by Joe Lima
Feedback
|
Average Rating: This article has not yet been rated.
Views (Total / Last 10 Days):
54684/
146
|
|
|
We Don’t Need No Extra Services |
Beyond the HTTP service itself, many computers used as Web servers host a number of other network services. Perhaps the most common are FTP and SMTP. As a general security rule, try to avoid running these services on your Web server. In particular, avoid the default FTP and SMTP services in Microsoft IIS. Despite the convenience of integrated services, there is no reason to have Web, FTP and SMTP services interlinked. This is not an issue for Apache, since the Web server is not associated with FTP and SMTP services through a common administrative service. If you do use these services, be aware that they will advertise your IIS server's identity.
When a connection is established with an SMTP service, the recipient server sends a human-readable greeting to the client, the "SMTP banner". What the SMTP banner displays has no effect on e-mail service, but, like the HTTP Server header, it divulges details about the software running on the box. The default Windows SMTP service exposes such information. To find out how to change the SMTP banner, check here.
The default Microsoft IIS FTP server also presents a known banner. Since modifying the FTP banner is a more involved process than modifying the SMTP banner (plan on hacking several system DLLs), your best bet is an alternate FTP server like RhinoSoft's Serv-U FTP server that can display any text message in the FTP banner. As an added bonus, third-party FTP servers like Serv-U are more configurable than the IIS FTP service when it comes to security measures like assigning users their own login directories. |
|
|
User Comments
No comments posted yet.
|
Product Spotlight
|
|