Details

Many of the security problems that occur are not the result of a user gaining access to files or data for which the user does not have permissions, but rather users are assigned incorrect permissions to unauthorized data. The files, directories, and data that are stored on the web server need to be evaluated and a determination made concerning authorized access to information and programs on the server. Only authorized users and administrative accounts will be allowed on the host server in order to maintain the web server, applications, and review the server operations.

Solution

Remove the Anonymous access account from all privileged accounts and all privileged groups.

Supportive Information

The following resource is also helpful.

• https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_IIS_8-5_Y20M10_STIG.ziphttps://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_IIS_8-5_Y20M10_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Windows.

References

• 800-53|SC-2
• CAT|I
• CCI|CCI-001082
• Rule-ID|SV-214461r508659_rule
• STIG-ID|IISW-SI-000221
• STIG-Legacy|SV-91507
• STIG-Legacy|V-76811
• Vuln-ID|V-214461

Source

• Tenable.com/audits