Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-13713 | WA000-WI6040 IIS6 | SV-38046r1_rule | ECSC-1 | High |
Description |
---|
The Worker Process Identity is the user defined to run an Application Pool. The IIS 6 worker processes, by default, run under the NetworkService account. Creating a custom identity for each Application Pool better track issues occurring within each web site. When a custom identity is used, the rights and privileges must not exceed those associated with the NetworkService security principal. |
STIG | Date |
---|---|
IIS6 Site | 2014-12-10 |
Check Text ( C-37408r1_chk ) |
---|
1. Open the IIS Manager > Right click on the Application Pool that corresponded to the website being reviewed > Select Properties > Select the Identity tab. 2. Identify the account used to run the process identities. 3. Check the privileges on the account found in step 2 by using Computer Management and opening Users and Groups. 4. The account should be in the IIS_WPG group and not have membership to the Administrators group. If the account used to run the Worker Process Identities is also an Administrator, this is a finding. If the account is set to LocalSystem, this is a finding. NOTE: The "Local Service" or "Network Service" built in accounts are not privileged accounts and would not be a finding. NOTE: This check may be reported as a False Positive by the Gold Disk so a manual verification is recommended if this is an open finding. If this is reported as not a finding, no further checking is necessary. |
Fix Text (F-32644r1_fix) |
---|
1. Open the IIS Manager > Right click on the Application Pool that corresponded to the website being reviewed > Select Properties > Select the Identity tab. 2. Enter the desired account information. 3. Check the privileges on the account found in step 2 by using Computer Management and opening Users and Groups. 4. Ensure the account is a member of the IIS_WPG group and does not have membership to the Administrators group. |