ServerMask 4.0

ServerMask 4.0 is a useful tool which is designed to prevent dangerous information leakage from your IIS Web server and IIS-hosted Web applications. Using this version of ServerMask will bring you such pleasure and convenience.

ServerMask 4 is the Internet Information Services (IIS) module that defeats the reconnaissance efforts of would-be attackers. The following documentation reviews ServerMasks anti-reconnaissance features and describes how to configure ServerMask for optimum security in your Web server environment.

ServerMask from Port80 Software modifies your Web server?s "fingerprint" by removing unnecessary HTTP response data, modifying cookie values, and obscuring other response information. NEW in v4: 64-bit support, application-layer error suppression for PCI compliance, auto-generated decoy cookies and headers, completely redesigned UI, and per-site configuration.

ServerMask 4 retains the most valuable security features from prior versions, such as the ability to remove, change, or randomize the default IIS Server header; Support for serving files without identifying file extensions, emulation of non-IIS header order or Allow format, and customizable HTTP error messaging.

ServerMask is fully compatible with IIS 4, 5, and 6, IIS Lockdown, URLScan, FrontPage, Outlook Web Access, and major scripting platforms like ASP, ASP.NET, ColdFusion, PHP, JSP, and Perl. ServerMask is available for a free, fully-functional 30-day trial.

Major Features:

1. Mask the Server name header in a number of ways
   
   • Remove altogether
   • Replace with one of 30 other Web server signaturesReplace with one a custom server name you create
   • Select multiple false Web server signatures and randomize the response (you select how often a response is refreshed).
2. Emulate Apache's HTTP header order
3. Emulate the ETAG and ALLOW header formats of non-IIS servers
4. Remove unnecessary HTTP headers, such as PUBLIC, X-POWERED-BY and others
5. Rewrite identifying session cookie names such as ASPSessionID and ASP.NET_SessionId using one or more alternative names; fabricate decoy cookies to further confuse attackers
6. Rewrite 404 and application-layer errors for PCI compliance; suppress info leakage by converting 500-range errors to 404 errors, then presenting custom 404 responses (CustomError functionality)
7. Remove identifying file extensions such as .asp, .aspx and other Microsoft technologies from source code and URL display

Enhancements:

1. 64-bit support
2. New UI 100% managed code
3. Application-layer error suppression for PCI compliance
4. Completely redesigned user interface, featuring 100% managed code
5. Multiple default profiles and the ability to create custom profiles
6. Per-site configuration, allowing unique settings to be applied per domain
7. Auto-generated decoy cookies and headers
8. One-to-many cookie masking
9. Customizable HTTP error messages (CustomError functionality)

Requirements:

1. IIS 4, 5, 5.1, or 6.0
   
2. Windows NT, 2000, XP, or Server 2003

WareSeeker Editor