suppress cyrus version information possible?
Craig Ringer
craig at postnewspapers.com.au
Sun Nov 7 19:53:40 EST 2004
On Sat, 2004-10-30 at 02:47, Ken Murchison wrote:
> Security by obscurity never works. Do you really think an attacker
> would be deterred by the version number that he sees? He'll probably
> try his attack regardless of the version reported.
I humbly disagree. I think it depends a lot on what your goals are. I
view running services on non-standard ports as being reasonable in some
situations, for example, because it reduces the chances a dumb worm will
find and exploit the service before I hear about and patch a hole.
Similarly, hiding the banner might fool casual scanners trying to
identify potentially crackable systems. It's a bit of a stretch though I
think.
I think relying "security through obscurity" measures would be stupidity
in the extreme, but securing your server and then employing useful ones
anyway seems entirely reasonable to me. Of course, whether there's any
benefit or enough to justify the irritation involved depends on what
you're doing, why, and what you're trying to protect against - but
that's always the case really.
I've never considered suppressing banners worth the effort myself.
--
Craig Ringer
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
More information about the Info-cyrus
mailing list