Web Administrators must only use encrypted connections for Document Root directory uploads.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| high | V-13686 | WG235 | WG235 A22 | SV-33024r1_rule | 2019-01-07 | 1 |
| Description |
|---|
| Logging in to a web server via an unencrypted protocol or service, to upload documents to the web site, is a risk if proper encryption is not utilized to protect the data being transmitted. An encrypted protocol or service must be used for remote access to web administration tasks. |
| ℹ️ Check |
|---|
| Determine if there is a process for the uploading of files to the web site. This process should include the requirement for the use of a secure encrypted logon and secure encrypted connection. If the remote users are uploading files without utilizing approved encryption methods, this is a finding. |
| ✔️ Fix |
|---|
| Use only secure encrypted logons and connections for uploading files to the web site. |