hide exchange version from public

Had a whitehat run a net capture agains my Ex2003 web facing FE box, which reveled the version of exchange. From a security standpoint, I need to turn that off. I know there is a setting to do that, I just dont know what it is? I need to do this for exch 2003, 2007 and 2010. anyone?
DEFclubAsked:
Who is Participating?
 
Simon Butler (Sembee)Connect With a Mentor ConsultantCommented:
This is the closest you will get.
http://support.microsoft.com/kb/836564

Your security team need to be told that you don't get security by obsecurity. Anyone who knows what they are doing will know it is Exchange by the way it responds, modifying the response to take out the version number will slow someone down by about 10 seconds.

Simon.
0
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
I dont think there is such an option until you have some firewall and hide your Exchange servers behind that.

- Rancy
0
 
thehagmanCommented:
You simply shouldn't expose Exchange transparently to the internet. Is ther no kind of firewall inbetween that might modify the EHLO message?
(Also note that there is more than just the greeting message that allows one to detect Exchange, and also that security by obscurity is no security at all)
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
ApothisCommented:
I will go ahead and 3rd this. From the security standpoint, your firewall will bock the accessibility from the internet. If you have web mail though, there will be always be a way to see the version.
0
 
DEFclubAuthor Commented:
yes thats the issue, we use webmail. But anyone can scan our public IP for webmail and see the exch version. Security team says we need to hide the version as to not make it know to public. They made it sound like there is a way to do this.
0
 
ApothisCommented:
So, when you land on your OWM page, isn't it obvious what version you're running? I'm not sure that you'll be able to hide this unless you want to seriously customize the landing/login page.
0
 
Simon Butler (Sembee)ConsultantCommented:
This is not worth the hassle of doing anything about it.
All it will do is slow down an attacker for about 10 seconds, at most. The way that Exchange responds to requests will give all of the information that is required away.
The only way you can stop it is to put something in front of Exchange. ISA/TMG would be the natural choice, but there are others than can provide the protection you want. However hiding that you are using OWA is close to impossible.

"Security" operatives will make demands that are not always possible. I have wasted a lot of time arguing with them, who say that it must be possible, and don't want to take no for an answer.

Simon.
0
 
DEFclubAuthor Commented:
Simon, thanks for the chuckle.. I feel ya. anyway to hide this info from behind our firewall? I know most on this treat will probably say no but just checking... Not ready to tell the secuirty team it cant be done in our situation yet.
0
 
Exchange_GeekConnect With a Mentor Commented:
Yes, what  you are looking for is to customize a webpage to hide you're Exchange version.

Here is the link to understand the heights of how much data you would want to share the logon page to.

http://technet.microsoft.com/en-us/library/bb310750(v=exchg.80).aspx

However, working with all the pain and scripts etc *might break* if you upgrade Exchange versions with Rollups OR SPs - this'll frustrate you more, cause each time the script might break and you'll need to re-run the script or make adjustments.

Read the link, and Google "Customize Exchange Webmail", read what others have to say about it.

Regards,
Exchange_Geek
0
 
DEFclubAuthor Commented:
Guys, the sec team finally showed me what they are concerned with. It pertains to our exch 2003 owa. the synatx they want hidden is the version output below:

Server: Microsoft-IIS/6.0
Microsoft: ESMTP Mail Service
Version: 6.0.3790.4675

Might this be a IIS config change or smtp setting edit to conceal the version output?
0
 
DEFclubAuthor Commented:
thxs
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.