Server Vulnerability Scan

Página Principal
Anexos:
Mensagem como email
+ (text/plain)
Apagar esta mensagem
Responder a esta mensagem
Autor: keith smith
Data:  
Para: PLUGAZ
Assunto: Server Vulnerability Scan


I have been working on an online store for a while. Part of what I am tasked with is keeping the cart Payment Card Industry (PCI) complaint.

I'm more of a programmer so my sys admin skills are not as developed as i would like.

We hired a company who scans our server and reports back to us.

Here is one of about 10 questions I have.

They report :

We were able to determine which versions of the SSH protocol the remote SSH daemon supports.

This gives potential attackers additional information about the system they are attacking.

AND

It is possible to obtain information about the remote SSH server by sending an empty authentication request.

I ran nmap and the SSH port does not show. I've looked in the sshd_config and find nothing that would alert me to how I can turn off reporting it's config or it's existence.

Any help much appreciated!

------------------------
Keith Smith



---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss