UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Public web server resources must not be shared with private assets.


Overview

Finding ID Version Rule ID IA Controls Severity
V-91207 IISW-SV-000160 SV-101307r1_rule Medium
Description
It is important to segregate public web server resources from private resources located behind the DoD DMZ in order to protect private assets. When folders, drives, or other resources are directly shared between the public web server and private servers the intent of data and resource segregation can be compromised. Resources, such as, printers, files, and folders/directories must not be shared between public web servers and assets located within the internal network.
STIG Date
IIS 8.5 Server Security Technical Implementation Guide 2019-01-08

Details

Check Text ( C-90361r1_chk )
1. From a command prompt, type "net share" and press “Enter” to provide a list of available shares (including printers).
2. To display the permissions assigned to the shares type "net share" followed by the share name found in the previous step.
If any private assets are assigned permissions to the share, this is a finding.
If any printers are shared, this is a finding.
Fix Text (F-97405r1_fix)
Configure the public web server to not have a trusted relationship with any system resource that is also not accessible to the public. Web content is not to be shared via Microsoft shares or NFS mounts.