ServerMask 4.1.0

ServerMask 4.1.0 is the right tool if you want to broadcast your Web server's identity allows intruders to complete their first task -- fingerprinting your technology. ServerMask removes unnecessary HTTP header and response data:Camouflages by providing false signatures, modifies cookie values, eliminates the need to serve file extensions and serves custom error pages

Information masking encourages misguided exploits, snaring attackers with your firewalls and Intrusion Detection System. ServerMask augments these defenses to build more secure networks and return better results on security audits.

ServerMask protects thousands of financial institutions, governments, and Fortune 1000 companies around the world. Installation and configuration takes only minutes; download ServerMask today.

Any information a hacker can obtain about your systems is too much information. Broadcasting your Web servers identity via HTTP header data makes it easy for potential intruders to complete their first hacking task: IDENTIFYING your OS and Web server. Hacker pre-attack reconnaissance accounts for 40% of all Internet attack traffic, so make sure that your Windows Web server isn?t giving away unnecessary clues about its identity.

ServerMask from Port80 Software modifies your Web servers "FINGERPRINT" by removing unnecessary HTTP response data, modifying cookie values, eliminating file extensions (.asp, .aspx) and obscuring other response information, thus masking the identity of your server. ADVANCED OPTIONS include custom header creation, internal IP address masking, Apache emulation, response randomization, a Remove Any Header feature, cookie masking, response code NORMALIZATION, and one-click WebDAV disabling.

ServerMask is fully COMPATIBLE with IIS 4, 5, and 6, IIS Lockdown, URLScan, FrontPage, Outlook Web Access, and major scripting platforms like ASP, ASP.NET, ColdFusion, PHP, JSP, and Perl. ServerMask is available for a free, fully functional 30-day trial. Now with 64-bit Support!

Major Features:

1. Mask the Server name header in a number of ways:
   
   • Remove altogether
   • Replace with one of 30 other Web server signatures
   • Replace with one a custom server name you create
   • Select multiple false Web server signatures and randomize the response (you select how often a response is refreshed).
2. Emulate Apache's HTTP header order
   
3. Emulate the ETAG and ALLOW header formats of non-IIS servers
   
4. Remove unnecessary HTTP headers, such as PUBLIC, X-POWERED-BY and others
   
5. Rewrite identifying session cookie names such as ASPSessionID and ASP.NET_SessionId using one or more alternative names; fabricate decoy cookies to further confuse attackers
   
6. Rewrite 404 and application-layer errors for PCI compliance; suppress info leakage by converting 500-range errors to 404 errors, then presenting custom 404 responses (CustomError functionality)
   
7. Remove identifying file extensions such as .asp, .aspx and other Microsoft technologies from source code and URL display 

• Improved handling for non-conforming HTTP requests.
• Version-independent solution to prevent private IP disclosure in Content-Location header.
• Fixed various installer and activation issues.

Requirements:

• OS: Windows Server 2003 with Service Pack 2 or Server 2000 with SP4
• Hardware: x86 (32-bit) or x64 (64-bit)
• Note: IIS 7 / Windows Server 2008 not yet supported (sign up for the IIS 7 Beta Alert)
• .Net 2.0 (or higher)
• Visual C++ 2005 SP1