Check: Exch-1-008
Exchange 2010 Client Access Server STIG:
Exch-1-008
(in version v1 r9)
Title
The Microsoft Exchange POP3 service must be disabled. (Cat II impact)
Discussion
The POP3 protocol is not approved for use within the DoD. It uses a clear text based user name and password and does not support the DoD standard for PKI for email access. User name and password could easily be captured from the network allowing malicious user to access other system features. Uninstalling or disabling the service will prevent the use of the POP3 protocol.
Check Content
Open the Windows Power Shell and enter the following command: Get-ItemProperty 'hklm:\system\currentcontrolset\services\MSExchangePOP3' | Select Start If the value of 'Start' is not set to '4', this is a finding.
Fix Text
Open the Windows Power Shell and enter the following command: services.msc Double click the 'Microsoft Exchange POP3' service and select the General tab. Set the 'Startup Type' to 'Disabled', click ok.
Additional Identifiers
Rule ID: SV-43990r1_rule
Vulnerability ID: V-33570
Group Title: Exch-1-008
Expert Comments
CCIs
Number | Definition |
---|---|
No CCIs are assigned to this check |
Controls
Number | Title |
---|---|
No controls are assigned to this check |