Masking or anonymizing a Web server involves removing identifying details that intruders could use to detect your OS and Web server vendor and version. This information, while providing little or no utility to legitimate users, is often the starting place for crackers, blackhat hackers and "script kiddies". This article explores some ways you can minimize the risk of such detection. Most of the following examples focus on Microsoft?s Internet Information Server (IIS), since it has been most widely lambasted for its vulnerabilities, but some Apache detection countermeasures are also covered. While IIS users probably have the most vested interest here, server anonymization is relevant to anyone responsible for administering a Web server.

Crackers Start Here. Shouldn?t You?
Let?s look at it from the attacker's point of view: Security vulnerabilities tend to be dependent on software vendor and version. Blind probing might lead to further requests being denied or a system temporarily taken off line. Knowing Web server details greatly increases the efficiency of any attack. If an attacker can target exploits, the chances of successful cracking prior to detection increase significantly. Script kiddies can leverage canned, newly-discovered exploits to do more damage faster by targeting hosts with recognizable signatures. A self-identifying system invites trouble.

As an IIS administrator it sometimes gets downright annoying having to fend off all the insults from Apache admins I meet claiming innate server superiority. Generally the discussion about Web administration starts first with all the various security holes plaguing IIS and the negative press the platform garnered over the last year. Then it invariably moves to a discussion about how Netcraft and other stats sites show Apache as the dominant server on the Web, or how a certain big site uses Apache, or how there are so many cool modules to add to Apache. Pointing out that scads of non-identified corporate in-house servers run IIS, or that it too is a free server (since it comes with the operating system), or that there are in fact plenty of cool add-ons for IIS (including many that provide source code) -- all this does little to dissuade these server chauvinists of their opinion. Rather than whining about rude Apache admins, however, I thought it would be a more useful response simply to write down some of the ways I've found of improving IIS. So without further delay here are my top ten tips for making the most of your IIS

Elsewhere in IT: Need to kill a few minutes? As always, the Internet comes to the rescue. Also, a Q&A with Wiki creator Ward Cunningham, an at-a-glance view of your drive space, and networking speeds like you won't believe. [more from Networking News...]

Plug-ins Promise to Accelerate the Right Video - December 14, 2006
By Dan Muse
To give you a measure of control over video applications, Packeteer announced a Flash plug-in built to help you accelerate only business-related video