Many organizations still rely on Microsoft Exchange Server for their email needs, even though cloud options are popular. But keeping these servers secure is a challenge. Cyber agencies from the US, Canada, and Australia have shared best practices to protect on-site Exchange servers from cyberattacks. The goal is to make it harder for hackers to find weaknesses and to prevent data breaches.

Why Exchange Servers Are Still a Target

Even though many companies are moving to cloud email services, some still run on-premises Exchange servers. Reasons include budget constraints or a desire for more control over their data. But old or misconfigured Exchange servers are prime targets for hackers. Germany’s cyber security office says nine out of ten Exchange servers in their country are outdated. This makes them vulnerable to attacks, like the high-profile one in January 2021, where hackers exploited four zero-day vulnerabilities. That attack affected around 30,000 US customers and 250,000 worldwide.

What the Cyber Agencies Recommend

The US Cybersecurity and Infrastructure Security Agency (CISA), along with Australian and Canadian experts, emphasizes that many servers are still at risk. They advise organizations to focus on strengthening user authentication, encrypting network traffic, and reducing the attack surface. These steps help prevent unauthorized access and limit what hackers can do if they do get in.

CISA points out that keeping Exchange servers up to date is the most effective way to block exploits. Microsoft’s supported version is the Subscription Edition, which is the only on-premises version still receiving updates. They also recommend enabling Microsoft’s Emergency Mitigation Service for quick response to emerging threats.

Setting a security baseline is key. This means establishing standard configurations for Exchange, mail clients, and Windows itself. Regularly checking that these settings are correct helps catch vulnerabilities early. Turning on built-in protections like Microsoft Defender Antivirus and AppLocker, which controls what programs can run, adds extra layers of security.

Access controls are crucial. Only dedicated, authorized workstations should be used to manage Exchange servers, especially for remote tasks like PowerShell. Authentication should be hardened by using TLS encryption and NTLM configurations properly. Also, enabling HTTP Strict Transport Security (HSTS) ensures web connections are encrypted with HTTPS, making it harder for hackers to intercept data.

Challenges in Securing Exchange Servers

Configuring security settings can be complex, especially in shared or cloud-hosted environments where a third-party manages the server. Patches and updates can sometimes reset security configurations, so administrators need to verify settings after each update. Regular reviews—at least quarterly—are recommended to make sure everything remains secure.

Robert Beggs, head of digital security firm DigitalDefence in Canada, calls these guidelines long overdue. He notes that Exchange servers are very attractive targets because they often store sensitive information, including emails and passwords. Yet, many servers lack basic security controls, logging, or antivirus protection because admins fear these measures might disrupt email delivery.

Beggs emphasizes that security must be a priority for all servers, including Exchange. It’s essential to treat them like any other part of the network that can be exploited. Regularly applying patches, verifying configurations, and monitoring for suspicious activity are key steps in defending against cyber threats.

In summary, despite the shift to cloud email services, many organizations still depend on on-premises Exchange servers. Following these best practices can significantly reduce the risk of costly cyberattacks. Keeping systems updated, enforcing strict access controls, and maintaining proper security configurations are vital for protecting sensitive data and maintaining trust.

Inspired by

• https://www.computerworld.com/article/4082768/cyber-agencies-produce-long-overdue-best-practices-for-securing-microsoft-exchange-server-2.html

Sources

• gmpg.org
• csoonline.com
• csoonline.com
• ptsecurity.com
• csoonline.com