Problem solve Get help with specific problems with your technologies, process and projects.

Securing Exchange mailboxes from internal attacks

Learn important steps to securing your Microsoft Exchange mailboxes from internal password guessing attempts and dictionary attacks.

How do I secure Exchange 2000 from internal attacks from valid users who might plan to check others' mailboxes? Can password guessing attempts be traced to exact computer names, even if the password is tried against the Exchange login?
This is a great security question. If you have a small network environment, this will actually be pretty easy to do. If you have a more complex internal network that also allows wireless access, it may be a bit more difficult.

It is fairly easy to log the source IP address of a connection with network sniffing devices and the logs that are available on managed switches. Windows servers can be configured to audit object access so you can see when logon attempts occur.

You should set your password policies in the domain to lock accounts after a certain number of attempts. I recommend three attempts as a threshold. You should also configure the policy to reset the account after 15 minutes (less administrative overhead). This is the best practice for protecting yourself from dictionary attacks and password guessing.

Password guessing/dictionary attacks are really just one of many security issues you face as a Microsoft Exchange administrator. If you are very serious about protecting your Exchange servers from internal attacks, you might want to consider using an ISA server to control even internal access. ISA includes built-in intrusion detection settings that could also be beneficial to you.

For bonus reading, search the Internet for behavior-based intrusion detection systems. These systems learn your network behavior and then take actions when something like a dictionary attack begins -- like quarantining the source IP/MAC address.

Do you have comments on this Ask the Expert Q&A? Let us know.
Related information from SearchExchange.com:

  • Reference Center: Mailbox management
  • Reference Center: Password management

  • Dig Deeper on Exchange Server setup and troubleshooting

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.