Impacts and Risk Mitigation Strategies for Banner Version Disclosure in Network Services

Article Sidebar

PDF
Published: May 2, 2025
Keywords:
Network Vulnerabilities Network Security Version Banners Risk Mitigation

Main Article Content

Amorn Juatee
Computer Education Program, Faculty of Science and Technology, Kanchanaburi Rajabhat University

Abstract

This research aims to: 1) analyze the impacts of banner version disclosure in network services, which significantly increases the likelihood of targeted attacks such as MITM and brute force; 2) propose risk mitigation strategies to address such disclosure; and 3) apply specific tools and processes to effectively reduce banner version exposure. The sample group consisted of 30 servers selected from a population of 252 servers, based on the CVSS risk score (≥ 7.0). Data were collected over 56 days using SecPoint Penetrator and Certbot to assess vulnerabilities before and after implementing security measures. Key measures included updating TLS to version 1.3, disabling banner versions, enforcing Content Security Policy (CSP), and enabling Two-Factor Authentication (2FA). The analysis showed that vulnerabilities in HTTPS services were reduced by 89% and in FTP by 72%, with overall risk levels declining from high to medium or low. These measures align with international standards such as ISO 27001, OWASP Top 10, and the NIST Cybersecurity Framework. Although the study has limitations, such as not covering Zero-Day vulnerabilities and large-scale systems, the findings confirm that controlling banner version disclosure in combination with proactive security measures can significantly reduce risk and enhance network security.

Article Details

Issue
Vol. 19 No. 1 (2025): January - April 2025
Section
Research Articles
Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

1. Any views and comments in the Journal of Social Innovation and Lifelong Learning are the authors’ views.  The editorial staff have not to agree with those views and it is not considered as the editorial’s responsibility.
2. The responsibility of content and draft check of each article belongs to each author. In case, there is any lawsuit about copyright infringement. It is considered as the authors’ sole responsibility.
3. The article copyright belonging to the authors and The Far Eastern University are copyrighted legally. Republication must be received direct permission from the authors and The Far Eastern University in written form.

References

Alwazzeh, M., Karaman, S., & Shamma, M. (2020). Man in the middle attacks against SSL/TLS: Mitigation and defeat. Journal of Cyber Security and Mobility, 9(3), 449–468. https://doi.org/10.13052/JCSM2245-1439.933

Cao, S., Wang, J., & Xia, M. (2020). Letter by Cao et al Regarding Article, “Prevalence of Microembolic Signals in Embolic Stroke of Undetermined Source and Other Subtypes of Ischemic Stroke”. Stroke, 51(4). https://doi.org/10.1161/STROKEAHA.119.028801

Chen, Y. (2022). Security Analysis Using Network Authentication on the University Campus. 2022 2nd International Conference on Computation, Communication and Engineering (ICCCE). (pp. 29-32). Guangzhou, China. https://doi.org/10.1109/ICCCE55785.2022.10036197

Force, P. D., Edwards, L., Martin, J. D., Cox, S., & Crumb, A. (2007). System and method for tracking remediation of security vulnerabilities. https://www.freepatentsonline.com/y2009/0038014.html

Furnell, S. (2016). Vulnerability management. Network Security Archive, 2016(4), 5–9. https://doi.org/10.1016/S1353-4858(16)30036-8

Geetu, & Jagdev, G. (2023). A comprehensive discussion on network security. International Journal of Research Studies in Computer Science and Engineering (IJRSCSE), 9(1), 16–23. https://doi.org/10.20431/2349-4859.0901003

Goyal, T., Mehta, S. & Srinivasan, B.V. (2017). Preventing Inadvertent Information Disclosures via Automatic Security Policies. In Kim, J., Shim, K., Cao, L., Lee, JG., Lin, X., Moon, YS. (eds). Advances in Knowledge Discovery and Data Mining. (pp. 173-185). Lecture Notes in Computer Science. Springer, Cham. https://doi.org/10.1007/978-3-319-57454-7_14

Joshi, A., Belhekar, A., Wagh, S., Pawar, V. & Khadke, Mr. S. B. (2024). Enhancing Security Protocols: An Analysis of Linux Root Password Vulnerabilities and Defenses. International Journal of Scientific Research in Engineering and Management (IJSREM), 8(4), 1-4. https://doi.org/10.55041/ijsrem31085

Kaushik, K., Punhani, I., Sharma, S., & Martolia, M. (2022). An Advanced Approach for performing Cyber Fraud using Banner Grabbing. International Conferences on Contemporary Computing and Informatics. (pp. 298–302). https://doi.org/10.1109/IC3I56241.2022.10072445

Kim, H. K., Kim, T., Jang, D. I., Ko, E. H., Jurn, J. S., Na, S. R., & Lee, E. B. (2016). Method and apparatus for identifying vulnerability information using keyword analysis for banner of open port. https://patents.google.com/patent/US10339319B2/en

McKinley, C. J. (2023). Analyses of data. https://doi.org/10.6084/m9.figshare.23681031

Munir, R., Disso, J. P., Awan, I., & Mufti, M. R. (2013). A Quantitative Measure of the Security Risk Level of Enterprise Networks. 2013 Eighth International Conference on Broadband and Wireless Computing, Communication and Applications. (pp. 437-442). Compiegne, France. https://doi.org/10.1109/BWCCA.2013.76

Pilewski, B. (n.d.). Network Security. https://doi.org/10.1081/e-eia-120046299

Prabhaswara, I. Y., Agus, M., Suarjaya, D., Kadek, N., & Rusjayanthi, D. (2023). Pengembangan Engine Web Crawler Sebagai Pencari Jejak Serangan Cyber Stored Cross-Site Scripting. JITTER: Jurnal Ilmiah Teknologi dan Komputer, 4(2), 1880-1890. https://doi.org/10.24843/jtrti.2023.v04.i02.p20

Rao, G.R.K. & Prasad, R. S. (2021). A Three-Pronged Approach to Mitigate Web Attacks. In Suresh, P., Saravanakumar, U., Hussein Al Salameh, M. (eds.). Advances in Smart System Technologies. Advances in Intelligent Systems and Computing. (pp. 71-83). Springer, Singapore. https://doi.org/10.1007/978-981-15-5029-4_7

Reddy, A., Bell, K., Oikonomou, G., & Roemer, K. (2016). Systems and methods for improving security of secure socket layer (ssl) communications. https://patents.google.com/patent/US10218734B2/en

Rescorla, E. (2018). The Transport Layer Security (TLS) Protocol Version 1.3. RFC Editor. https://www.rfc-editor.org/rfc/rfc8446.html

Singh, R. P., & Chandavarkar, B. R. (2024). Dynamic Content Security Policy Generation at Client-Side to Mitigate XSS Attacks. 2024 15th International Conference on Computing Communication and Networking Technologies (ICCCNT). (PP. 1–7). Kamand, ndia. https://doi.org/10.1109/icccnt61001.2024.10725091

Sivakumar, V. (2021). Prison Research: Challenges in Securing Permission and Data Collection. Sociological Methods & Research, 50(1), 348–364. https://doi.org/10.1177/0049124118782534

Steinert-Threlkeld, Z., Jungseock, J., Chen, K., & Sobolev, A. (2020). Measures-Summary.tex. https://doi.org/10.7910/dvn/trlsja/ryjdo4

Sun, Q., Xu, L., Xiao, Y., Liu, F., Su, H., Liu, Y., Huang, H. Y., & Huo, W. (2022). VERJava: Vulnerable Version Identification for Java OSS with a Two-Stage Analysis. 2022 IEEE International Conference on Software Maintenance and Evolution. (pp. 329–339). Limassol, Cyprus. https://doi.org/10.1109/ICSME55016.2022.00037

Verizon. (2025). 2025 Data Breach Investigations Report. Verizon Business.

https://www.verizon.com/business/resources/T6df/reports/2025-dbir-data-breach-investigations-report.pdf

Yusof, N., & Pathan, A.-S. K. (2016). Mitigation of SSL/TLS vulnerabilities for secure communication: A survey. Journal of Network and Computer Applications, 68, 157–174. https://doi.org/10.1016/j.jnca.2016.04.005