An exchange server is now an integral part of business corporations. It supports data storage, electronic mail, mobile and web-based access to information, calendaring and tasks. In short, it can be labeled as a high-tech core of an organization. Microsoft Exchange service accounts pose a high security risk. The Exchange service is a favorite target of hackers in an attempt to compromise corporate systems.
There are measures that your technical staff can apply to make your Microsoft Exchange service account secure.
- Your IT person should be able to configure the entire security requirement suited to your needs. For added security, there should be limited access to your Microsoft Exchange server location and the exchange server itself is kept under lock and key.
- The main reason why this is a security risk is because users do not normally change their passwords. A service account also has more privileges than administrator account. Users long gone from the company may still be able to login and access the service account.
- A solution is to change the service account password into something that is difficult to remember. It is advisable that you use a long password with a combination of upper and lower case letters and numbers. Another option is to change the password monthly. Just make sure that you have a master list of the passwords and the locations where they are used. Avoid setting the password to expire automatically to prevent access problems.
- You need to install a firewall to secure your server. The firewall should be configured to pass only the ports that your company needs require. A firewall is particularly needed for secure email retrievals.
- Use a combination of firewall and Secure Socket Layer (SSL) to limit information leakage. The SSL is a protocol developed for private document transmission through the Internet. It is generally used to protect emails, corporate data and your personal information when you use your credit card when buying online. The SSL protects your information through data encryption into an unreadable format.
- Have your IT person assign account policies and strictly enforce them. Grant limited access to select personnel. Require account users to immediately change their password as soon as they receive their permission to use the Exchange system. The account comes with a temporary password assigned by the administrator. This is prerequisite to test that the account works.
- Your exchange can store e-mail, process client requests and receive email. The Post Office Protocol 3 (POP3) provides your exchange clients with mailboxes and allows them to retrieve their email from the server. The risk here is that even unauthorized individuals can access and retrieve user login and passwords. To secure mail servers from unauthorized access, make sure that during set-up the Secure Password Authentication (SPA) box is ticked. Install a firewall before you connect the mail server to the Internet and use the latest version of the IP Security Protocol. Furthermore, configure the mail server to allow only encrypted passwords. Also consider enabling the auditing feature in your exchange to monitor email activity
As more and more people get tech-savvy, the threat to Internet and information security escalates. Exchange servers are particularly attractive to hacking for corporate espionage and other malicious intent. Keeping abreast of the latest security threats and updating your security procedures and systems are your best counter-attack measures.