Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Transveral attacks

Posted on 2013-06-25
8
Medium Priority
?
135 Views
Last Modified: 2013-10-28
On my web server physical folder and files (pages) are on D:/ drive while the OS (windows 2008) is on C:/ do you think that is adequate to stop transveral attacks?
0
Comment
Question by:smitty62
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 2
8 Comments
 

Author Comment

by:smitty62
ID: 39276006
P.S.  I would like to keep the iis option enabled for partent path.  Is that okay with how the drives are setup?
0
 
LVL 12

Expert Comment

by:mwochnick
ID: 39276419
Its a start but its not enough, but that's probably not what you are looking for.  To adequately answer your question more information is needed.  Things like
are your running applications or just web pages
what version of IIS? 7.5?
etc
But in lieu of that a good place to start is
http://adminspeak.wordpress.com/2011/12/05/iis-7-best-practices/
or
http://security-24-7.com/hardening-guide-for-iis-7-5-on-windows-2008-r2-server-core-platform/

Articles explaining how an informative article on traversal attacks
http://www.acunetix.com/websitesecurity/directory-traversal/
http://en.wikipedia.org/wiki/Directory_traversal_attack
0
 

Author Comment

by:smitty62
ID: 39277928
I am running iis 7.5.  I set the website folder (DOInet) to enable parent paths.  Under this root folder for the website are both .net applications and classic asp pages.  The website folder is setup on the D:/ drive while Windows 2008 is setup on the C:/ drive.
0
Simplify Your Workload with One Tool

How do you combat today’s intelligent hacker while managing multiple domains and platforms? By simplifying your workload with one tool. With Lunarpages hosting through Plesk Onyx, you can:

Automate SSL generation and installation with two clicks
Experience total server control

 

Author Comment

by:smitty62
ID: 39277935
I was reading the  http://adminspeak.wordpress.com/2011/12/05/iis-7-best-practices/
  link, and I'm adhering to all the best practices except #7 which is 301 redirects for all redirected content.  I'm not sure what they mean by that.
0
 

Author Comment

by:smitty62
ID: 39277943
I just read a little more on #7, and I am adhering to that as well.  A specific IP address is assigned.
0
 
LVL 12

Expert Comment

by:mwochnick
ID: 39278883
that's good, one thing that I didn't ask was are you actually seeing a specific problem or are you being proactive in your server configuration?
0
 

Accepted Solution

by:
smitty62 earned 0 total points
ID: 39279003
We are having problems with an old intra net server windows 2003 iis 6.0.  Another agency setup the server for us which is windows 2008 iis 7.5.  They didn't set it up the same way so there are some software files on the D:/ drive.  The OS is on the C:/ drive.  This is an in house intra net website, but I still would prefer that everything is done correctly.  

Soon we will be doing the same thing for our internet server that's hit from the outside.  I just want to make sure that everything is secure.
0
 

Author Closing Comment

by:smitty62
ID: 39605093
resolved.
0

Featured Post

Looking for a new Web Host?

Lunarpages' assortment of hosting products and solutions ensure a perfect fit for anyone looking to get their vision or products to market. Our award winning customer support and 30-day money back guarantee show the pride we take in being the industry's premier MSP.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most ColdFusion developers get confused between the CFSet, Duplicate, and Structcopy methods of copying a Structure, especially which one to use when. This Article will explain the differences in the approaches with examples; therefore, after readin…
If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question