We've just had a security survey carried out and one of the issues raised is that my routers and pix's both reveal the ssh version number, if you telnet to them on port 22. Apparently this could aid an attacker by providing information on server version and vendor.
telnet router.com 22
Any ideas as to how to prevent this?
Thanks in advance
Remote administration of network devices should only permit IP Address of authorized personnel and use encrypted connection across untrusted network (e.g. internet). An ACL should be in place to permit only IP Address of authorized personnel. Knowing the version is irrelevant as they are the administrator of the device.
If you don't put ACL to permit only IP Addresses of authorized personnel, even if the version is NOT shown, it doesn't matter to hackers.