Can you please review the below recommendation and suggest a way to implement.
Web Server Discloses Software Type And Version
The Team observed that software type and version details were disclosed within the HTTP ‘Server’ header
Knowing the server type and version allows an attacker to focus on the vulnerabilities of that specific version, whereas someone without this knowledge would have to try different vulnerabilities by brute- force. In addition, some servers disclose the operating system version within HTTP response headers. For example, Apache often discloses UNIX or Windows whilst Microsoft-IIS only runs on Windows, and each version of IIS only runs on a single version of Windows.
Cisco recommends that the web server is reconfigured to display the minimal amount of information, or to display false information where possible.
In IIS it is possible to remove the web server banner in two ways:
Creating a custom ‘ISAPI’ filter to hide the banner in the response headers.
Downloading the ‘URLScan’ tool, part of the IIS Lockdown Tool, from the Microsoft website and changing the value of the ‘RemoveServerHeader’ setting.