Web Administrators must only use encrypted connections for Document Root directory uploads.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-13686 | WG235 W22 | SV-33131r1_rule | - | high |
| Description | ||||
| Logging in to a web server via an unencrypted protocol or service, to upload documents to the web site, is a risk if proper encryption is not utilized to protect the data being transmitted. An encrypted protocol or service must be used for remote access to web administration tasks. | ||||
| STIG | Date | |||
| APACHE 2.2 Site for Windows Security Technical Implementation Guide | 2018-12-24 | |||
Details
Check Text (C-33131r1_chk)
Query the SA to determine if there is a process for the uploading of files to the web site. This process should include the requirement for the use of a secure encrypted logon and secure encrypted connection.
If the remote users are uploading files without utilizing approved encryption methods, this is a finding.
Fix Text (F-29426r1_fix)
Use only secure encrypted logons and connections for uploading files to the web site.