UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Web server/site administration must be performed over a secure path.


Overview

Finding ID Version Rule ID IA Controls Severity
V-2249 WG230 IIS7 SV-32329r1_rule EBRP-1 EBRU-1 High
Description
Logging into a web server via a telnet session or using HTTP or FTP to perform updates and maintenance carries risk because user IDs and passwords are passed in the plain text. A secure shell service or HTTPS should be used for these purposes. Another alternative is to administer the web server/site from the local console.
STIG Date
IIS 7.0 WEB SITE STIG 2014-12-05

Details

Check Text ( C-32735r1_chk )
1. Right-click the Computer icon, select Properties.
2. Click Remote Settings.
3. If Allow connections only from computers running remote desktop with Network Level Authentication is not selected, this is a finding.
Fix Text (F-29062r1_fix)
1. Develop documentation listing those individuals who are authorized to perform remote administration.
2. Right-click the Computer icon, select Properties
3. Click Remote Settings
4. Select Allow connections only from computers running remote desktop with Network Level Authentication.
5. Click Select Users and add the users to the list the SA has documented as authorized to access the system remotely.