ServerMask

Masking is imperious for those who wish to protect their Web servers from intruder “fingerprinting”. To create such protection, users must hide the unnecessary HTTP header and response data, as well as file extensions such as .ASPX or .ASP, who are clear indicators for attackers that a site is running under a Microsoft server.

ServerMask was created in order to provide people with a tool that could help them protect their Web server from attackers that could identify their operating system and server characteristics. Eliminating hacker pre-attack reconnaissance procedures could save users’ Web servers from numerous attacks.

The application works by removing HTTP response data, modifying cookie values and obscuring any other response information that could provide attackers with information for defining their attack strategy.

One will be able to access advanced options for creating custom headers, Apache emulation, randomize response information or completely removing any header information. The header removal feature is especially useful and it allows users to either remove it, replace it with other Web server signatures or a custom server name.

Users will be able to create and manage multiple profiles, with specific settings for each corresponding domain. By helping them mask server information, the utility allows people to protect their servers and build more secure networks, therefore obtaining better results on security evaluations.

Additionally, ServerMask also provides self-generated decoy cookies and headers, as well as customizable HTTP error messages, that are aimed at confusing the potential attackers.

System requirements
IIS 7.5 / SERVER 2008 R2.
IIS 7 / Server 2008.
IIS 6 / Server 2003.
MICROSOFT .NET FRAMEWORK 2.0 (OR HIGHER).
MICROSOFT VISUAL C++ 2005 SP1.
At least 21 MB of free disk space.
Limitations in the unregistered version
30 days trial period.
Filed under
Mask server Server protector Remove HTTP header Mask Hide Server Protect

Stop Information Leakage: Web Server Anonymization Misdirect Hackers for Defense-In-Depth Security New Version 4 Released December 2008 Broadcasting your Web server’s identity allows intruders to complete their first task — identifying your operating system, Web server, and application technology. ServerMask modifies your IIS Web server’s “fingerprint” by removing unnecessary HTTP header data and adjusting other response information. ServerMask obscures the identity of your Microsoft IIS Web server’s “fingerprint” by: * Removing unnecessary HTTP response data * Camouflaging info by providing false signatures * Modifying cookie values * Removing the need to serve file extensions Successful anti-reconnaissance makes it more likely attackers will try the wrong exploits first and be snared by firewalls and intrusion detection systems. ServerMask augments these defenses to build more secure networks, return better results on security audits, and mitigate the risk of attack. ServerMask is already protecting thousands of customers around the world, including financial institutions, governments, and Fortune 1000 companies With easy installation and configuration in minutes, secure your Microsoft IIS Web servers by downloading ServerMask today.
Features
New in v4.0
Application-layer error suppression for PCI compliance
Completely redesigned user interface, featuring 100% managed code
Multiple default profiles and the ability to create custom profiles
Per-site configuration, allowing unique settings to be applied per domain
64-bit support
Auto-generated decoy cookies and headers
One-to-many cookie masking
Customizable HTTP error messages (CustomError functionality)
Benefits
Product Highlights
Mask the Server name header in a number of ways:
Remove altogether
Replace with one of 30 other Web server signatures
Replace with one a custom server name you create
Select multiple false Web server signatures and randomize the response (you select how often a response is refreshed).
Emulate Apache’s HTTP header order
Emulate the ETAG and ALLOW header formats of non-IIS servers
Remove unnecessary HTTP headers, such as PUBLIC, X-POWERED-BY and others
Rewrite identifying session cookie names such as ASPSessionID and ASP.NET_SessionId using one or more alternative names; fabricate decoy cookies to further confuse attackers
Rewrite 404 and application-layer errors for PCI compliance; suppress info leakage by converting 500-range errors to 404 errors, then presenting custom 404 responses (CustomError functionality)
Remove identifying file extensions such as .asp, .aspx and other Microsoft technologies from source code and URL display
Requirements
System Requirements
IIS 6.0 / Windows Server 2003 (both 32-bit and 64-bit x86 versions)
IIS 5.1 / Windows XP (not recommended for production use)
IIS 5 / Windows 2000
IIS 4 / Windows NT
Note: IIS 7 / Windows Server 2008 not yet supported (sign up for the IIS 7 Beta Alert)