Susan Bradley again for CSO online reminding you of why disabling basic authentication is really important. We talked about it earlier in regards to Office 365. And now we’re going to talk about on premise exchange and how you can do it with exchange 2019. But first how about a little reminder of why passwords are quite frankly so easy for attackers to get to. Recently there was a Microsoft blog put out that really showcases how easy it is for attackers to get our credentials. Let’s start out with credentials stuffing where basically they have already got our password. Why did they already have it. Because we reuse passwords so often we go to a Web site we put in a user name. We put the same password in because we don’t see it as being that important of a site. And then we reuse that password over and over again. Then comes along an attacker. They attack the site they grab the database of passwords of the hash values and then they can go through and say hey let’s try and reuse those passwords in all sorts of other locations. So do they need to spend a lot of energy trying to break that password. No. Because they already have it. What about phishing. How easy is it to trick somebody to handing over your credentials. Unfortunately all too easy. About point five percent of all inbound e-mails are phishing attacks. Keystroke logging discovery extortions password spray attacks the list goes on of what attackers can do to get your information.
And if you ever think oh no it can’t be me my password isn’t out there. Just go out to the site. Have I been pwned.com and put in your username. And see how often that password has been. Owned in various different Database breaches. For example my personal email account has been breached 19 times on various sites Adobe’s breach was being the first. In fact when you scroll down the list and see all the different sites that my email account has been breached some of them I don’t even remember and I don’t. think I’ve signed up for but because they shared information with other databases. My email account and my my password. Got compromised. Look at all the different places. Scary huh. And a reminder that if you use a user name and a password. Better known as basic authentication and Office 365. The attacker can use it too. So. What can we do. Remember we’ve already discussed how to disable basic authentication and Microsoft Office 365. But for those of you for on premise exchange what options do you have. You do have an option. For those of you deploying exchange 2019 it now provides the best ability to disable legacy authentication. With the second cumulative update (CU2) for exchange 2019. You can do the same thing that you can do in office 365 and disable that legacy and authentication method. Now before we disable legacy authentication let’s make sure that we’ve got some things in mind. You want to make sure that you understand the impact your environment. So look to see if there’s any applications that you use. Or. Or additions to exchange that rely on basic authentication. Talk to your vendors. Do the research ahead of time. Make sure that the clients and all the different applications that you’re using to connect your exchange also support modern authentication. So for example you need to meet make sure that you’re on Outlook 2013 or later. Outlook 2016 for Macintosh your later. Outlook for OS and Android. Or mail for IOS eleven point three point one or later if you’re not on those versions you can’t support the modern authentication. You’ll also have to make sure that hybrid authentication is working in your exchange environment. And if you still do use Outlook 2013 you’ll have to make sure certain registry keys are in place. For example you’ll have to enter two registry keys under HKey current user software. Microsoft Office 15.0 common identity and then enable a Dword value of 1. And then go down to version. And make sure you’ve got a D word value of 1. Now once you have all that in place you can go into the exchange powershell. And put in place a policy. So what you’re doing here is you’re building a new authentication policy with a name like block legacy auth. And you’re setting up that all the different. Ways that they that you connect and to exchange use. Or I should say block the legacy authentication method. So for example here we are blocking Auto discover, Imap, Offline address book, Pop, Legacy Web services are all turned off to make sure that legacy is not used anymore. Then the next step. Is what you build a list of all the users in your organization and you insert into the script. If it’s a brand new exchange 20 19 deployment you can set it to block it from the get go. It just depends on how you set up exchange. So keep in mind that multi factor authentication blocks ninety nine point nine percent of the attacks out there. Let me restate that again. As they say here in the blog post your account is more than ninety nine point nine percent less likely to be compromised if you use multi factor. So whether it’s Office 365 or on premise e-mail. Look to see if you can rollout multi factor authentication. It’s very key in today’s environment. So until next time. Don’t forget to sign up for the tech talk from IDG from the youtube channel. This is Susan Bradley signing off for CSO Online. Thanks again.
READ MORE HERE