Server Anonymization Best Practices
obscures and secures HTTP signatures or fingerprints that hackers use to identify and attack Web sites and applications.
But even with ServerMask deployed, you should do a few more things to anonymize your server for a complete defense-in-depth security profile.
We recommend the following security measures:
- Protect the Web, application, and database layers from hacker attacks directly with a ServerDefender Web Application Firewall.
- Remove or modify all default (and their location) to hide clues to server identity.
- Use an alternate FTP server like RhinoSoft's Serv-U instead of the default Windows FTP server to present a custom banner, rather than the known Windows FTP banner.
- Customize error pages to avoid displaying server-specific messages that can be identified.
- Avoid using "Integrated Windows Authentication" in IIS Security settings. Learn more.
- Control access to your server by blocking bad requests, preventing image & file leeching, and redirecting traffic based on country or HTTP details with LinkDeny
There are many aspects to consider when making your server invisible to attackers for anti-reconnaissance. ServerMask, used in concert with the above recommendations, will mask your Web server and network identity from the great majority of intruders, script kiddies, and automated attacks.