Improving security on Exchange 2010 / Windows 2008 R2 server

As part of an effort to secure the corporate infrastructure I recently ran the ssllabs.com test against a public facing Microsoft Exchange 2010 server running on Windows 2008 R2.

If you have your own exchange server (or any server with an SSL certificate) you can run that same test here for free.

https://www.ssllabs.com/ssltest/

My fully patched but otherwise unhardened server scored a C.

It turns out (rightly so) they take a dim view on the lack of support for TLS 1.2 as well as the ability to use the old RC4.

So I started googling. There are some links right there on the website where you get your report

First I needed to enable TLS 1.2. I found several sites that had step by step directions. Here is one.

https://support.quovadisglobal.com/kb/a433/how-to-enable-tls-1_2-on-windows-server-2008-r2.aspx

And here is another

http://tecadmin.net/enable-tls-on-windows-server-and-iis/

Then to disable the old RC4 ciphers I found this Microsoft Technet blog article

https://blogs.technet.microsoft.com/srd/2013/11/12/security-advisory-2868725-recommendation-to-disable-rc4/

and here is another, where the author has saved the necessary regedits in a file for you already

https://samrueby.com/2015/06/08/how-to-disable-sslv3-and-rc4-ciphers-in-iis/

All that was left was to reboot the server so these changes would take effect. Once that was done, I re-ran the test and found that I had cleared the "errors" and improved my grade from a C to a B.

Now it seems the test doesnt like my DH key exchange size... But I'll have to revisit that later on.

10 comments:

  1. Nice post you have shared here about improving security in windows. If you are looking for networking and its solution either for small or large company, It Support Houston is the best.

    ReplyDelete
    Replies
    1. Great Article. Thank you for sharing! Really an awesome post for every one.

      IEEE Final Year projects Project Centers in Chennai are consistently sought after. Final Year Students Projects take a shot at them to improve their aptitudes, while specialists like the enjoyment in interfering with innovation. For experts, it's an alternate ball game through and through. Smaller than expected IEEE Final Year project centers ground for all fragments of CSE & IT engineers hoping to assemble. Final Year Project Domains for IT It gives you tips and rules that is progressively critical to consider while choosing any final year project point.

      Spring Framework has already made serious inroads as an integrated technology stack for building user-facing applications. Spring Framework Corporate TRaining the authors explore the idea of using Java in Big Data platforms.
      Specifically, Spring Framework provides various tasks are geared around preparing data for further analysis and visualization. Spring Training in Chennai

      Delete
  2. Great post you have shared here about windows security. As we have many sensitive and confidential data so it is necessary to secure the data.Security Monitoring Maryland provides various securities like network security, physical security, etc.

    ReplyDelete
  3. Have you ever focused so strongly on the symptoms or side-effects of a problem that you never actually recognize the problem? https://iturbu.com

    ReplyDelete
  4. Finally, the vast majority of the understudies who settle on online schools and colleges websitedon't get grants and understudy credits from the state.

    ReplyDelete
  5. You can believe them to give you abundant instructive bundles in good essays reference to the courses accessible, as inquiring about the education is their main role.

    ReplyDelete
  6. This comment has been removed by the author.

    ReplyDelete
  7. We can say then that online learning education is for grown adults who are at home raising children,MURANG'A UNIVERSITY OF TECHNOLOGY or already have one job and wish to learn more, or people with special circumstances that make it difficult for them to leave the house on a regular basis.

    ReplyDelete
  8. In your blog I was happy to see your article, better than last time, and have made great progress, birla vidya niketan nursery admission I am very pleased. I am looking forward to your article will become better and better.

    ReplyDelete

  9. Thanks For sharing this Superb article.I use this Article topatparganj ip extension show my assignment in college.it is useful For me Great Work

    ReplyDelete