[nycphp-talk] Basic security question
John Lacey
jlacey at att.net
Wed Jul 14 15:45:07 EDT 2004
Paul Reinheimer wrote:
>Every attack wether web or otherwise I have heard about starts with
>learning as much as you can about the target's systems, then seeking
>to exploit some either known or unknown security holes in the software
>that system is running.
>
>
"know your enemy" is never a bad strategy :)
>Knowing that, why reveal anything? Make the potential attacker work
>for every peice of information they want. Set the apache server string
>to claim it is some recent release of IIS, tell all the services not
>to advertise they are running, save your .php files as .exe and tell
>apache just to interpret apropriatly. etc. Obviously if you choose to
>run some off the shelf application (ie phpBB) you will let the cat out
>of the bag, but seperating it to a subdomain may only add to the
>confusion.
>
>Does anyone see any real advantage to this approach?
>
>
>
Like locks on doors, doing things like this will keep the casual
attacker and script kiddies at bay. For the more serious and persistent
attacker who wants to gain entry, it's a bit more complicated. For
example, you can try to hide your operating system type, but the TCP/IP
stack will have a certain "signature". Running carefully crafted
packets against this stack can pretty much reveal what the site is
running, regardless of what they're "advertising".
John
More information about the talk
mailing list