Server Vulnerability Scan

keith smith klsmith2020 at yahoo.com
Mon Jan 4 18:20:17 MST 2010



I have been working on an online store for a while. Part of what I am tasked with is keeping the cart Payment Card Industry (PCI) complaint.

I'm more of a programmer so my sys admin skills are not as developed as i would like.

We hired a company who scans our server and reports back to us.

Here is one of about 10 questions I have.

They report :

We were able to determine which versions of the SSH protocol the remote SSH daemon supports.

This gives potential attackers additional information about the system they are attacking.

AND

It is possible to obtain information about the remote SSH server by sending an empty authentication request.

I ran nmap and the SSH port does not show.  I've looked in the sshd_config and find nothing that would alert me to how I can turn off reporting it's config or it's existence.

Any help much appreciated!

------------------------
Keith Smith


      


More information about the PLUG-discuss mailing list