Exchange servers are vulnerable - how to secure your server?

clock • 4 min read

Follow these essential tips and solutions to protect your Exchange server

Although Microsoft releases regular updates to patch vulnerabilities, Exchange servers are still vulnerable. Cybercriminals can exploit Exchange server vulnerabilities and steal critical data or hack the entire server, putting your critical business data at risk. A recent example of this is the ransomware attack by a threat group, referred to as Hafnium that reportedly put more than 400,000 unpatched servers at risk. By the time Microsoft identified the vulnerabilities and released multiple security updates for the Exchange server to patch the ProxyLogon vulnerabilities, Hafnium had already gained access to more than 30,000 organisations in the USA alone. The threat actors exploited the vulnerabilities to access unpatched on-premises Exchange 2013, 2016 and 2019 servers by deploying web shells and ransomware.

So, how can you secure your server? In this article, we'll be sharing some useful tips and solutions to protect Exchange servers against such attacks and risks.                        

Tips to Secure Exchange Server

Below are a few tips and solutions that can help you secure your Exchange server and protect confidential information from malicious attacks and other risks.

1. Install updates

Microsoft Exchange runs on Windows Server OS. Therefore, it is critical to install the latest Windows Server updates to patch vulnerabilities and safeguard the server against malicious attacks. Similarly, it is important to update the software installed on the server. Refer to Microsoft Exchange Vulnerability Flaws and their Fixes to stay updated on new Microsoft Exchange Server vulnerabilities and updates.

2. Analyse and review server security

It's highly advisable to periodically check and review server security. You can use Microsoft tools for this, such as Exchange Best Practices Analyser (EBPA), Microsoft Baseline Security Analyser (MBSA), Security Configuration Wizard (SCW) and Security Compliance Manager (SCM). These tools can help you identify risks and enhance server security.

3. Implement 2FA/MFA for OWA

OWA or Outlook Web Access is an Exchange feature that allows Outlook users to access their mailbox via a web browser, thus running on the internet openly - and users only require a username and password to access their mailbox data. This means malicious actors can easily exploit OWA to gain unauthorised access to a user's inbox. Hackers can steal the credentials through phishing attacks or gain access to a mailbox using brute-force tools. Organisations where employees use weak passwords or reuse the same passwords for other websites are more vulnerable to such attacks. However, you can prevent malicious actors from logging into OWA by enabling two-factor or multi-factor authentication (2FA/MFA).

4. Enable Windows Firewall

When you install Exchange server, the Exchange setup automatically adds rules to the Windows Firewall. Thus, you should never disable Windows Firewall on Exchange server, as it could be dangerous. You may find advice to disable Windows Firewall and solely rely on the network firewall in many blogs and articles on the web. However, it can put your Exchange server at great risk.

5. Ensure SSL for external services

You can use the internal SSL certificate or obtain one from the external Certificate Authority (CA) for external services, such as OWA, ActiveSync, Outlook Anywhere, etc. It protects your server from imposters and ensures the information transmitted from the server is encrypted and can't be traced or intercepted by malicious actors. Even if the attacker intercepts the information, it would be non-readable and require a decryption key.

6. Take regular backups

Backups are critical and come in handy when the server crashes or the database gets corrupt or damaged due to malicious attacks. In Exchange, you can create Volume Shadow Copy Service-based (VSS) Exchange database backups using Windows Server Backup (WSB). However, you should always back up at the volume level that contains both database and logs, preferably at a network location. Besides, to ensure that backup works when required, you must verify the backup and label it correctly to avoid discrepancies.

7. Use Exchange recovery software

Although backups are reliable, they may get damaged or fail to restore data. In such cases, an Exchange recovery software, such as Stellar Repair for Exchange, comes in handy. The software can help extract mailboxes from damaged database (.edb) files in the event of server failure or breakdown after a malicious attack. It can also export mailboxes directly to a live Exchange server or Office 365 and restore mailbox connectivity. 

Last Thoughts

If your organisation is running an on-premises Exchange server version, you can follow the tips and solutions discussed in this article to secure your Exchange server and information from malicious attacks. You must install the latest updates released by Microsoft to patch ProxyLogon vulnerabilities. You can use the Exchange On-premises Mitigation Tool (EOMT) to mitigate the risks and patch Exchange vulnerabilities. Besides, you can keep an Exchange recovery tool in hand that can help you in quickly recovering your Exchange server, in case any disaster happens.

Related Topics

You may also like
Microsoft injects $1.5 billion into UAE's G42

Artificial Intelligence

Microsoft injects $1.5 billion into UAE's G42

Reported 'behind-the-scenes deals' to ensure G42 removed some Chinese tech

clock 18 April 2024 • 2 min read
Microsoft Dynamics 365 prices set to rise

Business Software

Microsoft Dynamics 365 prices set to rise

Some prices will increase by as much as 17%

clock 15 April 2024 • 2 min read
IT Essentials: Baiting the hook

Careers and Skills

IT Essentials: Baiting the hook

Big Tech is chumming the talent pool. You need to change your bait

clock 15 April 2024 • 2 min read

Sign up to our newsletter

The best news, stories, features and photos from the day in one perfectly formed email.

Get the newsletter

More on Security

Met police disrupt LabHost scam-as-a-service website
Security

Met police disrupt LabHost scam-as-a-service website

Dozens arrested globally and thousands sent warnings

Penny Horwood
Penny Horwood
clock 18 April 2024 • 3 min read
Last chance to register for Cybersecurity Festival 2024
Security

Last chance to register for Cybersecurity Festival 2024

Book your free place today

Computing Staff
clock 18 April 2024 • 2 min read
Interview: Illumio, Security Excellence Awards finalist
Security

Interview: Illumio, Security Excellence Awards finalist

'We are one team, delivering one platform, on one mission to ensure that organisations can realise a future without any high-profile breaches'

Computing Staff
clock 17 April 2024 • 5 min read