No announcement yet.

Banner Grabbing - Countermeasures

  • Time
  • Show
Clear All
new posts

  • Banner Grabbing - Countermeasures

    How can you counter banner grabbing from revealing detailed information from exposed resources? There are a few options available that you can deploy.
    First of all, disable or change the banner that the servier is exposing whenever possible. Most services allow for the banner to be changed or limited so to not reveal too much information. In some services like the Microsoft IIS it is possible to remove or alter the contents of the banner so that the system does not appear to be the same to scans or banner grabs.
    Utilities such as IIS Lockdown, ServerMask and others can remove the information that is so valuable to an attacker. Almost all services have different ways of allowing the system administrator to modify the banner. In Windows systems, this is often done using some kind of a user interface, while in operating systems like Linux, this task is usually done in the service configuration file.

    Another thing to consider, is the file extensions of the server side code. It is possible to hide file extensions on services such as web services. The purpose of this technique is to hide the technology used to generate the web pages. Server side code such as ASP, JSP can be readily identified by viewing the file extensions in the web browser, and will certainly lead the attacker to learn what web server is in use and on what operating system it is running. Removing this detail makes for one more obstackle that an attacker must overcome to get into the inner workings of a server. Tools like PageXchanger for IIS are designed to assist in the removal of page extensions.
    Certified Security Geek