?
Solved

Transveral attacks

Posted on 2013-06-25
8
Medium Priority
?
134 Views
Last Modified: 2013-10-28
On my web server physical folder and files (pages) are on D:/ drive while the OS (windows 2008) is on C:/ do you think that is adequate to stop transveral attacks?
0
Comment
Question by:smitty62
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 2
8 Comments
 

Author Comment

by:smitty62
ID: 39276006
P.S.  I would like to keep the iis option enabled for partent path.  Is that okay with how the drives are setup?
0
 
LVL 12

Expert Comment

by:mwochnick
ID: 39276419
Its a start but its not enough, but that's probably not what you are looking for.  To adequately answer your question more information is needed.  Things like
are your running applications or just web pages
what version of IIS? 7.5?
etc
But in lieu of that a good place to start is
http://adminspeak.wordpress.com/2011/12/05/iis-7-best-practices/
or
http://security-24-7.com/hardening-guide-for-iis-7-5-on-windows-2008-r2-server-core-platform/

Articles explaining how an informative article on traversal attacks
http://www.acunetix.com/websitesecurity/directory-traversal/
http://en.wikipedia.org/wiki/Directory_traversal_attack
0
 

Author Comment

by:smitty62
ID: 39277928
I am running iis 7.5.  I set the website folder (DOInet) to enable parent paths.  Under this root folder for the website are both .net applications and classic asp pages.  The website folder is setup on the D:/ drive while Windows 2008 is setup on the C:/ drive.
0
Get proactive database performance tuning online

At Percona’s web store you can order full Percona Database Performance Audit in minutes. Find out the health of your database, and how to improve it. Pay online with a credit card. Improve your database performance now!

 

Author Comment

by:smitty62
ID: 39277935
I was reading the  http://adminspeak.wordpress.com/2011/12/05/iis-7-best-practices/
  link, and I'm adhering to all the best practices except #7 which is 301 redirects for all redirected content.  I'm not sure what they mean by that.
0
 

Author Comment

by:smitty62
ID: 39277943
I just read a little more on #7, and I am adhering to that as well.  A specific IP address is assigned.
0
 
LVL 12

Expert Comment

by:mwochnick
ID: 39278883
that's good, one thing that I didn't ask was are you actually seeing a specific problem or are you being proactive in your server configuration?
0
 

Accepted Solution

by:
smitty62 earned 0 total points
ID: 39279003
We are having problems with an old intra net server windows 2003 iis 6.0.  Another agency setup the server for us which is windows 2008 iis 7.5.  They didn't set it up the same way so there are some software files on the D:/ drive.  The OS is on the C:/ drive.  This is an in house intra net website, but I still would prefer that everything is done correctly.  

Soon we will be doing the same thing for our internet server that's hit from the outside.  I just want to make sure that everything is secure.
0
 

Author Closing Comment

by:smitty62
ID: 39605093
resolved.
0

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: kevp75
Hey folks, 'bout time for me to come around with a little tip. Thanks to IIS 7.5 Extensions and Microsoft (well... really Windows 8, and IIS 8 I guess...), we can now prime our Application Pools, when IIS starts. Now, though it would be nice t…
Periodically we have to update or add SSL certificates for customers. Depending upon your hosting plan you may be responsible for the installation and/or key generation. In the wake of Heartbleed many sites were forced to re-key. We will concen…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question