hiding IIS 6.0 signatures

hiding IIS 6.0 signatures

am 15.01.2008 05:51:44 von tony

How do i hide IIS 6 signatures from a scan or netcraft?

Re: hiding IIS 6.0 signatures

am 15.01.2008 06:56:14 von Bernard

You can try urlscan from ms.com
Hiding the banner won't protect the server from being attacks.

So make sure the box is patch, you have proper firewall etc in place.

--
Regards,
Bernard Cheah
http://www.iis.net/
http://msmvps.com/blogs/bernard/


"tony" wrote in message
news:OPs5VJzVIHA.5508@TK2MSFTNGP04.phx.gbl...
> How do i hide IIS 6 signatures from a scan or netcraft?
>

Re: hiding IIS 6.0 signatures

am 15.01.2008 07:22:30 von tony

we currently have linux proxies in front of IIS. i want to remove the
proxies and expose the IIS servers.

any downside or comments on this setup?
"Bernard Cheah [MVP]" wrote in message
news:u7$KXtzVIHA.536@TK2MSFTNGP06.phx.gbl...
> You can try urlscan from ms.com
> Hiding the banner won't protect the server from being attacks.
>
> So make sure the box is patch, you have proper firewall etc in place.
>
> --
> Regards,
> Bernard Cheah
> http://www.iis.net/
> http://msmvps.com/blogs/bernard/
>
>
> "tony" wrote in message
> news:OPs5VJzVIHA.5508@TK2MSFTNGP04.phx.gbl...
>> How do i hide IIS 6 signatures from a scan or netcraft?
>>
>
>

Re: hiding IIS 6.0 signatures

am 15.01.2008 13:41:06 von Ken Schaefer

Hiding an "IIS" signature is merely "security through obscurity".

An exploit that compromises IIS will work regardless of whether your server
exhibits IIS behaviour or not.

And frameworks like metasploit mean that an attacker can hurl thousands of
automated exploits at your server, disregarding what it is (or attempts to
disguise it) in a few seconds. Obscurity = good. But it's not real security.

Cheers
Ken

"tony" wrote in message
news:%23Wh1D8zVIHA.4740@TK2MSFTNGP02.phx.gbl...
> we currently have linux proxies in front of IIS. i want to remove the
> proxies and expose the IIS servers.
>
> any downside or comments on this setup?
> "Bernard Cheah [MVP]" wrote in message
> news:u7$KXtzVIHA.536@TK2MSFTNGP06.phx.gbl...
>> You can try urlscan from ms.com
>> Hiding the banner won't protect the server from being attacks.
>>
>> So make sure the box is patch, you have proper firewall etc in place.
>>
>> --
>> Regards,
>> Bernard Cheah
>> http://www.iis.net/
>> http://msmvps.com/blogs/bernard/
>>
>>
>> "tony" wrote in message
>> news:OPs5VJzVIHA.5508@TK2MSFTNGP04.phx.gbl...
>>> How do i hide IIS 6 signatures from a scan or netcraft?
>>>
>>
>>
>
>