IISW-SV-000141 - Remote access to the IIS 8.5 web server must follow access policy or work in conjunction with enterprise tools designed to enforce policy requirements.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Logging into a web server remotely using an unencrypted protocol or service when performing updates and maintenance is a major risk. Data, such as user account, is transmitted in plaintext and can easily be compromised. When performing remote administrative tasks, a protocol or service that encrypts the communication channel must be used.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Ensure the web server administration is only performed over a secure path.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_IIS_8-5_Y22M01_STIG.zip

Item Details

References: CAT|I, CCI|CCI-002314, Rule-ID|SV-214426r508658_rule, STIG-ID|IISW-SV-000141, STIG-Legacy|SV-91435, STIG-Legacy|V-76739, Vuln-ID|V-214426

Plugin: Windows

Control ID: 695bb545659610d531af42244e3b1e5144049b678d4bfe2f413687cc895428bb