Microsoft Exchange Server is a extensively used e-mail server software. Many utilities, in addition to supporting instruments and aids, have been developed for it. Considering how necessary e-mail is to any group, sustaining a safe Exchange server is an important exercise.
Zero-day vulnerabilities on Exchange Server — not Exchange Online — that have been exploited by cyber attackers starting in January 2021 have put the server’s security within the highlight. While the distant code execution exploits will be mitigated by deploying Microsoft patches and updates, it’s nonetheless vital for security groups to pay shut consideration to different Exchange security best practices.
IT professionals ought to use the next 12 actions to safe and shield Exchange servers from unauthorized entry, cyber assaults, viruses and malware.
1. Keep Exchange servers updated
Microsoft recurrently releases software program updates, patches and different assets to maintain Exchange servers working at peak efficiency. Ensure Exchange Server upkeep consists of deployment and testing of updates, builds, patches, bug fixes, security updates and have compatibility.
2. Launch specialised Microsoft Exchange security utilities
Microsoft provides an array of instruments to make sure Exchange is safe and performing usually, together with the next:
- Microsoft Exchange On-Premises Mitigation Tool. Recent cyber assaults on Exchange servers necessitated the creation of this simple-to-use automated software that meets the wants of customers utilizing present or out-of-support variations of on-premises Exchange Server. Downloading and working the software mitigates the latest zero-days on any Exchange server on which it’s deployed. While it’s not a substitute for normal Exchange security updates, it’s an expeditious option to mitigate dangers to internet-connected, on-premises Exchange servers previous to patching.
- Microsoft Safety Scanner. Also often known as Microsoft Support Emergency Response Tool, this downloadable scanning software finds and removes malware from Windows programs, together with Exchange.
- Microsoft Defender Antivirus. This Windows antimalware software routinely mitigates the latest zero-days. It additionally scans the server and reverses modifications made by identified threats.
- Microsoft Security Configuration Wizard. This tool analyzes the OS supporting Exchange 2008 and recommends methods of enhancing security.
- Microsoft Security Compliance Toolkit. This toolkit analyzes, exams, edits and shops Microsoft-recommended security configuration baselines for Exchange Server, evaluating them towards different security configurations.
- Exchange Analyzer. This PowerShell software examines the present Exchange atmosphere and compares it to Microsoft best practices to establish modifications that may be made to enhance its security posture.
- Microsoft Exchange Online Protection. This cloud-based filtering service protects towards and removes spam, malware and viruses in emails. It is included in all Microsoft 365 installations utilizing Exchange Online mailboxes. It can be supported by hybrid installations utilizing on-premises and cloud-based mailboxes.
- Microsoft Exchange antispam and antimalware. These capabilities are supported in Exchange 2016 and 2019. Antispam safety is offered by the identical built-in transport brokers that have been launched in Exchange Server 2010. Antimalware safety is offered by the malware agent that was launched in Exchange Server 2013.
3. Deploy firewalls
Exchange Server can use Windows Defender Firewall with Advanced Security to facilitate the passage of Exchange visitors. Third-party firewalls designed for Exchange are additionally out there and should embody capabilities to handle potential cybersecurity threats, comparable to viruses, worms, spyware and spam. When evaluating third-party firewalls, test their help options for the Exchange Server model used.
4. Use Exchange Server security applications
Security corporations comparable to Symantec and Kaspersky provide security applications for Exchange Server. Such merchandise shield Exchange from viruses, phishing, denial-of-service assaults, malware and spam. Symantec Mail Security for Microsoft Exchange, for instance, additionally prevents the unfold of email-borne threats and enforces information loss prevention insurance policies.
Be certain to guage how properly a third-party product integrates with Exchange Server, in addition to the frequency of malware updating. As viruses that infect e-mail programs typically originate inside a corporation, don’t restrict scanning to e-mail coming into the system from the skin. Make certain the security software program scans all e-mail for malware and different cyberthreats.
5. Secure the community perimeter supporting Exchange
Providing a safe community perimeter is a crucial Exchange Server security best apply. Techniques to safe perimeters embody sender-recipient connection checking, content material filtering and the usage of reverse proxies and Simple Mail Transfer Protocol gateways. On-premises and cloud-based intrusion prevention and detection programs can be used to scan inbound and outbound emails. Rules in such units ought to embody the power to scan for malware and viruses, in addition to examine attachments.
6. Monitor Exchange servers
Numerous instruments can be found to watch the efficiency of Exchange servers, each from Microsoft and third events. They are usually configured with sensors that detect irregular circumstances. This is completed by setting threshold values for numerous parameters and triggering alerts when these values are exceeded. Sensors will be configured to watch Exchange mailboxes, databases, backups, e-mail queues and different e-mail capabilities. Microsoft provides Azure Monitor — and at present makes use of the product in its personal IT operations — superseding its System Center Operations Manager, although SCOM remains to be out there for enterprise use.
7. Use allowlists and blocklists
Outlook’s allowlists and blocklists allow customers to specify trusted and untrusted senders. The operate works with the Exchange server, which initiates a safelist process that works with filtering assets to allow or deny senders listed by the consumer.
8. Use certificates when coping with exterior providers
An necessary security technique is the usage of (*12*) for exterior providers, comparable to Outlook Web Access and Outlook Anywhere. Certificates will be generated by both an inside or exterior certificates authority.
9. Limit administrative entry to inside customers
Remote administrative entry can open the door to potential security issues. Limit administrative entry to Exchange servers to inside customers solely at any time when potential. If distant administrative entry is required, implement multifactor authentication to spice up security.
10. Enable role-based entry management and require sturdy passwords
As a part of their access management strategy, organizations ought to allow role-based entry management (RBAC), which configures and grants permissions based mostly on guidelines surrounding staff’ roles within the group and their have to know and carry out particular actions. It grants entry exactly and based mostly on the precept of least privilege, additional minimizing the potential for unauthorized entry. The use of strong passwords is a crucial complement to RBAC and different authentication measures.
11. Harden the OS internet hosting Exchange
Hardening the OS that hosts Exchange is one other efficient option to improve Exchange Server’s security posture. It will be carried out manually or with quite a lot of OS hardening instruments, comparable to Microsoft Attack Surface Analyzer or Bastille Linux. The technique of hardening an OS consists of a number of actions, comparable to configuring the OS for larger security, updating and patching it recurrently, defining insurance policies and guidelines to securely handle the system, and deleting pointless or unused functions and providers.
12. Audit mailbox actions
Another option to establish potential security violations is to audit mailboxes supported inside an Exchange server. This is carried out by analyzing the logs of all actions carried out by customers on their mailboxes, in addition to these of different staff and directors who can achieve entry. Logs are then exported for evaluation and identification of potential security breaches.