Home > Others

Protect Exchange OWA from violence * * *

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

There are multiple vulnerabilities in the e-mail server, and in this article we will discuss how to protect Exchange OWA from violence * * *.

We know that the authentication of Exchange OWA is through active Directory. With active Directory, we can protect authentication. Even if users are locked in Active Directory, they can still access their e-mail messages. That is, the user is authenticated on OWA. This shows us the vulnerability of brute-force*** for Exchange OWA logins. Anyone can enter a random password at the same time without locking. So there's a problem with how we protect our OWA.

Solution:
Step 1: Maintain password policies from Active Directory domain controllers
To protect OWA from violence, we need to manage password policies on Active Directory.

PS C:\> Get-ADDefaultDomainPasswordPolicyComplexityEnabled           : TrueDistinguishedName           : DC=test,DC=localLockoutDuration             : 00:30:00LockoutObservationWindow    : 00:30:00LockoutThreshold            : 0MaxPasswordAge              : 42.00:00:00MinPasswordAge              : 1.00:00:00MinPasswordLength           : 7objectClass                 : {domainDNS}objectGuid                  : b373b1c1-28c2-497b-b388-654a408a69b3PasswordHistoryCount        : 24ReversibleEncryptionEnabled : False

To manage this policy, we only need to configure it from Group Policy.

Step 2: Configure Caching for IIS authentication
After you configure the password policy, the next step is to configure the cache for IIS authentication. As mentioned earlier, even if users are locked out on Active Directory, they can still access the OWA Portal. So to stop it, we need to reduce the caching of IIS Web sites. To reduce the cache, we need to do the following.

Open regedit on the Exchange CAS server.
Go to HKLM \ SYSTEM \ currentcontrolset \ Services \ InetInfo \ Parameters
Create a REG_DWORD named Usertokenttl and set a value of 30 (which means that the cache is only kept for 30 seconds).

Now, if the user enters the wrong password. Users will not be able to log on to their OWA or authenticate until the administrator unlocks the account.

Hopefully this will help you avoid violence.

Protect Exchange OWA from violence * * *

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
exchange server owa exchange charter business net owa login protect wifi from hackers how to protect from stalker how to protect from keyloggers how to protect from cyberbullying protect wordpress from brute force

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More