WG040 A22 - Public web server resources must not be shared with private assets.

Information

It is important to segregate public web server resources from private resources located behind the DoD DMZ in order to protect private assets. When folders, drives or other resources are directly shared between the public web server and private servers the intent of data and resource segregation can be compromised.

In addition to the requirements of the DoD Internet-NIPRNet DMZ STIG that isolates inbound traffic from the external network to the internal network, resources such as printers, files, and folders/directories will not be shared between public web servers and assets located within the internal network.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Configure the public web server to not have a trusted relationship with any system resource that is also not accessible to the public. Web content is not to be shared via Microsoft shares or NFS mounts.

See Also

https://iasecontent.disa.mil/stigs/zip/U_Apache_2-2_UNIX_V1R11_STIG.zip

Item Details

References: CAT|II, Rule-ID|SV-32957r1_rule, STIG-ID|WG040_A22, Vuln-ID|V-2234

Plugin: Unix

Control ID: 1ff7e5e539dea37883528e0c9f8d3ec15e9ab8ec25a83c96ba0640d230a3068a