Re: What's the Big Deal in Solaris Version Being Identified?

From: Rich Teer (rich.teer_at_rite-group.com)
Date: 07/28/03 

Date: Mon, 28 Jul 2003 21:34:52 GMT

On 28 Jul 2003, Richard E Sgrignoli wrote:

> The question is: WHY is the simple disclosure of the operating system
> version such a forbidden item when one TELNETs or FTPs to/from such
> site. Our banner displays the following (as an example):

There is a (somewhat misguided) school of thought that says if
you advertise the version of the OS you're using, you're giving
the Bad Guys info to help them crack your systems, so changing
the banner allegedly thwarts that. Apparently, the people who
advise this tactic haven't heard of nmap's (and presumably others')
ability to identify an OS just on it's TCP/IP stack finger print.

It's an example of security by obscurity, which is next to worthless.

> SystemX> telnet SystemY
> Trying...
> Connected.Escape character is '^T'.

Frankly, anyone using telnet for remote connections has bigger
security problems than idetifying the release of their OS. OTP
can help, but ssh is likely the best way to go. 

-- 
Rich Teer, SCNA, SCSA
President,
Rite Online Inc.
Voice: +1 (250) 979-1638
URL: http://www.rite-online.net