Recently, there have been various reasons why people are trying to attack different aspects of Exchange. When we talk about “Exchange,” we usually think of the on-site server, but there are also vulnerabilities in Microsoft 365. However, Exchange is more than just email, and Exchange security is critical in protecting your business and IT infrastructure.
In this blog, we’ll cover these issues by exploring common methods to safeguard email, and then explore lesser-known areas that also need protection.
Exchange Security Unveiled
Many claim their Exchange setup is safe by mentioning measures like antivirus, Proofpoint, Mimecast, or being on Microsoft 365. However, securing Exchange involves more than just email. Simply relying on these measures alone won’t cover all critical aspects, such as safeguarding your organization’s image regarding outbound messages, detecting potential credential theft by malicious actors, and preventing unauthorized access to data stored in Exchange.
Here we will cover several areas to consider when it comes to protecting your entire email organization, and how they relate to implementing a Layered Security Strategy for your business and IT infrastructure.
Download Our Layered Security Strategy Whitepaper
Multi-Factor Authentication (MFA)
One of the top priorities is safeguarding user logins and authentication. There are various approaches, like using a strong and complex password, having a very long password, changing passwords frequently, or not changing them at all, to name a few. However, for both Microsoft 365 and on-premises setups, we strongly recommend implementing Multi-Factor Authentication (MFA). MFA significantly reduces the risks associated with accidental credential exposure or brute force attacks.
MFA involves using more than one method to verify a user’s identity. For instance, in addition to a password, users might need to confirm their login via a mobile app like Microsoft Authenticator, FortiToken, Duo, Okta, or similar solutions. These options are effective, but it’s essential to note that not all of them fully secure Exchange Outlook Web App (OWA), Outlook, and ActiveSync for on-premises systems.
In the case of on-premises Exchange, we’ve found that DualShield by Deepnet Security fills this gap, providing comprehensive protection for all three aspects—OWA, Outlook, and ActiveSync—where other solutions may fall short.
Email/Spam Filtering
Another critical aspect is controlling the messages that enter our system to ensure we only receive what we want. Microsoft, Proofpoint, and Mimecast excel in this by effectively filtering out viruses and junk email, keeping our inboxes clean. Personally, I recommend utilizing a third-party service to scan messages before they reach your organization.
Here’s how it works: when someone sends an email, services like Proofpoint scan it, check for spam, and then deliver it to you. If your mailbox is in Microsoft 365, the email undergoes another scan before landing in your mailbox, providing an extra layer of security.
Speaking of spam filters, it’s crucial to ensure your messages aren’t mistakenly blocked by other spam filters. In the past, adding a SPF record sufficed, but now, newer technologies like DKIM and DMARC DNS records are highly recommended. Although there are other options, DKIM and DMARC are becoming standard. Some people might think they don’t need DKIM or DMARC because their emails are being received fine, but having these records is vital. They not only enhance email security but also safeguard your organization’s reputation by preventing malicious actors from impersonating your domain and sending fraudulent emails.
Modern spam filters can utilize information from failed SPF and DKIM checks, generating reports based on your DMARC record. Implementing these measures helps demonstrate that you’re taking proactive steps to ensure the emails recipients receive truly originate from your organization. Microsoft 365 and Proofpoint offer DKIM support. Additionally, there are several reliable on-premises solutions for DKIM, some of which are free.
Domain Spoofing
I’ve come across domain spoofing quite frequently. It’s when an email appears to come from CEO@compamy.com instead of the correct address CEO@company.com.
Did you spot the difference in the domains?
These subtle alterations can be hard to catch, and they can lead to significant problems. To minimize this risk, it’s a good idea to buy domains that are similar to yours in name. Also, consider acquiring domains with endings like .US, .EU, or .UK to further protect against spoofing attempts.
Domain spoofing can cause issues for both people inside and outside your organization. Often, these misleading emails involve incorrect bank routing numbers, leading to potentially serious problems. To tackle this, it’s wise to acquire similar domain names and configure SPF and DMARC records for them. These records clearly state that these domains don’t send emails, allowing spam filters to delete messages from these domains if detected. If your DMARC setup specifies where to send reports, you can trace the origins of these emails. We’ll delve into DNS intricacies in more detail in part two.
To help us categorize this information, we can reference the table below:
In essence, Exchange security is crucial for email protection and data integrity. A layered security approach, including MFA, robust email filtering, and DNS record implementation, is essential. Addressing domain spoofing is vital, mitigating risks by acquiring similar domains and configuring SPF and DMARC records. Stay tuned for part two for deeper insights into DNS intricacies.