Exchange servers are vulnerable - how to secure your server?

clock • 4 min read

Follow these essential tips and solutions to protect your Exchange server

Although Microsoft releases regular updates to patch vulnerabilities, Exchange servers are still vulnerable. Cybercriminals can exploit Exchange server vulnerabilities and steal critical data or hack the entire server, putting your critical business data at risk. A recent example of this is the ransomware attack by a threat group, referred to as Hafnium that reportedly put more than 400,000 unpatched servers at risk. By the time Microsoft identified the vulnerabilities and released multiple security updates for the Exchange server to patch the ProxyLogon vulnerabilities, Hafnium had already gained access to more than 30,000 organisations in the USA alone. The threat actors exploited the vulnerabilities to access unpatched on-premises Exchange 2013, 2016 and 2019 servers by deploying web shells and ransomware.

So, how can you secure your server? In this article, we'll be sharing some useful tips and solutions to protect Exchange servers against such attacks and risks.                        

Tips to Secure Exchange Server

Below are a few tips and solutions that can help you secure your Exchange server and protect confidential information from malicious attacks and other risks.

1. Install updates

Microsoft Exchange runs on Windows Server OS. Therefore, it is critical to install the latest Windows Server updates to patch vulnerabilities and safeguard the server against malicious attacks. Similarly, it is important to update the software installed on the server. Refer to Microsoft Exchange Vulnerability Flaws and their Fixes to stay updated on new Microsoft Exchange Server vulnerabilities and updates.

2. Analyse and review server security

It's highly advisable to periodically check and review server security. You can use Microsoft tools for this, such as Exchange Best Practices Analyser (EBPA), Microsoft Baseline Security Analyser (MBSA), Security Configuration Wizard (SCW) and Security Compliance Manager (SCM). These tools can help you identify risks and enhance server security.

3. Implement 2FA/MFA for OWA

OWA or Outlook Web Access is an Exchange feature that allows Outlook users to access their mailbox via a web browser, thus running on the internet openly - and users only require a username and password to access their mailbox data. This means malicious actors can easily exploit OWA to gain unauthorised access to a user's inbox. Hackers can steal the credentials through phishing attacks or gain access to a mailbox using brute-force tools. Organisations where employees use weak passwords or reuse the same passwords for other websites are more vulnerable to such attacks. However, you can prevent malicious actors from logging into OWA by enabling two-factor or multi-factor authentication (2FA/MFA).

4. Enable Windows Firewall

When you install Exchange server, the Exchange setup automatically adds rules to the Windows Firewall. Thus, you should never disable Windows Firewall on Exchange server, as it could be dangerous. You may find advice to disable Windows Firewall and solely rely on the network firewall in many blogs and articles on the web. However, it can put your Exchange server at great risk.

5. Ensure SSL for external services

You can use the internal SSL certificate or obtain one from the external Certificate Authority (CA) for external services, such as OWA, ActiveSync, Outlook Anywhere, etc. It protects your server from imposters and ensures the information transmitted from the server is encrypted and can't be traced or intercepted by malicious actors. Even if the attacker intercepts the information, it would be non-readable and require a decryption key.

6. Take regular backups

Backups are critical and come in handy when the server crashes or the database gets corrupt or damaged due to malicious attacks. In Exchange, you can create Volume Shadow Copy Service-based (VSS) Exchange database backups using Windows Server Backup (WSB). However, you should always back up at the volume level that contains both database and logs, preferably at a network location. Besides, to ensure that backup works when required, you must verify the backup and label it correctly to avoid discrepancies.

7. Use Exchange recovery software

Although backups are reliable, they may get damaged or fail to restore data. In such cases, an Exchange recovery software, such as Stellar Repair for Exchange, comes in handy. The software can help extract mailboxes from damaged database (.edb) files in the event of server failure or breakdown after a malicious attack. It can also export mailboxes directly to a live Exchange server or Office 365 and restore mailbox connectivity. 

Last Thoughts

If your organisation is running an on-premises Exchange server version, you can follow the tips and solutions discussed in this article to secure your Exchange server and information from malicious attacks. You must install the latest updates released by Microsoft to patch ProxyLogon vulnerabilities. You can use the Exchange On-premises Mitigation Tool (EOMT) to mitigate the risks and patch Exchange vulnerabilities. Besides, you can keep an Exchange recovery tool in hand that can help you in quickly recovering your Exchange server, in case any disaster happens.

Related Topics

You may also like
Microsoft: last year we tracked 200 major threat actors, now it's 300

Security

Microsoft: last year we tracked 200 major threat actors, now it's 300

Microsoft chief security adviser Sarah Armstrong Jones calls for more collaboration on AI and security

clock 07 May 2024 • 2 min read
Microsoft vows to overhaul security, tie executive pay to performance after string of breaches

Security

Microsoft vows to overhaul security, tie executive pay to performance after string of breaches

'We are making security our top priority at Microsoft'

clock 07 May 2024 • 3 min read
Vanta: Cybersecurity spend should be 30% of the IT budget

Security

Vanta: Cybersecurity spend should be 30% of the IT budget

Currently it's 9% in the UK

clock 03 May 2024 • 4 min read
Most read
01

'TunnelVision' bug potentially allows snooping on all VPNs

08 May 2024 • 3 min read
02

LockBit leader unmasked

08 May 2024 • 3 min read
03

IT glitch takes passports gates offline across the UK

08 May 2024 • 2 min read
04

IT Essentials: A cyber staycation

07 May 2024 • 3 min read
05

Tech firms must 'tame' algorithms as part of new child safety code

08 May 2024 • 4 min read

Sign up to our newsletter

The best news, stories, features and photos from the day in one perfectly formed email.

Get the newsletter

More on Security

IT Essentials: A cyber staycation
Security

IT Essentials: A cyber staycation

The UK made headlines in security news

Tom Allen
Tom Allen
clock 07 May 2024 • 3 min read
Microsoft: last year we tracked 200 major threat actors, now it's 300
Security

Microsoft: last year we tracked 200 major threat actors, now it's 300

Microsoft chief security adviser Sarah Armstrong Jones calls for more collaboration on AI and security

John Leonard
John Leonard
clock 07 May 2024 • 2 min read
Microsoft vows to overhaul security, tie executive pay to performance after string of breaches
Security

Microsoft vows to overhaul security, tie executive pay to performance after string of breaches

'We are making security our top priority at Microsoft'

Dev Kundaliya
clock 07 May 2024 • 3 min read