Solved

The server allows capture of the HTTP service banner. Service banners can contain sensitive information, such as application and Operating System (OS) version numbers. An attacker can use the version

Posted on 2009-03-29
8
366 Views
Last Modified: 2012-05-06
The server allows capture of the HTTP service banner. Service banners can contain sensitive information, such as application and Operating System (OS) version numbers. An attacker can use the version information from your Web server to determine if there are any known vulnerabilities present, or can use such information to create attacks towards the specific application or OS.
0
Comment
Question by:Brijeshk9
  • 5
  • 3
8 Comments
 
LVL 15

Expert Comment

by:Tray896
ID: 24019996
The easiest and most common way of removing the server header info is by using URLScan.  You can download and find step by step instructions for configuring it here: http://learn.iis.net/page.aspx/473/using-urlscan
0
 

Author Comment

by:Brijeshk9
ID: 24025006
should i run it from the server where the website is hosted and what will be the next step on it.
0
 

Author Comment

by:Brijeshk9
ID: 24025518
any other solution...?
0
 
LVL 15

Expert Comment

by:Tray896
ID: 24028636
Yes, you configure URLScan on the web server.  I would highly recommend you use it, as it is free and widely used so you can find plenty of documentation on it.  Another option is Server Mask, which is a product from Port80Software.  You can download a free 30 day trial here: http://www.port80software.com/products/servermask/

0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 

Author Comment

by:Brijeshk9
ID: 24029642
will there be any impect of it on my Productioin Server...! like performance or any kind of backup required...!
0
 
LVL 15

Expert Comment

by:Tray896
ID: 24030127
No, there should not be a performance impact to your server.  The configuration is all text based.
0
 

Author Comment

by:Brijeshk9
ID: 24084010
I have installed url scan 2.5 on windows 2000 server what to do next.....because there is one .ini file and another is .dll: where i need to make changes to remove these type of Vulnerabilities.?
0
 

Accepted Solution

by:
Brijeshk9 earned 0 total points
ID: 24428682
Ok , i have done the required changes with URL scan and problem is resolved now.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Logparser is the smartest tool I have ever used in parsing IIS log files and there are many interesting things I wanted to share with everyone one of the  real-world  scenario from my current project. Let's get started with  scenario - How do w…
Prologue It is often required to host multiple websites on a single instance of IIS, mostly in development environments instead of on production servers. I am sure it is not much a preferred solution on production servers but this is at least a pos…
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now