Access to the web content and script directories must be restricted.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-2258 | WG290 IIS7 | SV-32331r2_rule | High |
| Description |
|---|
| Excessive permission for the anonymous web user account is a common fault contributing to the compromise of a web server. If this account is able to upload and execute files on the web server, the organization or owner of the server will no longer have control of the asset. |
| STIG | Date |
|---|---|
| IIS 7.0 WEB SITE STIG | 2017-12-21 |
Details
| Check Text ( C-32737r1_chk ) |
|---|
| 1. Open the IIS Manager. 2. Click the site name under review. 3. In the Action Pane select Edit Permissions. 4. Select the Security tab. 5. Review the permissions for the accounts. If the IUSR or Everyone Account permission is greater than read, this is a finding. |
| Fix Text (F-29064r1_fix) |
|---|
| 1. Open the IIS Manager. 2. Click the site name under review. 3. In the Action Pane select Edit Permissions. 4. Select the Security tab. 5. Set the permissions for the accounts IUSR and Everyone to read. |