Firewall Wizards mailing list archives
Re: Security Audit and Priorities
From: "R. DuFresne" <dufresne () sysinfo com>
Date: Sun, 13 Jul 2003 11:32:20 -0400 (EDT)
I thought it was: ServerSignature Off ServerTokens Prod Thanks, Ron DuFresne On Sun, 13 Jul 2003, Yannick Van Osselaer wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Op zondag 13 juli 2003 02:53, schreef Paul Ammann:Hi I will be starting a new job in the next few weeks. I went to Netcraft and typed in the company's URL and was amazed by what I saw: the version of Linux, the version of Apache, the version of OpenSSL... literally everything about their web servers. I have a lot of experience with firewalls, but I'll profess my ignorance in other security areas. So, here are my two questions: 1. What is the best way to block Netcraft from obtain all this information. Are there Open Source solutions that would be better than commercial solutions?Include the following directive in httpd.conf ServerTokens ProductOnly Obscurity can be helpful. But you shouldn't totally rely on it. It's better to spend your time on configuring your daemon's, updating software, etc.2. The company has acknowledged they are lacking in security. What is the best method for doing a security audit? Thanks in advanced! Paul- -- Yannick Van Osselaer Public Key: wwwkeys.us.pgp.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux) iD8DBQE/ET/B93+qyX+enAERAnh0AJ0WcKrVshyR2Q72haZKN7AUKH4DaACgq3Nt C/8XteiOif16YaNCv5Ur/Mo= =9gzT -----END PGP SIGNATURE----- _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Security Audit and Priorities Paul Ammann (Jul 12)
- Re: Security Audit and Priorities Paul Robertson (Jul 12)
- Re: Security Audit and Priorities Yannick Van Osselaer (Jul 13)
- Re: Security Audit and Priorities R. DuFresne (Jul 13)
- Re: Security Audit and Priorities Frank Knobbe (Jul 14)
- Re: Security Audit and Priorities ark (Jul 14)
- Re: Security Audit and Priorities Frank Knobbe (Jul 14)
- Re: Security Audit and Priorities ark (Jul 14)
- <Possible follow-ups>
- Re: Security Audit and Priorities lists (Jul 13)
- Re: Security Audit and Priorities Paul Ammann (Jul 14)
- Security Audit and Priorities Paul Ammann (Jul 13)
- Re: Security Audit and Priorities R. DuFresne (Jul 13)
- RE: Security Audit and Priorities Bob Wanamaker - Avant Systems, Inc. (Jul 14)
- re: Security Audit and Priorities Mike Hoskins (Jul 14)
- Re: Security Audit and Priorities M Taylor (Jul 14)