Recently, the National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), and Canadian Centre for Cyber Security (Cyber Centre) issued guidance outlining security best practices for administrators on hardening on-premises Exchange servers.
The guidance emphasizes that “the threat to Exchange servers remains persistent…and should be considered under imminent threat.” Accordingly, “the authoring agencies strongly encourage organizations to take proactive steps to mitigate risks and prevent malicious activity. The authoring agencies recommend the following prevention and hardening defenses as critical for Exchange servers to mitigate various compromise techniques and protect the sensitive information and communications they manage.”
The recommendations include:
- Maintain security updates and patching cadence
- Migrate end-of-life Exchange servers
- Ensure emergency mitigation service remains enabled
- Apply security baselines
- Enable built-in protections
- Restrict administrative access
- Harden authentication and encryption
- Configure transport layer security
- Configure extended protection
- Configure Kerberos and SMB instead of NTLM
- Configure modern authentication and multifactor authentication
- Configure certificate-based signing of PowerShell serialization
- Configure strict transport security
- Configure download domains
- Use role management and split permissions
- Use P2 FROM header manipulation detection
The guidance is specific and relevant to the importance of updating, hardening, and monitoring Exchange servers to reduce the ongoing risk of cyber-attacks.
[View source.]
