Solved

Transveral attacks

Posted on 2013-06-25
8
130 Views
Last Modified: 2013-10-28
On my web server physical folder and files (pages) are on D:/ drive while the OS (windows 2008) is on C:/ do you think that is adequate to stop transveral attacks?
0
Comment
Question by:smitty62
  • 6
  • 2
8 Comments
 

Author Comment

by:smitty62
ID: 39276006
P.S.  I would like to keep the iis option enabled for partent path.  Is that okay with how the drives are setup?
0
 
LVL 12

Expert Comment

by:mwochnick
ID: 39276419
Its a start but its not enough, but that's probably not what you are looking for.  To adequately answer your question more information is needed.  Things like
are your running applications or just web pages
what version of IIS? 7.5?
etc
But in lieu of that a good place to start is
http://adminspeak.wordpress.com/2011/12/05/iis-7-best-practices/
or
http://security-24-7.com/hardening-guide-for-iis-7-5-on-windows-2008-r2-server-core-platform/

Articles explaining how an informative article on traversal attacks
http://www.acunetix.com/websitesecurity/directory-traversal/
http://en.wikipedia.org/wiki/Directory_traversal_attack
0
 

Author Comment

by:smitty62
ID: 39277928
I am running iis 7.5.  I set the website folder (DOInet) to enable parent paths.  Under this root folder for the website are both .net applications and classic asp pages.  The website folder is setup on the D:/ drive while Windows 2008 is setup on the C:/ drive.
0
Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

 

Author Comment

by:smitty62
ID: 39277935
I was reading the  http://adminspeak.wordpress.com/2011/12/05/iis-7-best-practices/
  link, and I'm adhering to all the best practices except #7 which is 301 redirects for all redirected content.  I'm not sure what they mean by that.
0
 

Author Comment

by:smitty62
ID: 39277943
I just read a little more on #7, and I am adhering to that as well.  A specific IP address is assigned.
0
 
LVL 12

Expert Comment

by:mwochnick
ID: 39278883
that's good, one thing that I didn't ask was are you actually seeing a specific problem or are you being proactive in your server configuration?
0
 

Accepted Solution

by:
smitty62 earned 0 total points
ID: 39279003
We are having problems with an old intra net server windows 2003 iis 6.0.  Another agency setup the server for us which is windows 2008 iis 7.5.  They didn't set it up the same way so there are some software files on the D:/ drive.  The OS is on the C:/ drive.  This is an in house intra net website, but I still would prefer that everything is done correctly.  

Soon we will be doing the same thing for our internet server that's hit from the outside.  I just want to make sure that everything is secure.
0
 

Author Closing Comment

by:smitty62
ID: 39605093
resolved.
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a guide to setting up a new WHM/cPanel Server to be used for web hosting accounts. It is intended for web hosting company administrators and dedicated server owners. For under $99 per month (considering normal rate of Big Data Cetnters like …
One of the typical problems I have experienced is when you have to move a web server from one hosting site to another. You normally prepare all on the new host, transfer the site, change DNS and cross your fingers hoping all will be ok on new server…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question