UCF STIG Viewer Logo

DCPA-1 Partitioning the Application


Overview

User interface services (e.g., web services) are physically or logically separated from data storage and management services (e.g., database management systems). Separation may be accomplished through the use of different computers, different CPUs, different instances of the operating system, different network addresses, combinations of these methods, or other methods, as appropriate.

MAC / CONF Impact Subject Area
MACI
MACII
Low Security Design and Configuration

Details

Threat
Unauthorized users as well as malicious insiders who gain access to a particular service will find it relatively easy to gain access and exploit another service on the same hard drive. As part of the defense in depth methodology, services must be separated to provide an additional layer of protection between them.

Guidance
1. User interface services (e.g., web pages) are physically or logically separated from data storage and management services (e.g., database management systems).
2. Separation may be accomplished through the use of different computers, different CPUs, different instances of the operating system, different network addresses, combinations of these methods, or other methods, as appropriate.

References

  • DISA Web Server STIG, Version 5, 26 July 2004