• ServerMask
• Screencast
• Testimonials
• Documentation
• Release History
• FAQ

Stealth Checklist:
Server Anonymization Best Practices

ServerMask obscures and secures HTTP signatures or fingerprints that hackers use to identify and attack Web sites and applications.

But even with ServerMask deployed, you should do a few more things to anonymize your server for a complete defense-in-depth security profile.

We recommend the following security measures:

• Protect the Web, application, and database layers from hacker attacks directly with a ServerDefender Web Application Firewall.
• Remove or modify all default (and their location) to hide clues to server identity.
• Use an alternate FTP server like RhinoSoft's Serv-U instead of the default Windows FTP server to present a custom banner, rather than the known Windows FTP banner.
• Customize error pages to avoid displaying server-specific messages that can be identified.
• Avoid using "Integrated Windows Authentication" in IIS Security settings. Learn more.
• Control access to your server by blocking bad requests, preventing image & file leeching, and redirecting traffic based on country or HTTP details with LinkDeny

For more on these and other network and IIS security issues, please review these Port80 articles on HTTP and Web server anonymization and network anti-reconnaissance.

There are many aspects to consider when making your server invisible to attackers for anti-reconnaissance. ServerMask, used in concert with the above recommendations, will mask your Web server and network identity from the great majority of intruders, script kiddies, and automated attacks.