365 – Avoid exposing technical information

Summary

Technical information (product name, version, configuration) of exposed services should not be accessible.

Description

Attackers usually perform reconnaissance to gather information about the target system. Exposing detailed technical information makes it easier for attackers to identify potential vulnerabilities or outdated software versions that may have known security issues.

Supported In

Advanced: True

References

• CAPEC-116. Excavation
• CAPEC-224. Fingerprinting
• HITRUST-06_d. Data protection and privacy of covered information
• ISO27002-8_8. Management of technical vulnerabilities
• IEC62443-DC-4_1. Information confidentiality
• NIST800115-7_4_1. Data collection
• ISO27001-8_8. Management of technical vulnerabilities

Last updated

2024/01/18