Remote authors or content providers will only use secure encrypted logons and connections to upload files to the Document Root directory.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-13686 | WG235 | SV-14278r2_rule | High |
| Description |
|---|
| Logging in to a web server via a telnet session or using HTTP or FTP in order to upload documents to the web site is a risk if proper encryption is not utilized to protect the data being transmitted. A secure shell service or HTTPS needs to be installed and in use for these purposes. |
| STIG | Date |
|---|---|
| IIS 7.0 WEB SITE STIG | 2017-12-21 |
Details
| Check Text ( C-30006r1_chk ) |
|---|
| Query the SA to determine if there is a process for the uploading of files to the web site. This process should include the requirement for the use of a secure encrypted logon and secure encrypted connection. If the remote users are uploading files without utilizing approved encryption methods, this is a finding. |
| Fix Text (F-26857r1_fix) |
|---|
| Use only secure encrypted logons and connections for uploading files to the web site. |