0

We recently had a penetration test and they recommended that we disable all web server signatures. We have one external facing IP address and all our servers running in Azure.

I am new to azure and not really a Network person and don't know how to turn this off. Can anyone point me in the direction of how I would disable this?

Thanks

Chad M
  • 1
  • 3
    What web server do you run? – Michael Hampton Mar 12 '19 at 15:47
  • We don't really have a Web Server, we have a Virtual Network gateway setup in Azure and behind that we have Windows 2016 servers for our Domain server, File servers etc... – Chad M Mar 12 '19 at 17:26
  • 1
    You don't have a web server? Then what web server signatures might possibly need to be disabled? – Michael Hampton Mar 12 '19 at 17:54
  • Apologies for my ignorance but I am a programmer who has taken over the Azure server setup, we are a very small company. Basically the company who did the Pen Test said our external facing IP, which in Azure is our Public IP Address, said revealing web server signatures is a vulnerability. They recommend disabling all Web server signatures. Hopefully this helps a bit – Chad M Mar 12 '19 at 19:49
  • 1
    Well, let's start with this: As vulnerabilities go, that one is very minor. If your servers are up to date it doesn't really matter whether someone finds out the web server version. If they aren't up to date, then it also doesn't really matter because you're vulnerable to a _real_ vulnerability whether you have the web server signature on or off. Malicious bots don't care whether the version is advertised; they'll just try everything and see if anything works. – Michael Hampton Mar 13 '19 at 00:43
  • Does your organization run your own web servers? That is, you are managing IIS or nginx installs yourself, on Azure IaaS? – John Mahowald Mar 13 '19 at 06:34
  • What is your public IP actually pointing at inside your infrastructure? – Sam Cogan Mar 13 '19 at 16:19
  • Basically everyone in our company works remotely and we don't have a physical office. We all VPN into our Azure Virtual network and all work is done on the internal servers. We do use internet and sFTP from the servers. I am doing all the server updates. Thanks for all the responses. – Chad M Mar 13 '19 at 17:03

0 Answers0