[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 144
  • Last Modified:

Install web application on C-Drive?

My company makes an IIS-based web application that runs on Windows Server 2003. A person at my company is convinced that "nobody should ever install a web application onto the C drive, for security reasons". Therefore, we insist that all our customers create a "D" partition and install the webapp onto that partition.

This notion seems bizarre to me, mainly because, of the thousands of web-security articles I've read, nothing like this has ever been mentioned. And I have installed many web apps from other companies, and they all install to C by default, and none of them recommend to "not install to c".

I am looking for info about this, "for" or "against", backed up by specifics, online articles, and anything else reputable.
0
SweatCoder
Asked:
SweatCoder
  • 2
  • 2
1 Solution
 
SweatCoderAuthor Commented:
Note: I am looking for as many posts as possible. If somebody else posts something that you agree with, please post and say that you agree, etc., or add anything you'd like. I will split points for a few of the most valuable posts.
0
 
jss1199Commented:
Hi SweatCoder,

There are a number of reason why one would want to install a web application on a partition other than the system drive.  Foremost is the number of exploits within IE and web apps that can grant a malicious user access to the file system - putting the application on D: somewhat lessens the chance that the intruder may 'take down' the entire server.

As a general systems administration rule, it is best practice and strongly recommended for any server to have a seperate partition for applications.  C:\ drive should be reserved for OS (and possibly paging) only and D:\, E:\, etc for all other applications (web apps, Office, virus software, etc)


Cheers!
0
 
SweatCoderAuthor Commented:
jss1199, that's a well-stated answer, but...can you give me a link to [an] article(s) that backs up your assertion?
0
 
jss1199Commented:
I know of a couple that recommend a separate OS partition.  I doubt you will find much *documented* as separating OS from data and applications is entrenched as the de facto best practice....  

Microsoft recommendation - Windows 2000 Security Hardening Guide - http://www.microsoft.co.ke/technet/security/prodtech/windows2000/win2khg/03osinstl.mspx

  Excerpt - For servers, we recommend using about 4 GB of space on one disk for the operating system. The remaining space in the system should be reserved for data files, services, utilities and so on. We highly discourage storage of user data files on the boot partition on servers, while on workstations this is acceptable practice which makes it easier for users to locate their data.

Informit - http://www.informit.com/guides/content.asp?g=windowsserver&seqNum=15&rl=1

  Excerpt - It's generally best to keep the operating system on a separate partition from your applications and data. System and boot partitions are where you initially boot from, usually drive C:\



0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now