WA060 - A public web server is not isolated in accordance with the DOD Network STIG and DOD Enclave STIG.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Vulnerability Key: V0002242
IA Controls: EBPW-1 Public WAN Connection
Categories: 14.5 Physical Layer Security
Severity: Category II
Ref: ENCLAVE SECURITY TECHNICAL IMPLEMENTATION GUIDE WEB SERVER SECURITY TECHNICAL IMPLEMENTATION GUIDE Section 2.4
Network Infrastructure Security Implementation Guide
To minimize exposure of private assets to unecessary risk by attackers, Public web servers must
be isolated from internal systems. Public web server also refers to web servers that may be
located on non-public networks and that contain information that is approved for release to the
entire community. Public web servers must not have trusted connections with assets outside the
confines of the demilitarized zone (DMZ) or isolated separate public enclave (subnet). This trusted
connection is not to be confused with a Microsoft Domain trust. A trusted connection can be an
attachment to Microsoft shares, in UNIX as Network File System (NFS) mounts, as well as
connections to interior enclave printers. This relationship can also be found with connections from
public web servers to interior enclave databases.
NOTE: Nessus did not perform this check as it requires manual verification that the web server is isolated according to DOD standards.