Transveral attacks

On my web server physical folder and files (pages) are on D:/ drive while the OS (windows 2008) is on C:/ do you think that is adequate to stop transveral attacks?
smitty62Asked:
Who is Participating?
 
smitty62Connect With a Mentor Author Commented:
We are having problems with an old intra net server windows 2003 iis 6.0.  Another agency setup the server for us which is windows 2008 iis 7.5.  They didn't set it up the same way so there are some software files on the D:/ drive.  The OS is on the C:/ drive.  This is an in house intra net website, but I still would prefer that everything is done correctly.  

Soon we will be doing the same thing for our internet server that's hit from the outside.  I just want to make sure that everything is secure.
0
 
smitty62Author Commented:
P.S.  I would like to keep the iis option enabled for partent path.  Is that okay with how the drives are setup?
0
 
mwochnickCommented:
Its a start but its not enough, but that's probably not what you are looking for.  To adequately answer your question more information is needed.  Things like
are your running applications or just web pages
what version of IIS? 7.5?
etc
But in lieu of that a good place to start is
http://adminspeak.wordpress.com/2011/12/05/iis-7-best-practices/
or
http://security-24-7.com/hardening-guide-for-iis-7-5-on-windows-2008-r2-server-core-platform/

Articles explaining how an informative article on traversal attacks
http://www.acunetix.com/websitesecurity/directory-traversal/
http://en.wikipedia.org/wiki/Directory_traversal_attack
0
Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

 
smitty62Author Commented:
I am running iis 7.5.  I set the website folder (DOInet) to enable parent paths.  Under this root folder for the website are both .net applications and classic asp pages.  The website folder is setup on the D:/ drive while Windows 2008 is setup on the C:/ drive.
0
 
smitty62Author Commented:
I was reading the  http://adminspeak.wordpress.com/2011/12/05/iis-7-best-practices/
  link, and I'm adhering to all the best practices except #7 which is 301 redirects for all redirected content.  I'm not sure what they mean by that.
0
 
smitty62Author Commented:
I just read a little more on #7, and I am adhering to that as well.  A specific IP address is assigned.
0
 
mwochnickCommented:
that's good, one thing that I didn't ask was are you actually seeing a specific problem or are you being proactive in your server configuration?
0
 
smitty62Author Commented:
resolved.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.