Title

Public web server resources must not be shared with private assets. (Cat II impact)

Discussion

It is important to segregate public web server resources from private resources located behind the DoD DMZ in order to protect private assets. When folders, drives or other resources are directly shared between the public web server and private servers the intent of data and resource segregation can be compromised. Resources such as printers, files, and folders/directories must not be shared between public web servers and assets located within the internal network.

Check Content

1. From a command prompt, type "net share" and press Enter to provide a list of available shares (including printers). 2. To display the permissions assigned to the shares type "net share" followed by the share name found in the previous step. If any private assets are assigned permissions to the share, this is a finding. If any printers are shared, this is a finding.

Fix Text

Configure the public web server to not have a trusted relationship with any system resource that is not accessible to the public.

Additional Identifiers

Rule ID: SV-38175r1_rule

Vulnerability ID: V-2234

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.