?
Solved

hide exchange version from public

Posted on 2012-08-31
11
Medium Priority
?
288 Views
Last Modified: 2012-09-24
Had a whitehat run a net capture agains my Ex2003 web facing FE box, which reveled the version of exchange. From a security standpoint, I need to turn that off. I know there is a setting to do that, I just dont know what it is? I need to do this for exch 2003, 2007 and 2010. anyone?
0
Comment
Question by:DEFclub
  • 4
  • 2
  • 2
  • +3
11 Comments
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 38355719
I dont think there is such an option until you have some firewall and hide your Exchange servers behind that.

- Rancy
0
 
LVL 20

Expert Comment

by:thehagman
ID: 38355728
You simply shouldn't expose Exchange transparently to the internet. Is ther no kind of firewall inbetween that might modify the EHLO message?
(Also note that there is more than just the greeting message that allows one to detect Exchange, and also that security by obscurity is no security at all)
0
 
LVL 5

Expert Comment

by:Apothis
ID: 38355751
I will go ahead and 3rd this. From the security standpoint, your firewall will bock the accessibility from the internet. If you have web mail though, there will be always be a way to see the version.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 

Author Comment

by:DEFclub
ID: 38355760
yes thats the issue, we use webmail. But anyone can scan our public IP for webmail and see the exch version. Security team says we need to hide the version as to not make it know to public. They made it sound like there is a way to do this.
0
 
LVL 5

Expert Comment

by:Apothis
ID: 38355806
So, when you land on your OWM page, isn't it obvious what version you're running? I'm not sure that you'll be able to hide this unless you want to seriously customize the landing/login page.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 38356001
This is not worth the hassle of doing anything about it.
All it will do is slow down an attacker for about 10 seconds, at most. The way that Exchange responds to requests will give all of the information that is required away.
The only way you can stop it is to put something in front of Exchange. ISA/TMG would be the natural choice, but there are others than can provide the protection you want. However hiding that you are using OWA is close to impossible.

"Security" operatives will make demands that are not always possible. I have wasted a lot of time arguing with them, who say that it must be possible, and don't want to take no for an answer.

Simon.
0
 

Author Comment

by:DEFclub
ID: 38356042
Simon, thanks for the chuckle.. I feel ya. anyway to hide this info from behind our firewall? I know most on this treat will probably say no but just checking... Not ready to tell the secuirty team it cant be done in our situation yet.
0
 
LVL 33

Assisted Solution

by:Exchange_Geek
Exchange_Geek earned 1000 total points
ID: 38357908
Yes, what  you are looking for is to customize a webpage to hide you're Exchange version.

Here is the link to understand the heights of how much data you would want to share the logon page to.

http://technet.microsoft.com/en-us/library/bb310750(v=exchg.80).aspx

However, working with all the pain and scripts etc *might break* if you upgrade Exchange versions with Rollups OR SPs - this'll frustrate you more, cause each time the script might break and you'll need to re-run the script or make adjustments.

Read the link, and Google "Customize Exchange Webmail", read what others have to say about it.

Regards,
Exchange_Geek
0
 

Author Comment

by:DEFclub
ID: 38365848
Guys, the sec team finally showed me what they are concerned with. It pertains to our exch 2003 owa. the synatx they want hidden is the version output below:

Server: Microsoft-IIS/6.0
Microsoft: ESMTP Mail Service
Version: 6.0.3790.4675

Might this be a IIS config change or smtp setting edit to conceal the version output?
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 1000 total points
ID: 38378371
This is the closest you will get.
http://support.microsoft.com/kb/836564

Your security team need to be told that you don't get security by obsecurity. Anyone who knows what they are doing will know it is Exchange by the way it responds, modifying the response to take out the version number will slow someone down by about 10 seconds.

Simon.
0
 

Author Closing Comment

by:DEFclub
ID: 38431527
thxs
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On September 18, Experts Exchange launched the first installment of the Help Bell, a new feature for Premium Members, Team Accounts, and Qualified Experts. The Help Bell will serve as an additional tool to help teams increase question visibility.
Are you looking for the options available for exporting EDB files to PST? You may be confused as they are different in different Exchange versions. Here, I will discuss some options available.
This video discusses moving either the default database or any database to a new volume.
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Suggested Courses
Course of the Month15 days, 21 hours left to enroll

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question