Solved

IIS and server banner info

Posted on 2013-12-10
3
306 Views
Last Modified: 2014-01-21
How do you disable the server type banner on an http request?  Right now ours is publsihing server:  MicrosoftIIS/7.5.  If it can be disabled, can it be disabled without messing up exchange?
0
Comment
Question by:bnussbaum
  • 2
3 Comments
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39709292
Why do you want to do that? You don't get security by obscurity.
If you are running Exchange on the server then it will take an attacker about 5 seconds to realise what server you are running.

Simon.
0
 

Author Comment

by:bnussbaum
ID: 39709393
We hire a 3rd party audit comany to audit our systems, and they have flagged this as a medium vulnerability.  They said to use urlscan tool to obscure the header info, but it appears that with IIS 8, that tool can't be used.  I was hoping there was an easy way to just disable it.
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 39709654
Third party audit companies working to a predefined scripts are nothing but a pain in...

The fact that they have said to use URLSCAN means that
a. They are using old information
b. They have no clue what they are on about, because as you said URLSCAN cannot be used with the later versions of Windows.

Medium Vulnerability. That is a joke.

I do a lot of high risk deployments with high risk financial services clients, this has never been requested. As I already said, hiding something doesn't provide any additional security and in most cases just breaks functionality.

Simon.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
DFSR ConflitandDeleted folder 14 32
Internal SSO broken in Windows 2008 R2 AD environment 5 32
SCSM reports export 1 18
exchange, active directory 3 27
If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
In this Micro Tutorial viewers will learn how to use Windows Server Backup to create full image of their system. Tutorial shows how to install Windows Server Backup Feature on Windows 2012R2 and how to configure scheduled Bare Metal Recovery backup.…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question