An nmap scan from off campus has revealed the following Web services are not configured to hide their software identity and version. Such information can benefit an attacker looking for vulnerabilities to exploit.
129.74.246.103 (njcoast1.virtual.crc.nd.edu) --> nginx version 1.13.8
It is recommended that all Web servers be configured to suppress any identifying information. Please refer to the CRC's Best Practices wiki for an Apache-related example configuration:
An nmap scan from off campus has revealed the following Web services are not configured to hide their software identity and version. Such information can benefit an attacker looking for vulnerabilities to exploit.
129.74.246.103 (njcoast1.virtual.crc.nd.edu) --> nginx version 1.13.8 It is recommended that all Web servers be configured to suppress any identifying information. Please refer to the CRC's Best Practices wiki for an Apache-related example configuration:
https://redmine.crc.nd.edu/redmine/projects/bestpractice/wiki/General_Security_Approach#Suggested-General-Apache-Configuration For more detail, please review the nmap report at
https://baldin.crc.nd.edu/CRC-Restricted/ScanResults/CyberEye-NJ/2018/nmap_external_CyberEyeNJ_2-20-18.html
https://redmine.crc.nd.edu/redmine/issues/9580