Web content directories must not be anonymously shared.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-2226 | WG210 IIS7 | SV-32529r2_rule | Medium |
| Description |
|---|
| Anonymously shared directories are exposed to unnecessary risk. Any unnecessary exposure increases the risk that an intruder could exploit this access and compromise the web content or cause web server performance problems. |
| STIG | Date |
|---|---|
| IIS 7.0 WEB SITE STIG | 2017-12-21 |
Details
| Check Text ( C-32831r1_chk ) |
|---|
| 1. Open the IIS Manager. 2. Click the site name under review. 3. Click Edit Permissions on the Actions Pane. 4. Click the Sharing tab. 5. If there are any anonymous shares under Network File and Folder sharing, this is a finding. |
| Fix Text (F-29056r1_fix) |
|---|
| 1. Open the IIS Manager. 2. Click the site name under review. 3. Click Edit Permissions on the Actions Pane. 4. Select the Sharing button. 5. Click Share and then click stop sharing. |