Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-91207 | IISW-SV-000160 | SV-101307r1_rule | Medium |
Description |
---|
It is important to segregate public web server resources from private resources located behind the DoD DMZ in order to protect private assets. When folders, drives, or other resources are directly shared between the public web server and private servers the intent of data and resource segregation can be compromised. Resources, such as, printers, files, and folders/directories must not be shared between public web servers and assets located within the internal network. |
STIG | Date |
---|---|
IIS 8.5 Server Security Technical Implementation Guide | 2019-01-08 |
Check Text ( C-90361r1_chk ) |
---|
1. From a command prompt, type "net share" and press “Enter” to provide a list of available shares (including printers). 2. To display the permissions assigned to the shares type "net share" followed by the share name found in the previous step. If any private assets are assigned permissions to the share, this is a finding. If any printers are shared, this is a finding. |
Fix Text (F-97405r1_fix) |
---|
Configure the public web server to not have a trusted relationship with any system resource that is also not accessible to the public. Web content is not to be shared via Microsoft shares or NFS mounts. |