[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 203
  • Last Modified:

Security - is this stuff revelant anymore?

In the past trying not to reveal the O/S and version of the web server was considered a plus.  Is this no longer revelant today?

The site uptime.netcraft.com reveals the O/S and the version of the webserver for some sites.  How do you prevent the version of the O/S and the web server from being revealed?  I'd like to know how this is done for Windows and IIS, and Linux and Apache.
0
Westez
Asked:
Westez
4 Solutions
 
Andres PeralesCommented:
Not so much relevant as what procedures you use to secure your webserver.
You should not use an default installation of these webservers, best practice is to setup these server with your intallation and locations of files and folders, as well as authentication.
0
 
Patrick49erCommented:
From my reading in security articles, any information you can hide will help protect you in that the bad person has to do more work to discover what vulnerabilities your system could have.  By having that information, it helps the black hat to make a more directed attack.
0
 
smittyboomCommented:
Older versions of IIS are still targeted. We were taught in my Ethical Hacking Class to look specifically look for IIS versions so that we could know the ease of holes of gaining access.
0
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

 
Patrick49erCommented:
Rule of thumb, use everything you can to stay off their radar as much as possible and stay current.  You can never relax with security.
0
 
nociSoftware EngineerCommented:
It used to be difficult to known which server you are talking to. Besides the web server (mis-/non-informing) a client now there also is fingerprinting based on values returned as a confirmation/reject on a port. Every OS and even versions of OS's have specific fingerprints.

If you tell you are running webserver Vx.y then a google dork will show an interested hacker where to go first... (spares a lot of crawling).
0
 
WestezAuthor Commented:
All - thanks for your input.  I just wanted to check out what the other members thoughts were on the subject.  I agree that anything you can do to reduce your exposure is beneficial.  I think that it's fair to split the points, hope everyone agrees.
0
 
Patrick49erCommented:
No worries. :)  While points are great, I'm here for the knowledge. :)
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now