Title

Security support data or process is sharing a directory or partition with Exchange. (Cat II impact)

Discussion

The Security Support Structure is a security control function or service provided by an external system or application. For example, a Windows Domain Controller that provides Identification and Authentication Services (Active Directory) may be at risk of compromise if a co-resident application becomes compromised. The attacker can then use another system to control access to other parts of the domain. The vulnerabilities and associated risk of Exchange 2003 installed on a system that provides a security support structure is significantly higher than when installed with other functions that do not provide security support. For this reason, applications such as Exchange 2003 should never be co-resident on a server with Active Directory.

Check Content

Review documentation and the E-mail host servers. Procedure: Interview the E-mail Administrator or the IAO. Access System Security Plan documenation and the server being reviewed. Verify that Exchange 2003 is not installed on a Domain Controller or other Directory Services server. Criteria: If Exchange E-mail application is installed on a server that separate from domain security services, this is not a finding.

Fix Text

Procedure: Install Exchange 2003 application to a dedicated host system.

Additional Identifiers

Rule ID: SV-20427r1_rule

Vulnerability ID: V-18742

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.