Securing the workplace from online threats and hackers looking for vulnerabilities is a critical task that administrators must do to keep the organization and data safe. Bharat Bhushan, Business Manager at Stellar Data Recovery, shares ten best practices that can ease your task of securing an Exchange Server.
Cyberattacks on Microsoft Exchange servers are not new. We all witnessed the infamous Hafnium attack last year that compromised over 30,000 Exchange Servers across the globe. Post Hafnium, many other state-sponsored and financially motivated threat actors began attacking Exchange Servers with ‘proxy’ (authentication bypass) RCE vulnerabilities to infiltrate the organization network and steal or encrypt confidential business data for ransom.
Although Microsoft regularly releases hotfixes and updates to patch various known and unknown threats and vulnerabilities, it is also essential for administrators to further harden the server security. The Exchange messaging systems are also vulnerable to social engineering attacks, such as phishing, spoofing, and spamming. Let’s take a look at ways to improve your security stance.
10 Best Practices to Protect Exchange Servers
Following are the top ten security practices to protect your Exchange Servers and organization from various threats and cyberattacks.
1. Install exchange server updates
Exchange Server vulnerabilities open new doors for threat actors who can exploit them to compromise your organizations’ network. However, by installing cumulative exchange updates as they arrive, you can patch the vulnerabilities and secure your server from these attackers.
According to the Shodan report, more than 60,000 Exchange Servers are still unpatched and exposed to the internet with RCE vulnerabilities. Updating Exchange Server and the Windows Server OS and other add-ins and software that you use is the most critical part of securing your organization and servers from various threats and cyberattacks.
If you delay updating your server, you risk your server and data as more threat actors become active soon after Microsoft’s update and look for unpatched servers to attack.
2. Inform and educate users
Your employees or users could be your strongest or weakest point when it comes to securing the organization from online attacks or data theft. For example, employees leaving their laptops unattended, using public hotspots for work, storing sensitive information unencrypted on system hard drive, using weak passwords or reusing the same password are practices that provide attackers with opportunities to infiltrate your organizations’ network and compromise Exchange Servers.
Thus, it’s critical to educate and train the workforce in your organization about cyber security threats and their impact on the organization. Besides, you must implement policies and rules for internet browsing, social networks, email, and mobile devices.
3. Deploy exchange-aware security software
Viruses and malware can also infect your Exchange messaging system. Most of these come from unsolicited or spam emails. While Exchange Servers have a built-in Windows Defender tool with anti-virus and malware protection, you may also install third-party Exchange-aware security software on your Exchange Server to proactively scan the incoming and outgoing emails for viruses, malware, malicious links, attachments, and other threats.
4. Enable Kerberos authentication
By default, Microsoft Exchange Server connects with Outlook clients over NTLM authentication protocol, which is less secure when compared to Kerberos authentication. NTLM is challenge-response based, while Kerberos uses ticket-based authentication, which is used by Windows computers and involves Active Directory. Moreover, NTLM authentication is slow and puts more load on the server. By enabling the Kerberos authentication protocol, you can further strengthen the server’s security.
5. Strong passwords
Using a weak password, such as yourname@123 or a password at your work that has been used multiple times on various other websites and social media platforms, poses a severe security risk. Such passwords can be easily cracked with brute-force or may leak if the website is breached.
Thus, users need to use a unique and complex password. As an administrator, you can deploy a password policy to force users to create a password with a combination of letters (uppercase + lowercase), numbers, and special characters.
To prevent unauthorized access, the policy should also prevent users from reusing their passwords and encourage them to change their passwords after a certain period, such as 45 or 60 days.
See More: An Ethical Hacker’s Guide to External Attack Surface Management
6. Multi-factor authentication
Besides a strong and complex password, you should also enable multi-factor authentication via one-time password (OTP) or authenticator apps to allow access. This will help prevent unauthorized access to user accounts and mailboxes in Exchange Server even if the password is leaked in a breach or stolen via a phishing attack.
7. VPN for secure remote access
Accessing an organization’s network through open ports could be risky. For example, your passwords or critical information may leak, especially if you try to access the network via a public WLAN network. Thus, you should implement and use a virtual private network (VPN) to secure a connection to the organization’s network to access data or perform any administrative or maintenance task.
8. Enable RBAC for access control
Role-based access control (RBAC) is a permission model used in Exchange Server that you should use to grant permission to administrators and users. For example, you can use RBAC to grant permissions based on tasks and duties.
It’s also important to audit access to check user accounts with administrator privileges. For this, you may grant temporary permissions based on the task and revoke them once the job is done.
9. Use a firewall
You may find several blogs and articles online to disable the firewall if you experience temporary issues with your server. However, doing so can put your organization at a higher risk.
By default, the Exchange Server uses the Windows Defender firewall with advanced security to allow/block traffic to the server. You may also deploy a third-party Exchange-aware firewall application to combat cybersecurity threats.
You should also keep a regular check on the blocklists and allow lists to filter messages from specific IP addresses.
10. Run HealthChecker script
HealthChecker is a PowerShell script by Microsoft that helps review server security and find health issues that can impact the server’s performance. It also detects vulnerabilities on your server, provides relevant links to fix the problems, and downloads the updates to patch the server.
It’s recommended that you run the HealthChecker script regularly. You should also run the script before and after updating the server or performing any task. This ensures the server is patched, healthy, and functional.
See More: Microsoft Exchange Server Hack Shows Why Risk Assessment Is Key to Data Security
Final Thoughts
Besides strengthening the server security, you should also maintain regular verified and labeled backups. These come in handy when the Exchange Server is compromised, and the database gets damaged or crashes after hardware/software failure or a malicious attack. Use Windows Server Backup or any third-party Exchange-aware backup software to create VSS-based backups. A strategy for backup you can follow is the 3-2-1 backup rule with three copies of your data saved on two different media with one copy stored off-site safely for disaster recovery. Additionally, you may also keep an Exchange EDB recovery software handy as it helps you restore mailboxes from corrupt or damaged Exchange database of a failed or compromised Exchange Server when the backup isn’t available, damaged, obsolete, or fails to restore the data.
Are you already deploying any of the best practices listed above to secure your organization? Tell us all about it on LinkedIn, Twitter, or Facebook. We’d love to learn from you!
MORE ON SECURITY VULNERABILITY MANAGEMENT