Port80 Software
My Port80 Shopping Cart Sign up
ProductsSupportAboutContact
Products
choose a product:


Stop Information Leakage for Better Security:
Misdirect Attackers with ServerMask!
3.0 version hides file extensions and
masks over 50 new signatures!

 ServerMask for IIS Anti-Reconnaissance and Web Server Security

ServerMask for IIS Anti-Reconnaissance and Web Server Security
ServerMask 3.0 for IIS 4/5/6
Web Server Anonymization, Obfuscation, and Anti-Reconnaissance

 Any information a cracker can obtain about your system is too much information. Broadcasting your Web server's identity via HTTP header data makes it easy for potential intruders to complete their first hacking task -- identifying your operating system and Web server. The TCP/IP layer also provides important clues that hackers will use to fingerprint and attack your network. Some studies indicate that hacker pre-attack reconnaissance accounts for 40% of all Internet attack traffic, so don't become a victim of information leakage: find out what your server is telling potential intruders right now.

ServerMask modifies your Microsoft IIS Web server's "fingerprint" by removing unnecessary HTTP response data, modifying cookie values, removing the need to serve file extensions, and adjusting other response information to obscure the identity of your IIS Web server. Successful anti-reconnaissance confuses hackers and makes it more likely they try the wrong exploits first so they can be easily snared by your current firewall and intrusion detection systems.

ServerMask provides the HTTP side of online camouflage to augment the network and server armor provided by firewalls, intrusion detection systems, and Web application firewalls. Already used by thousands of customers around the world including financial institutions, governments, and corporations concerned with security best practices, ServerMask provides important stealth components that are part of a total defense-in-depth security strategy for Windows-based Web servers. With easy installation and configuration in minutes, secure your Microsoft IIS Web servers by downloading ServerMask today!


Features
  • Improved! Mask the Server name header with over 30 other Web server signatures
    • Remove Server name header
    • Replace Server name header with non-IIS server name
    • New and Improved! Randomize Server name header response with non-IIS server names (and control interval between different signature rotation)
    • Set a custom Server name
  • New and Improved! Unique cookie masking feature
    • Automatically rewrite common identifying session cookies such as ASPSESSIONID, ASP.NET_SessionId, CFTOKEN, CFID, PHPSESSID, JSESSIONID, and SITESERVER
    • Rewrite arbitrary cookie names
  • New and Improved! Automatically remove common IIS and server-side scripting and application server signatures for ASP, ASP.NET, PHP, JSP, and ColdFusion header responses like Public, X-Powered-By, X-AspNet-Version, MicrosoftOfficeWebServer, X-MS-Smart-Tags, X-Meta-MSSmartTagsPreventParsing, and IISExport
  • New! Mask internal IP addresses in HTTP header responses with the fully qualified domain name in the Content-Location header
  • New! Emulate Apache or Sun ETag format in relevant responses
  • Improved! Emulate the order of the HTTP headers that would be sent by a typical installation of the Apache Web server
  • Improved! Emulate the Apache header format for the response to an ALLOW request
  • Disable potentially dangerous features like Microsoft WebDAV to remove platform-specific header responses with one click (Windows 2000 SP3 or greater only)
  • New! Serve responses to URLs and HTTP requests with no file extensions (so extension references like .asp, .aspx and other Microsoft technologies can be removed from source code and URL display)
    • New! Includes the Port80 Software File Extension Stripper utility, based on w3compiler technology, for safe removal of file extensions from source code (a freeware utility distributable to Web development teams to integrate file extension anti-reconnaissance into deployment processes)
  • New! Normalize and mask various response code messages and formats for some 200, 400, 403, 404, 405 and 501 server responses that are used to ID IIS
  • New and Improved! Modify the default e-mail banners of the Microsoft SMTP, POP, and IMAP service connections and disconnections.
  • Compatible with IIS Lockdown, URLScan, major third party server-side scripting platforms like ASP, ASP.NET, PHP, JSP, ColdFusion, and Perl
  • Supports FrontPage publishing, Outlook Web Access (OWA), Microsoft Small Business Server (SBS), and Microsoft SharePoint Services (SPS), Microsoft platforms running on the IIS Web server
  • Super-fast, stable ISAPI filter with no noticeable server performance impact
  • Quick and easy installation and configuration
servermask home
why anonymize?
docs
release history
case study
stealth checklist
faq
testimonials
  Try  Buy


header check
Is your HTTP header divulging your technology platform?


"Port80 Software's ServerMask is clearly the best solution yet produced for managing IIS HTTP headers."

- Brett Hill
Microsoft MVP & IIS Guru of
IIStraining.com


"The ServerMask Security Solutions allowed us to surpass our government requirements for host and network anti-reconnaissance... helping us to defeat over 1,300 probe attacks in one audit."

- IT Manager and LAN Administrator
United States General Services Administration
(read case study)

Benefits
  • Camouflage server HTTP-level signatures to avoid being targeted by botnets, worms and hackers conducting network reconnaissance for more secure networks, better results on security audits, and increased risk mitigation
  • Improve efficiency of currently deployed firewalls and intrusion detection and prevention systems (IDS and IPS) by encouraging attacks for the wrong type of Web and application servers
  • Avoid manual configuration of basic IIS masking security features

System Requirements
  • IIS 6.0 / Windows Server 2003 (all x86-32 Bit versions; sign up for the x86-64 Bit Beta Alert)
  • IIS 5.1 / Windows XP (not recommended for production use)
  • IIS 5 / Windows 2000
  • IIS 4 / Windows NT
  • Note: IIS 7 / Windows Server 2008 not yet supported (sign up for the IIS 7 Beta Alert)

Support and Upgrades

Pricing
Free 30-Day Trial Download Try
Single Server License (Unlimited Domains) - $149.95
Buy
Over Three (3) Servers / Site License Packs - Get a quote Quote
Learn more about Port80 Software evaluation and licensing

Port80's Guarantee to You:
Port80 Software stands behind our products 100%. Given the nature of Web server utilities, various environments and third party applications may cause new and unforeseen conflicts. Therefore, Port80 pledges to work with you to ensure our products run in all testing and production environments -- if you work with us, we will work with you to make your IIS Web server safer, faster and friendlier.


Microsoft Certified Partner Logo
Port80 Software
5252 Balboa Ave, Suite 707 San Diego, CA 92117
858.268.7960 tel | 858.268.7760 fax | 888.4PORT80 toll free
info@port80software.com
home | products | support | about | contact
legal | privacy | site map
©2002-2008 Port80 Software, Inc.