WG210 IIS6 - Web content directories must not be anonymously shared.

Information

Anonymously shared directories are exposed to unnecessary risk. Any unnecessary exposure increases the risk that an intruder could exploit the access and compromise the web content or cause web server performance problems.

NOTE: Review the found shares and ensure the web content directories are not being shared.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Remove the shares from the applicable directories.

See Also

http://iasecontent.disa.mil/stigs/zip/July2015/U_IIS_6-0_V6R16_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CAT|II, Rule-ID|SV-38048r2_rule, STIG-ID|WG210_IIS6, Vuln-ID|V-2226

Plugin: Windows

Control ID: ed39df7afe8c68d17d0f50036cbd53deb0f5c09051011d5f04a93a0c5ecf7dfe