Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-13686 | WG235 W22 | SV-33131r1_rule | EBRP-1 EBRU-1 | High |
Description |
---|
Logging in to a web server via an unencrypted protocol or service, to upload documents to the web site, is a risk if proper encryption is not utilized to protect the data being transmitted. An encrypted protocol or service must be used for remote access to web administration tasks. |
STIG | Date |
---|---|
APACHE SITE 2.0 for Windows | 2011-12-12 |
Check Text ( C-33783r1_chk ) |
---|
Query the SA to determine if there is a process for the uploading of files to the web site. This process should include the requirement for the use of a secure encrypted logon and secure encrypted connection. If the remote users are uploading files without utilizing approved encryption methods, this is a finding. |
Fix Text (F-29426r1_fix) |
---|
Use only secure encrypted logons and connections for uploading files to the web site. |