By far, the most popular targets on the Internet are Web servers running Internet Information Services (IIS) on Windows. One way to prevent hackers from easily discovering that you are running IIS is to mask the server header information. When you mask your Windows server header, you are essentially removing identifying details that intruders could use to detect your operating system version. To hide the server header information, Windows users can download Microsoft's URLScan security tool. This tool enables you to prevent the IIS version information that the server header contains from being displayed either in a network trace or from the results of a Telnet command. Author's note
Although URLScan can help you conceal IIS info, this doesn't apply to the FTP service. Admins often want the message "Microsoft FTP Service (Version X.X)" to be removed or hidden. However, the FTP banner or the welcome message that appears before the user logon is hard-coded. This is part of Ftpsvc2.dll file and cannot be removed or changed. Virus protection
You may wonder why we would talk about virus protection while discussing ways to keep from broadcasting your Windows information to hackers. The focus here is on what we hope the virus protection software will catch: Trojan programs. Trojans are not viruses, since they do not replicate. But they're often just as destructive as viruses because they can be malicious programs that pretend to be benign. All back-door Trojans have one thing in common: They allow unauthorised access to the infected computer. Just as the name implies, this is like having your back door propped open to let every hacker know they are welcome. A number of Trojan programs are designed to covertly monitor activity on a victim system -- typically employing keystroke and screen captures. The results are then emailed from the victim system by the Trojan to a specific email account at various intervals. In this way, a hacker can really find out a lot about a system, often including the local admin password and other sensitive information that can be used to compromise the system. As a result, part of protecting the information about your servers involves protecting them against Trojans. Saving social security
All the technical precautions known to an administrator can't circumvent the breach that may result from individuals releasing information to possible hackers. The most common example of this is a user providing his or her username and password over the phone to someone claiming to be a company administrator. This is usually called social engineering. The example does not have to be so obvious, either. Network documentation revealing server names, IP addresses, and even administrator access is often shared with contractors and consultants. These hard-working IT professionals could be moonlighting as hardcore hackers. Or, they might not protect this information well enough, and it could fall into the hands of hackers. The point here is to share your Windows information with authorised and trusted personnel only. Final word
Knowing the details of a Windows server greatly increases a hacker's efficiency. No combination of detection avoidance will result in complete anonymity of your Windows server. But setting and implementing a goal to avoid broadcasting this information will make your server a less likely victim of an attack.
For a weekly round-up of the enterprise IT news, sign up for the Enterpise newsletter.
Find out what's where in the new Tech Update with our Guided Tour.
Tell us what you think in the Enterprise Mailroom.
