Starting at $199.95
Stop Information Leakage: Web Server Anonymization
Misdirect Hackers for Defense-In-Depth Security
New Version 4 Released December 2008
Port80 Software's ServerMask is clearly the best solution yet produced for managing IIS HTTP headers.
Brett Hill, Microsoft MVP & IIS Guru of www.iistraining.com
Read more testimonials
The ServerMask Security Solutions allowed us to surpass our government requirements for host and network anti-reconnaissance... helping us to defeat over 1,300 probe attacks in one audit.
IT Manager and LAN Administrator, United States General Services Administration
Read case study
Broadcasting your Web server's identity allows intruders to complete their first task -- identifying your operating system, Web server, and application technology. ServerMask modifies your IIS Web server's "fingerprint" by removing unnecessary HTTP header data and adjusting other response information.
ServerMask obscures the identity of your Microsoft IIS Web server's "fingerprint" by:
- Removing unnecessary HTTP response data
- Camouflaging info by providing false signatures
- Modifying cookie values
- Removing the need to serve file extensions
Successful anti-reconnaissance makes it more likely attackers will try the wrong exploits first and be snared by firewalls and intrusion detection systems. ServerMask augments these defenses to build more secure networks, return better results on security audits, and mitigate the risk of attack.
ServerMask is already protecting thousands of customers around the world, including financial institutions, governments, and Fortune 1000 companies
With easy installation and configuration in minutes, secure your Microsoft IIS Web servers by downloading ServerMask today.
Pricing
Free 30-Day Trial Download
Single Server License (Unlimited Domains) - $199.95 *
Over Three (3) Servers / Site License Packs - Get a quote
Related Information:
Features
New in v4.0
- Application-layer error suppression for PCI compliance
- Completely redesigned user interface, featuring 100% managed code
- Multiple default profiles and the ability to create custom profiles
- Per-site configuration, allowing unique settings to be applied per domain
- 64-bit support
- Auto-generated decoy cookies and headers
- One-to-many cookie masking
- Customizable HTTP error messages (CustomError functionality)
Product Highlights
- Mask the Server name header in a number of ways:
- Remove altogether
- Replace with one of 30 other Web server signatures
- Replace with one a custom server name you create
- Select multiple false Web server signatures and randomize the response (you select how often a response is refreshed).
- Emulate Apache's HTTP header order
- Emulate the ETAG and ALLOW header formats of non-IIS servers
- Remove unnecessary HTTP headers, such as PUBLIC, X-POWERED-BY and others
- Rewrite identifying session cookie names such as ASPSessionID and ASP.NET_SessionId using one or more alternative names; fabricate decoy cookies to further confuse attackers
- Rewrite 404 and application-layer errors for PCI compliance; suppress info leakage by converting 500-range errors to 404 errors, then presenting custom 404 responses (CustomError functionality)
- Remove identifying file extensions such as .asp, .aspx and other Microsoft technologies from source code and URL display
System Requirements
- IIS 6.0 / Windows Server 2003 (both 32-bit and 64-bit x86 versions)
- IIS 5.1 / Windows XP (not recommended for production use)
- IIS 5 / Windows 2000
- IIS 4 / Windows NT
- Note: IIS 7 / Windows Server 2008 not yet supported (sign up for the IIS 7 Beta Alert)
