On Tue, 8 Oct 2019 13:59:58 +0000, Mark Collins <mark.collins@mariestopes.org> may have written:
Not everyone attacking your systems is going to have the skills or knowledge to get in though - simple tricks (like hiding what web server you use) can prevent casual attacks from script kiddies and others who aren't committed to targeting you, freeing your security teams to focus on the serious threats.
Er ... no. Not according to real world data (my firewall logs). Most attacks are fully automated and they don't (always) bother with complex logic to determine which attacks to try. For instance I constantly see Apache struts attacks against servers that a) may or may not be running Apache (the headers are removed) b) definitely aren't running Struts. In fact many attacks are sufficiently automated that the human behind the scenes won't even know a system has been compromised if it doesn't successfully pick up the second stage of the payload and 'phone home'. -- Mike Meredith, University of Portsmouth Chief Systems Engineer, Hostmaster, Security, and Timelord!