Vulnerability scanner

Started by MysteryIron, February 01, 2025, 02:45:08 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 01, 2025, 02:45:08 AM
I was interested to check did I configure my opnsense correctly, so ran some port scanner from a pen-test tool website.

All good and some recommendations were given. Now I am wondering how to eliminate the information that permits the identification of software platform, tech, server os, http headers etc... Screenshot attached.

Any help appreciated.

February 01, 2025, 05:08:26 AM #1
Hi MysteryIron

Do you have some Ports open to WAN? In your case maybe HTTPS on Port 443 for Remote Access the OPNsense? (Which would be a bad idea actually - there are better solutions to achieve this).

All the best.

Regards
Wrigleys
February 01, 2025, 12:45:09 PM #2
I've seen a lot of vulnerability reports and I can say that this has to be one of the most unspecific examples out there. It says: "hey you may have a web server running on 443, did you know it can be insecure(*)?"

"(*)we don't really know why but we wanted to mention it so you can do very little to mitigate this problem without wasting more of your time than necessary, you are welcome!"

Joking aside what matters most here is if the IP in the report is exposed or just internally accessible. If it is not exposed that may be the end of the story. Some people like management networks that have restricted access (which a vulnerability scanner should not be able to access under some circumstances) but eventually a website that you need will have to be accessed through an IP with a web server answering 443.

There is a lot of things that are not ok like old versions, weak passwords or TLS ciphers, but the report doesn't bother.  Sorry to stress this point.


Cheers,
Franco
February 01, 2025, 01:10:10 PM #3
>> Now I am wondering how to eliminate the information that permits the identification of software platform, tech, server os, http headers

Use a VPN to access your services and don't expose internal servers to the internet if you don't have to.
February 01, 2025, 09:05:22 PM #4
If you are making a Nexcloud installation accessible over the Internet, everyone can easily assess that there is a Nextcloud installation. Of course. That's the idea, isn't it?

OTOH Nextcloud is a product designed to run on the public Internet and as long as you keep it up to date with patches and run your Nextcloud security check [1] regularly, you should be good.

If your security policies dictate that this is too much of a risk, as @newsense wrote, don't make your Nextcloud publicly visible but use a VPN.

Now about those headers giving away you are running PHP and NginX - that needs to be mitigated on your Nextcloud server, not on the firewall [2].

HTH,
Patrick

[1] https://scan.nextcloud.com/
[2] https://www.hugeserver.com/kb/hide-apache-nginx-php-version/
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
Print
Go Up Pages1
User actions