Solved

The server allows capture of the HTTP service banner. Service banners can contain sensitive information, such as application and Operating System (OS) version numbers. An attacker can use the version

Posted on 2009-03-29
8
360 Views
Last Modified: 2012-05-06
The server allows capture of the HTTP service banner. Service banners can contain sensitive information, such as application and Operating System (OS) version numbers. An attacker can use the version information from your Web server to determine if there are any known vulnerabilities present, or can use such information to create attacks towards the specific application or OS.
0
Comment
Question by:Brijeshk9
  • 5
  • 3
8 Comments
 
LVL 15

Expert Comment

by:Tray896
Comment Utility
The easiest and most common way of removing the server header info is by using URLScan.  You can download and find step by step instructions for configuring it here: http://learn.iis.net/page.aspx/473/using-urlscan
0
 

Author Comment

by:Brijeshk9
Comment Utility
should i run it from the server where the website is hosted and what will be the next step on it.
0
 

Author Comment

by:Brijeshk9
Comment Utility
any other solution...?
0
 
LVL 15

Expert Comment

by:Tray896
Comment Utility
Yes, you configure URLScan on the web server.  I would highly recommend you use it, as it is free and widely used so you can find plenty of documentation on it.  Another option is Server Mask, which is a product from Port80Software.  You can download a free 30 day trial here: http://www.port80software.com/products/servermask/

0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 

Author Comment

by:Brijeshk9
Comment Utility
will there be any impect of it on my Productioin Server...! like performance or any kind of backup required...!
0
 
LVL 15

Expert Comment

by:Tray896
Comment Utility
No, there should not be a performance impact to your server.  The configuration is all text based.
0
 

Author Comment

by:Brijeshk9
Comment Utility
I have installed url scan 2.5 on windows 2000 server what to do next.....because there is one .ini file and another is .dll: where i need to make changes to remove these type of Vulnerabilities.?
0
 

Accepted Solution

by:
Brijeshk9 earned 0 total points
Comment Utility
Ok , i have done the required changes with URL scan and problem is resolved now.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Join & Write a Comment

Suggested Solutions

First of all, clustering IIS is something you should rarely consider doing. In almost all cases, Microsoft Network Load Balancing (NLB) (http://technet.microsoft.com/en-us/library/cc758834(WS.10).aspx) is a much better solution when you need to p…
Lync server 2013 Backup Service Error ID 4049 – After File Share Migration
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now