U.S. Government Facility Deploys ServerMask Anti-Reconnaissance Tools, Resulting in a Successful Audit

U.S. General Services Administration logo (from http://www.gsa.gov)

Protecting sensitive data becomes even more significant when the data resides within a large government agency's network. The high profile data losses in 2006 from organizations like the United States Energy Department's National Nuclear Security Administration and the Department of Agriculture only underscore the reality that even government networks remain vulnerable to hackers.

Today, successful Web attacks often begin by probing and detecting network, computer operating system, and Web server signatures to find the best attack vectors. Information Technology teams are focusing more on anti-reconnaissance as a best-practice countermeasure.

Meeting Government Standards

The Unites States General Services Administration is the U.S. federal agency responsible for government acquisitions. A facility within the GSA sought to camouflage its operating system, HTTP, and network signatures. This was essential, since new government requirements for the GSA dictated that the type of operating system and technologies being used internally should provide only a limited footprint to prevent outside reconnaissance.

The U.S. GSA facility had a number of Web servers to support a Web-based application for project tracking and document management. The application is used daily by over 300 employees on an internally-hosted network. The agency needed transparent HTTP anonymization and anti-reconnaissance that did not disrupt application functionality. In addition, the cost of the solution was also a major factor due to limited budget.

Best Practices in Anti-Reconnaissance Exceed Standards

The GSA facility succeeded in finding an anti-reconnaissance solution that could meet its security and budgetary requirements with Port80 Software's ServerMask software and the (now-discontinued) ServerMask IP1000 security appliance.

ServerMask for IIS allowed the U.S. government agency to hide the identity of its Web servers from potential hackers, masking key operating system signatures as well. The agency was able to download a free trial of ServerMask from Port80 Software and then test HTTP anti-reconnaissance locally and cost-effectively.

With successful IIS server anonymization, the agency then evaluated the ServerMask IP1000 security appliance to protect their network against hacker scans and probes at the TCP/IP network level.

“The ServerMask Security Solutions allowed us to surpass our government requirements for host and network anti-reconnaissance," said the GSA's IT Manager and LAN Administrator responsible for the project. "We looked at many security solutions from leading vendors, but they often provided many features beyond anti-reconnaissance that boosted the price. Port80 Software was able to deliver a focused solution that met our needs directly and kept the cost low -- rather than an A-Z, off-the-shelf solution that duplicated firewall and IPS solutions we already had in place.”

ServerMask Passes with Flying Colors

An outside penetration testing company was contracted for an annual audit of the GSA facility's security measures in a structured "hack" of their systems, and the agency passed with flying colors. “The ServerMask Security Solutions were the key to passing the audit,” according to the GSA's IT Manager and LAN administrator. “They also allowed us to exceed the government's audit standards for limiting network technology footprints.”

The system was subjected to penetration testing by using two Web server scenarios: one with the ServerMask defenses plus a standard firewall, and the other with only a standard firewall. Their goal was to identify the OS and technology, then attempt a variety of exploits. The testers used custom software packages for scanning and deploying known exploit hacker attacks. The penetration testers were not able to identify the ServerMask protected box's OS and Web server, but they were able to determine the technology footprint of the unprotected machine.

“With the ServerMask system in place, we've also been able to save a lot of money which we would have otherwise spent on custom software development, hardware and the man hours necessary to lock down our Microsoft IIS Web servers and network with manual anti-recon configuration,” said the GSA's IT Manager and LAN Administrator. “We now have great anti-recon security and are also protected against future attacks due to built-in features that extend beyond our current security requirements.”

Learn more about ServerMask Security Solutions and get a trial download for ServerMask for IIS today.