Title

User mailboxes are hosted on non-Mailbox Server role. (Cat II impact)

Discussion

Separation of roles supports operational security for application as well as human resources. By isolating a server role such as ‘Mailbox Role’, boundaries that pertain to Mailbox data protection need only be focused in the Mailbox data server. In this way, any Mailbox-specific attack vectors, protocol traffic requirements are more optimally secured. Mailbox data repositories should only be hosted on the Mailbox Server Role.

Check Content

Ensure that mailbox stores are not configured. Procedure: Exchange System Manager >>Administrative Groups >> [administrative group]>> Servers >> [server name] >> First Storage Group Individual list of user mailboxes should be an empty list. Criteria: If user mailbox list is empty, this is not a finding.

Fix Text

Configure non-Mailbox Server role. Procedure: Exchange System Manager >>Administrative Groups >> [administrative group]>> Servers >> [server name] >> First Storage Group Remove Mailbox store and mailboxes. Note: Additional administrative tasks to modify dependent configurations may be necessary.

Additional Identifiers

Rule ID: SV-20214r1_rule

Vulnerability ID: V-18641

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.