in security articles, any information you can hide will help protect you in that the bad person has to do more work to discover what vulnerabilities your system could have.  By having that information, it helps the black hat to make a more directed attack.
0
 
LVL 4

Assisted Solution

by:smittyboom
smittyboom earned 125 total points
ID: 22672309
Older versions of IIS are still targeted. We were taught in my Ethical Hacking Class to look specifically look for IIS versions so that we could know the ease of holes of gaining access.
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
LVL 4

Expert Comment

by:Patrick49er
ID: 22672612
Rule of thumb, use everything you can to stay off their radar as much as possible and stay current.  You can never relax with security.
0
 
LVL 40

Assisted Solution

by:noci
noci earned 125 total points
ID: 22673498
It used to be difficult to known which server you are talking to. Besides the web server (mis-/non-informing) a client now there also is fingerprinting based on values returned as a confirmation/reject on a port. Every OS and even versions of OS's have specific fingerprints.

If you tell you are running webserver Vx.y then a google dork will show an interested hacker where to go first... (spares a lot of crawling).
0
 

Author Comment

by:Westez
ID: 22679605
All - thanks for your input.  I just wanted to check out what the other members thoughts were on the subject.  I agree that anything you can do to reduce your exposure is beneficial.  I think that it's fair to split the points, hope everyone agrees.
0
 
LVL 4

Expert Comment

by:Patrick49er
ID: 22679837
No worries. :)  While points are great, I'm here for the knowledge. :)
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
When it comes to showing a 404 error page to your visitors, you do not want that generic page to show, and you especially do not want your hosting provider’s ad error page to show either. In this article, I will show you how to enable the custom 40…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question