harden EXCH2013

Hi Experts,

I have a new EXCH2013 installation.
Now I have to harden this server because it has direct connectivity to outside users (OWA)
I have checked my connection, with www.ssllabs.com
This connection is terrible and has a F rating.

How to bring it to A or A+ ?
SSL3.0 is already disabled but what about the rest ?
Eprs_AdminSystem ArchitectAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Scott CSenior EngineerCommented:
Here is Microsoft's Security checklist for hardening Exchange 2013

https://technet.microsoft.com/en-us/library/aa996026(v=exchg.150).aspx

Go through this and see what your rating is.

Here is another blog to go through.

http://www.monitis.com/blog/nine-steps-to-secure-your-exchange-server/

Between these two you should improve your score.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Tom CieslikIT EngineerCommented:
The question is what is the rest ?
Without seeing your report it's hard to say what else you can do.
 Certificate?
DKIM ?
etc..
0
Eprs_AdminSystem ArchitectAuthor Commented:
Here is my Rating, see the picture.
This is the rating of the server with OWA.

F Rating
0
The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

Eprs_AdminSystem ArchitectAuthor Commented:
...and to fix insecure Renegotiation on EXCH2013 ?
0
David Johnson, CD, MVPOwnerCommented:
obviously ssl 3 is NOT disabled .. use nartac's tool to check and set. https://www.nartac.com/Products/IISCrypto requires reboot
0
Eprs_AdminSystem ArchitectAuthor Commented:
ok I will check this tool
In the meantime I have set some configuration on my firewall for the specific virtual IP.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.