Improving security on Exchange 2010 / Windows 2008 R2 server

As part of an effort to secure the corporate infrastructure I recently ran the ssllabs.com test against a public facing Microsoft Exchange 2010 server running on Windows 2008 R2.

If you have your own exchange server (or any server with an SSL certificate) you can run that same test here for free.

https://www.ssllabs.com/ssltest/

My fully patched but otherwise unhardened server scored a C.

It turns out (rightly so) they take a dim view on the lack of support for TLS 1.2 as well as the ability to use the old RC4.

So I started googling. There are some links right there on the website where you get your report

First I needed to enable TLS 1.2. I found several sites that had step by step directions. Here is one.

https://support.quovadisglobal.com/kb/a433/how-to-enable-tls-1_2-on-windows-server-2008-r2.aspx

And here is another

http://tecadmin.net/enable-tls-on-windows-server-and-iis/

Then to disable the old RC4 ciphers I found this Microsoft Technet blog article

https://blogs.technet.microsoft.com/srd/2013/11/12/security-advisory-2868725-recommendation-to-disable-rc4/

and here is another, where the author has saved the necessary regedits in a file for you already

https://samrueby.com/2015/06/08/how-to-disable-sslv3-and-rc4-ciphers-in-iis/

All that was left was to reboot the server so these changes would take effect. Once that was done, I re-ran the test and found that I had cleared the "errors" and improved my grade from a C to a B.

Now it seems the test doesnt like my DH key exchange size... But I'll have to revisit that later on.

15 comments:

  1. Nice post you have shared here about improving security in windows. If you are looking for networking and its solution either for small or large company, It Support Houston is the best.

    ReplyDelete
  2. Great post you have shared here about windows security. As we have many sensitive and confidential data so it is necessary to secure the data.Security Monitoring Maryland provides various securities like network security, physical security, etc.

    ReplyDelete
  3. Have you ever focused so strongly on the symptoms or side-effects of a problem that you never actually recognize the problem? https://iturbu.com

    ReplyDelete
  4. Finally, the vast majority of the understudies who settle on online schools and colleges websitedon't get grants and understudy credits from the state.

    ReplyDelete
  5. You can believe them to give you abundant instructive bundles in good essays reference to the courses accessible, as inquiring about the education is their main role.

    ReplyDelete
  6. This comment has been removed by the author.

    ReplyDelete
  7. We can say then that online learning education is for grown adults who are at home raising children,MURANG'A UNIVERSITY OF TECHNOLOGY or already have one job and wish to learn more, or people with special circumstances that make it difficult for them to leave the house on a regular basis.

    ReplyDelete
  8. In your blog I was happy to see your article, better than last time, and have made great progress, birla vidya niketan nursery admission I am very pleased. I am looking forward to your article will become better and better.

    ReplyDelete

  9. Thanks For sharing this Superb article.I use this Article topatparganj ip extension show my assignment in college.it is useful For me Great Work

    ReplyDelete
  10. You have done such a great job by publishing such unique information in this post. I would like to thank you for sharing such great post. Keep sharing. managed it solutions miami.

    ReplyDelete
  11. Wow what a great blog, i really enjoyed reading this, good luck in your work. Otherwise anyone wants to learn 3D Max so contact here- +91-9311002620 or visit website- https://www.htsindia.com/Courses/cad-cam-cae/autocad-3ds-max-training-course

    ReplyDelete
  12. You will be satisfied with purchasing a prepaid international SIM card. International IoT SIM card is one of the best to adopt for your personal business number.

    ReplyDelete