On 09 May 2001 04:00:19 -0400, R. DuFresne wrote:
> > Security should be systematic and precise - attackers should not get in
> > at all. Security should not be based on ideas like "If we hide the
> > version number, we are 20% less likely to get attacked".
>
> Not really, but, yer 20% of the time bound to see the prober move on
> quickly to some other site they can get all the details of the servers
> running behind the firewall if no valuable info can be gleened from the
> initial probe.
Your reasoning lacks in ethics; you're hoping hackers will go after the
next company instead of you because its easier to pick them out in a
crowd. Assuming all people hid their server signatures, as you desire,
your logic would cease to function because there would be no easy
targets and hackers might simply toss an attack attempt against each
host instead of blindly requesting headers.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
