?
Solved

Transveral attacks

Posted on 2013-06-25
8
Medium Priority
?
137 Views
Last Modified: 2013-10-28
On my web server physical folder and files (pages) are on D:/ drive while the OS (windows 2008) is on C:/ do you think that is adequate to stop transveral attacks?
0
Comment
Question by:smitty62
  • 6
  • 2
8 Comments
 

Author Comment

by:smitty62
ID: 39276006
P.S.  I would like to keep the iis option enabled for partent path.  Is that okay with how the drives are setup?
0
 
LVL 12

Expert Comment

by:mwochnick
ID: 39276419
Its a start but its not enough, but that's probably not what you are looking for.  To adequately answer your question more information is needed.  Things like
are your running applications or just web pages
what version of IIS? 7.5?
etc
But in lieu of that a good place to start is
http://adminspeak.wordpress.com/2011/12/05/iis-7-best-practices/
or
http://security-24-7.com/hardening-guide-for-iis-7-5-on-windows-2008-r2-server-core-platform/

Articles explaining how an informative article on traversal attacks
http://www.acunetix.com/websitesecurity/directory-traversal/
http://en.wikipedia.org/wiki/Directory_traversal_attack
0
 

Author Comment

by:smitty62
ID: 39277928
I am running iis 7.5.  I set the website folder (DOInet) to enable parent paths.  Under this root folder for the website are both .net applications and classic asp pages.  The website folder is setup on the D:/ drive while Windows 2008 is setup on the C:/ drive.
0
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 

Author Comment

by:smitty62
ID: 39277935
I was reading the  http://adminspeak.wordpress.com/2011/12/05/iis-7-best-practices/
  link, and I'm adhering to all the best practices except #7 which is 301 redirects for all redirected content.  I'm not sure what they mean by that.
0
 

Author Comment

by:smitty62
ID: 39277943
I just read a little more on #7, and I am adhering to that as well.  A specific IP address is assigned.
0
 
LVL 12

Expert Comment

by:mwochnick
ID: 39278883
that's good, one thing that I didn't ask was are you actually seeing a specific problem or are you being proactive in your server configuration?
0
 

Accepted Solution

by:
smitty62 earned 0 total points
ID: 39279003
We are having problems with an old intra net server windows 2003 iis 6.0.  Another agency setup the server for us which is windows 2008 iis 7.5.  They didn't set it up the same way so there are some software files on the D:/ drive.  The OS is on the C:/ drive.  This is an in house intra net website, but I still would prefer that everything is done correctly.  

Soon we will be doing the same thing for our internet server that's hit from the outside.  I just want to make sure that everything is secure.
0
 

Author Closing Comment

by:smitty62
ID: 39605093
resolved.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
What You Need to Know when Searching for a Webhost Provider
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
Look below the covers at a subform control , and the form that is inside it. Explore properties and see how easy it is to aggregate, get statistics, and synchronize results for your data. A Microsoft Access subform is used to show relevant calcul…
Suggested Courses

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question