A major security issue is the exposure of a Web server’s identity via its HTTP header.
Broadcasting this data makes it easier for a potential intruder to complete their first hacking task - identifying your operating system and Web server - so don't let them know what you are running. If you can prevent information leakage regarding your Web server, you should prevent it.
Port80 ServerMask 3.02 obscures the identity of a Windows Web server by removing the most obvious signs that you are running IIS. ServerMask - removes or modifies unnecessary response data. The software provides control over what Server header data, if any, is visible in HTTP responses. Session cookie masking, a unique feature not available in any other software, permits the customization of any type of session cookie (including the Windows-specific ASP session cookie).
Port80 ServerMask can emulate the Apache Web server’s HTTP header order and disable Microsoft WebDav with one click to suppress its multiple identifiable headers. It also removes the Windows-specific Public header from HTTP responses, a relic of HTTP 1.0 seldom used today, and converts the Windows SMTP banner to any message. When combined with these recommendations, ServerMask provides the anonymization component of your total security strategy. ServerMask is a fast, robust IIS module that can be installed and configured in less than 2 minutes.
System Requirements
ServerMask is compatible with the following:
* IIS 6.0 (Windows 2003)
* IIS 5.0 (Windows 2000)
* IIS 4.0 (Windows NT 4.0)
* IIS 5.1 (Windows XP Pro)*
ServerMask has been tested with the following Win32 scripting environments/server extensions:
* ASP.NET
* ASP (2.0 and 3.0)
* FrontPage Server Extensions (publishing)
* Outlook Web Access (For Exchange 2000 only)
* Cold Fusion Server (5.0, MX and MX 6.1)
* ActiveState Perl (5.6.1, ISAPI and CGI configurations)
* PHP (4.2.1, CGI configuration)
* JSP
ServerMask has also been tested for compatibility with Microsoft's IIS LockDown and URLScan security utilities.