Exchange data is the heart of any enterprise and is considered to be a critical business application, because it is used for record keeping and as a low-cost communication solution. Today, e-mails are not just accessible from the workstation within the corporate network; they can also be accessed from remote computers or mobile devices. This makes them a very common target for an attack: about 95% of vulnerabilities spread via e-mail attachments.
E-mail attacks can be categorized into three types: spamming, spoofing and phishing.
Most of the e-mails sent via the Internet are spam. Spammers get these e-mail addresses from various sources like newsgroups or service providers and use these e-mail addresses to bombard the mailboxes, which can cause denial of service.
Spoofing means sending e-mails as an unidentified person or as a banker asking for account credentials or personal information.
Phishing is the process of extracting sensitive information like credit card details or personal information from an e-mail.
Needless to say, it is crucial to maintain Exchange data protection on a regular basis.
Given below are ten simple steps to prevent security breaches in Exchange 2010:
Update Operating system and antivirus: always have Exchange running on the latest supported operating system and make sure to upgrade it with the latest service pack and hotfix. Make sure to have the updated version of antivirus as well.
Update Exchange Server: Microsoft regularly releases updated service packs and rollups. Some of features like updates or changes are the security rollups that fix some of the vulnerabilities and threats on the Exchange server.
Regularly run Exchange Best Practices Analyzer: use it for Active Directory, Exchange, Registry and Performance Monitor. It helps get detailed reports and recommendations of settings application to secure the environment from most threats and attacks.
Attachment filtering: most of the spamming and phishing e-mails contains attachments with malware which can cause impact on the users and the organization. Block these attachments (.zip, .rar, .bat, .exe etc.) and apply a policy defining which action has to be performed on the blocked attachments.
Implement Kerberos authentication: Exchange servers can be configured with NTLM or Kerberos for client authentication. An NTLM can be less secured than Kerberos and it also applies excessive load on the Client Access Servers in the authentication process. On the other hand, Kerberos protocol is more secured and can provide a swift authentication process with less burden on the Client Access Server. One can also implement dual factor authentication where users have to use additional authentication by providing a digital token number or a pin number.
Use a Commercial CA certificate: users access e-mail from various clients like remote / home computers or mobile devices and it’s important to make sure you have them encrypted. Self-signed certificates which get created by default are not trusted by external clients and mobile devices. There are various types of certificates available, such as Subject Alternative Name (SAN) / Unified Communication (UC) Certificate, Wildcard Certificate etc. A SAN certificate is recommended, while a Wild Card certificate might be easier to implement but has some constraints in use.
Apply Role-Based Access Control (RBAC) Permission: it is a new permissions model in the latest version of Exchange, which allows providing more granular permission to the administrator. It only provides access to the team or to those users who need to perform. This device protects the Exchange environment from any accidental deleting or modification.
Avoid Open Relay Configuration: Exchange servers can be configured to accept and relay e-mails for various applications and systems. Make sure to configure application server to authentication with Exchange server before relaying emails. One can also enable Transport Layer Security (TLS) authentication to secure the communication.
Digitally sign and encrypt messages: Data leak is another biggest threat which can cause damage to any organization. Use S/MIME to digitally sign outgoing e-mails using the certificate on the local client machines. This method can help the message to be encrypted during the transmission until it has reached the target mailbox and thus can provide end-to-end security.
Enable and Monitor the Exchange environment: Enable and monitor user mailbox activity and Exchange environment. Exchange logs any events / actions performed in the environment. Monitoring these logs helps keep a tab on the environment and protects it from abnormal activities or security threats.
Protecting Exchange data is very important, because vulnerabilities can cause a huge damage. Also, the latest version of Exchange offers some good inbuilt security features to audit and report any kind of breaches in the organization and also has anti-malware and anti-spam capabilities. It is highly recommended to use a change auditing solution which keeps track of all changes made to Exchange server allowing to react to a possible incident just in time.
You can also learn about “Ten Simple Ways to Prevent Security Breaches in Active Directory” in one of the previous articles.
