Improving security on Exchange 2010 / Windows 2008 R2 server

As part of an effort to secure the corporate infrastructure I recently ran the ssllabs.com test against a public facing Microsoft Exchange 2010 server running on Windows 2008 R2.

If you have your own exchange server (or any server with an SSL certificate) you can run that same test here for free.

https://www.ssllabs.com/ssltest/

My fully patched but otherwise unhardened server scored a C.

It turns out (rightly so) they take a dim view on the lack of support for TLS 1.2 as well as the ability to use the old RC4.

So I started googling. There are some links right there on the website where you get your report

First I needed to enable TLS 1.2. I found several sites that had step by step directions. Here is one.

https://support.quovadisglobal.com/kb/a433/how-to-enable-tls-1_2-on-windows-server-2008-r2.aspx

And here is another

http://tecadmin.net/enable-tls-on-windows-server-and-iis/

Then to disable the old RC4 ciphers I found this Microsoft Technet blog article

https://blogs.technet.microsoft.com/srd/2013/11/12/security-advisory-2868725-recommendation-to-disable-rc4/

and here is another, where the author has saved the necessary regedits in a file for you already

https://samrueby.com/2015/06/08/how-to-disable-sslv3-and-rc4-ciphers-in-iis/

All that was left was to reboot the server so these changes would take effect. Once that was done, I re-ran the test and found that I had cleared the "errors" and improved my grade from a C to a B.

Now it seems the test doesnt like my DH key exchange size... But I'll have to revisit that later on.

15 comments:

  1. Michael KyleMay 31, 2017 at 5:07 AM

    Nice post you have shared here about improving security in windows. If you are looking for networking and its solution either for small or large company, It Support Houston is the best.

    ReplyDelete
  2. cgctechnologiesMay 31, 2017 at 5:21 AM

    Great post you have shared here about windows security. As we have many sensitive and confidential data so it is necessary to secure the data.Security Monitoring Maryland provides various securities like network security, physical security, etc.

    ReplyDelete
  3. johnSeptember 17, 2017 at 5:33 AM

    Have you ever focused so strongly on the symptoms or side-effects of a problem that you never actually recognize the problem? https://iturbu.com

    ReplyDelete
  4. SjadenSeptember 21, 2017 at 11:42 AM

    Finally, the vast majority of the understudies who settle on online schools and colleges websitedon't get grants and understudy credits from the state.

    ReplyDelete
  5. kevinNovember 12, 2017 at 7:23 AM

    You can believe them to give you abundant instructive bundles in good essays reference to the courses accessible, as inquiring about the education is their main role.

    ReplyDelete
  6. NiclovJune 25, 2018 at 6:01 AM

    This comment has been removed by the author.

    ReplyDelete
  7. ShawnNovember 20, 2018 at 1:54 AM

    We can say then that online learning education is for grown adults who are at home raising children,MURANG'A UNIVERSITY OF TECHNOLOGY or already have one job and wish to learn more, or people with special circumstances that make it difficult for them to leave the house on a regular basis.

    ReplyDelete
  8. logicaldotApril 3, 2019 at 3:15 PM

    In your blog I was happy to see your article, better than last time, and have made great progress, birla vidya niketan nursery admission I am very pleased. I am looking forward to your article will become better and better.

    ReplyDelete
  9. gohar KHAnApril 9, 2019 at 3:57 AM


    Thanks For sharing this Superb article.I use this Article topatparganj ip extension show my assignment in college.it is useful For me Great Work

    ReplyDelete
  10. Telx ComputersNovember 29, 2020 at 11:31 PM

    You have done such a great job by publishing such unique information in this post. I would like to thank you for sharing such great post. Keep sharing. managed it solutions miami.

    ReplyDelete
  11. digitalhtsDecember 16, 2020 at 12:38 AM

    Wow what a great blog, i really enjoyed reading this, good luck in your work. Otherwise anyone wants to learn 3D Max so contact here- +91-9311002620 or visit website- https://www.htsindia.com/Courses/cad-cam-cae/autocad-3ds-max-training-course

    ReplyDelete
  12. HuongkvMarch 23, 2021 at 3:56 AM

    Đặt vé tại phòng vé Aivivu, tham khảo

    vé máy bay từ hàn về Việt Nam

    vé máy bay hải phòng sài gòn vietjet

    vé máy bay cần thơ ra hà nội

    vé máy bay đi đà lạt khứ hồi

    vé máy bay tphcm đi bình định

    ReplyDelete
  13. UnknownMay 31, 2022 at 8:33 AM

    smm panel
    smm panel
    iş ilanları
    instagram takipçi satın al
    hirdavatciburada.com
    beyazesyateknikservisi.com.tr
    servis
    jeton hilesi indir

    ReplyDelete
  14. UnknownJune 2, 2022 at 11:56 PM

    çekmeköy alarko carrier klima servisi
    tuzla bosch klima servisi
    tuzla arçelik klima servisi
    çekmeköy samsung klima servisi
    ataşehir samsung klima servisi
    çekmeköy mitsubishi klima servisi
    ataşehir mitsubishi klima servisi
    beykoz arçelik klima servisi
    üsküdar arçelik klima servisi

    ReplyDelete
  15. DannyNovember 7, 2022 at 5:47 AM

    You will be satisfied with purchasing a prepaid international SIM card. International IoT SIM card is one of the best to adopt for your personal business number.

    ReplyDelete

Subscribe to: Post Comments (Atom)