IIS Provisioning Security Considerations

  • Article

In protecting an Internet Information Services (IIS) provisioning deployment, it is important to consider many of the same basic input source and validation issues listed in Input Validation and Protection against Injection Attacks.

One key parameter that a developer must validate and protect is the "path" parameter that can be set on any IIS Virtual Directory or Site. This parameter points to folder path whether local or UNC that will contain the data exposed through the IIS, this raises the possibility of exposing information that was not intended to be exposed through IIS.

Here are some guidelines a developer should follow when designing an interface that interacts with the IIS Provider and corresponding namespaces.

  • User Interfaces or automation engines should build a valid path from a protected list of known good local or UNC path roots.

  • The path parameter should not be based on any direct end-user input.

  • Firewall rules should be configured such that the MPF Engine servers can only establish RPC/NetBIOS connections with valid FileServers.

  • User Interfaces or automation engines should perform basic encoding on the path before setting the value of path.