I know you can suppress the ftp banner in IIS 6.0 - but how do you suppress
the http banner from displaying the web version? I was able to do it back in
IIS 5, but it no longer works in IIS 6.0 (W2K3 SP1).
We usually get written up about this during Security Assessments but the
security vendor can't tell us how to suppress it themselves. I have searched
the web extensively for an answer but found nothing.
Hi,
Check
http://www.microsoft.com/technet/community/columns/insider/i isi1004.mspx#ESG.
I hope it helps you out.
--
Mike
Microsoft MVP - Windows Security
"DD"
news:EC56088A-1247-424D-82D7-7322EE94627A@microsoft.com...
>I know you can suppress the ftp banner in IIS 6.0 - but how do you suppress
> the http banner from displaying the web version? I was able to do it back
> in
> IIS 5, but it no longer works in IIS 6.0 (W2K3 SP1).
> We usually get written up about this during Security Assessments but the
> security vendor can't tell us how to suppress it themselves. I have
> searched
> the web extensively for an answer but found nothing.
Agreed... in addition, here are some links on how exactly to do that [use
URLScan], and some more reasons why simply disabling the HTTP banner doesn't
increase your security all that much:
http://securityadmin.info/faq.asp?banner
--
kind regards,
Karl Levinson, CISSP, CCSA, MCSE [MS MVP]
-------------------------
Microsoft Security FAQ:
http://www.securityadmin.info
"Miha Pihler [MVP]" wrote:
> Hi,
>
> Check
> http://www.microsoft.com/technet/community/columns/insider/i isi1004.mspx#ESG.
>
> I hope it helps you out.
>
> --
> Mike
> Microsoft MVP - Windows Security
>
> "DD"
> news:EC56088A-1247-424D-82D7-7322EE94627A@microsoft.com...
> >I know you can suppress the ftp banner in IIS 6.0 - but how do you suppress
> > the http banner from displaying the web version? I was able to do it back
> > in
> > IIS 5, but it no longer works in IIS 6.0 (W2K3 SP1).
> > We usually get written up about this during Security Assessments but the
> > security vendor can't tell us how to suppress it themselves. I have
> > searched
> > the web extensively for an answer but found nothing.
>
>
>