STIGQter STIGQter: STIG Summary: APACHE 2.2 Server for Windows Security Technical Implementation Guide Version: 1 Release: 13 Benchmark Date: 25 Jan 2019:

Public web server resources must not be shared with private assets.

DISA Rule

SV-33044r2_rule

Vulnerability Number

V-2234

Group Title

WG040

Rule Version

WG040 W22

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the public web server to not have a trusted relationship with any system resource that is not accessible to the public. Web content is not to be shared via Microsoft shares or NFS mounts.

Check Contents

The reviewer should query the ISSO, the SA, or the web administrator as necessary to determine if the public web server has a two-way trusted relationship with any private asset. Private web server resources (e.g., drives, folders, printers, etc.) will not be directly mapped to or shared with public web servers.

The following check indicates an inappropriate sharing of public web server resources:

Navigate to the web server content folders/directories. These directories must not be shared. On the web server content folder, right-click on Properties, then select sharing. All entries must be disabled.

If sharing is selected for any web folder, this is a finding.

The following checks indicate inappropriate sharing of private resources with the public web server:

1. From a command prompt, type net share and Enter. This will provide a list of available shares.
2. Check to see if file and printer or file-sharing is enabled under the Network icon in the Control Panel.

If private resources (e.g., drives, partitions, folders/directories, printers, etc.) are shared with the public web server, this is a finding.

Vulnerability Number

V-2234

Documentable

False

Rule Version

WG040 W22

Severity Override Guidance

The reviewer should query the ISSO, the SA, or the web administrator as necessary to determine if the public web server has a two-way trusted relationship with any private asset. Private web server resources (e.g., drives, folders, printers, etc.) will not be directly mapped to or shared with public web servers.

The following check indicates an inappropriate sharing of public web server resources:

Navigate to the web server content folders/directories. These directories must not be shared. On the web server content folder, right-click on Properties, then select sharing. All entries must be disabled.

If sharing is selected for any web folder, this is a finding.

The following checks indicate inappropriate sharing of private resources with the public web server:

1. From a command prompt, type net share and Enter. This will provide a list of available shares.
2. Check to see if file and printer or file-sharing is enabled under the Network icon in the Control Panel.

If private resources (e.g., drives, partitions, folders/directories, printers, etc.) are shared with the public web server, this is a finding.

Check Content Reference

M

Responsibility

Web Administrator

Target Key

158

Comments