Public web server resources must not be shared with private assets.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-91207	IISW-SV-000160	SV-101307r1_rule		Medium

Description
It is important to segregate public web server resources from private resources located behind the DoD DMZ in order to protect private assets. When folders, drives, or other resources are directly shared between the public web server and private servers the intent of data and resource segregation can be compromised. Resources, such as, printers, files, and folders/directories must not be shared between public web servers and assets located within the internal network.

Description

It is important to segregate public web server resources from private resources located behind the DoD DMZ in order to protect private assets. When folders, drives, or other resources are directly shared between the public web server and private servers the intent of data and resource segregation can be compromised. Resources, such as, printers, files, and folders/directories must not be shared between public web servers and assets located within the internal network.

STIG	Date
IIS 8.5 Server Security Technical Implementation Guide	2019-01-08

Details

Check Text ( C-90361r1_chk )
1. From a command prompt, type "net share" and press “Enter” to provide a list of available shares (including printers). 2. To display the permissions assigned to the shares type "net share" followed by the share name found in the previous step. If any private assets are assigned permissions to the share, this is a finding. If any printers are shared, this is a finding.

Fix Text (F-97405r1_fix)
Configure the public web server to not have a trusted relationship with any system resource that is also not accessible to the public. Web content is not to be shared via Microsoft shares or NFS mounts.