Check: Exch-2-200
Exchange 2010 Hub Transport Server STIG:
Exch-2-200
(in version v1 r12)
Title
SMTP automated banner response must not reveal server details. (Cat II impact)
Discussion
Automated connection responses occur as a result of FTP or Telnet connections, when connecting to those services. They report a successful connection by greeting the connecting client, stating the name, release level, and (often) additional information regarding the responding product. While useful to the connecting client, connection responses can also be used by a third party to determine operating system (OS) or product release levels on the target server. The result can include disclosure of configuration information to third parties, paving the way for possible future attacks. For example, when querying the SMTP service on port 25, the default response looks similar to this one: 220 exchange.mydomain.org Microsoft ESMTP MAIL Service, Version: 6.0.3790.211 ready at Wed, 2 Feb 2005 23:40:00 -0500 Changing the response to hide local configuration details reduces the attack profile of the target.
Check Content
Open the Exchange Management Shell and enter the following command: Get-ReceiveConnector | Select Name, Identity, Banner If the value of 'Banner' is not set to '220 SMTP Server Ready', this is a finding.
Fix Text
Open the Exchange Management Shell and enter the following command: Set-ReceiveConnector -Identity <'ReceiveConnector'> -Banner '220 SMTP Server Ready'
Additional Identifiers
Rule ID: SV-44054r1_rule
Vulnerability ID: V-33634
Group Title: Exch-2-200
Expert Comments
CCIs
Number | Definition |
---|---|
No CCIs are assigned to this check |
Controls
Number | Title |
---|---|
No controls are assigned to this check |