An error occurred:

Check: IISW-SV-000151

Microsoft IIS 8.5 Server STIG: IISW-SV-000151 (in versions v2 r7 through v2 r1)

Title

The IIS 8.5 web server must be tuned to handle the operational requirements of the hosted application. (Cat II impact)

Discussion

A Denial of Service (DoS) can occur when the web server is so overwhelmed that it can no longer respond to additional requests. A web server not properly tuned may become overwhelmed and cause a DoS condition even with expected traffic from users. To avoid a DoS, the web server must be tuned to handle the expected traffic for the hosted applications.

Check Content

If the IIS 8.5 web server is not hosting any applications, this is Not Applicable. If the IIS 8.5 web server is hosting applications, consult with the System Administrator to determine risk analysis performed when application was written and deployed to the IIS 8.5 web server. Obtain documentation on the configuration. Verify, at a minimum, the following tuning settings in the registry. Access the IIS 8.5 web server registry. Verify the following values are present and configured. The required setting depends upon the requirements of the application. Recommended settings are not provided as these settings have to be explicitly configured to show a conscientious tuning has been made. Navigate to HKLM\SYSTEM\CurrentControlSet\Services\HTTP\Parameters\ "URIEnableCache" "UriMaxUriBytes" "UriScavengerPeriod" If explicit settings are not configured for "URIEnableCache", "UriMaxUriBytes" and "UriScavengerPeriod", this is a finding.

Fix Text

Access the IIS 8.5 web server registry. Verify the following values are present and configured. The required setting depends upon the requirements of the application. These settings have to be explicitly configured to show a conscientious tuning has been made. Navigate to HKLM\SYSTEM\CurrentControlSet\Services\HTTP\Parameters\ Configure the following registry keys to levels to accommodate the hosted applications. "URIEnableCache" "UriMaxUriBytes" "UriScavengerPeriod"

Additional Identifiers

Rule ID: SV-214434r879806_rule

Vulnerability ID: V-214434

Group Title: SRG-APP-000435-WSR-000148

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-002385

The information system protects against or limits the effects of organization-defined types of denial of service attacks by employing organization-defined security safeguards.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
SC-5

Denial Of Service Protection