Masking or anonymizing a Web server involves removing identifying details that intruders could use to detect your OS and Web server vendor and version. This information, while providing little or no utility to legitimate users, is often the starting place for crackers, blackhat hackers and "script kiddies". This article explores some ways you can minimize the risk of such detection. Most of the examples focus on Microsoft’s Internet Information Server (IIS), since it has been most widely lambasted for its vulnerabilities, but some Apache detection countermeasures are also covered. While IIS users probably have the most vested interest here, server anonymization is relevant to anyone responsible for administering a Web server.