This article can also be found in the Premium Editorial Download "Information Security magazine: Special manager's guide: Monitoring identities."
Download it now to read this article plus other related content.
Before hackers can launch a successful attack against a Web application, they need to gather as much information as possible about the application and the infrastructure on which it resides.
Identifying the applications running on a remote Web server is known as fingerprinting. One of the simplest ways is to send a request to the server and review the information sent in the response banner, which generally contains the exact version of the Web server software running on the server. This information leakage can be addressed by configuring the server not to display the banner at all, or by changing it to make the server look like something else. There are a number of tools that help fake the banner, such as URLScan for IIS Web servers and mod_security for Apache Web servers.
Unfortunately, there are tools that fingerprint Web servers without relying on banners, and hackers are now even using search engines such as Google to help find and fingerprint vulnerable machines. This is commonly known as Google hacking. By using Google's advanced search operators, hackers can retrieve fingerprint information from Google's cache without ever connecting to their intended target. (See the March 2006 Information Security feature "
To find out what hackers can discover about your site, you can also use the Gooscan tool (with expressed permission in advance from Google) from http://johnny.ihack stuff.com, which also hosts the Google Hacking Database. Or, you can check the Google Webmasters FAQ at www.google.com/webmasters--this provides information about how to properly protect and expose your site to Google.
This was first published in August 2006