ByDavey Winder,
Senior Contributor.
Microsoft has been in the media spotlight recently as Windows attackers exploit a no-patch vulnerability, emergency security updates are issued for another ongoing exploit, and the Cybersecurity and Infrastructure Security Agency tells federal agencies to update now as Windows Server attacks confirmed in the wild. It’s not all bad news, though: the National Security Agency has issued a security best practices guide to defending your Microsoft Exchange Servers, with CISA warning the platform remains “at high risk of compromise.”
This isn’t the first time that U.S. security agencies have warned about the dangers of attacks targeting Microsoft Exchange Servers, and likely will not be the last. It is, however, a long-overdue acceptance of the need for official guidance when it comes to Microsoft Exchange Server security best practices. Not just for government agencies, but all enterprises. Sure, there’s plenty of such advice already out there, not least from Microsoft itself, but the added weight of CISA and the NSA certainly isn’t to be sniffed at.
Thankfully, for such things, the document itself is relatively short and to the point at just 10 pages of Microsoft Exchange Server security guidance. The brevity is noted by the NSA and CISA within the introductory paragraph: “This document outlines several security best practices, but is not an all-inclusive hardening guide. Active monitoring for compromises and planning for potential incidents and recovery, while not discussed in this guidance, are equally important areas for Exchange.”
