Check: EX16-ED-000190
Microsoft Exchange 2016 Edge Transport Server STIG:
EX16-ED-000190
(in versions v2 r5 through v1 r1)
Title
Exchange Outbound Connection Timeout must be 10 minutes or less. (Cat II impact)
Discussion
Email system availability depends in part on best practice strategies for setting tuning configurations. This configuration controls the number of idle minutes before the connection is dropped. It works in conjunction with the Maximum Outbound Connections Count setting. Connections, once established, may incur delays in message transfer. The default of 10 minutes is a reasonable window in which to resume activities without maintaining idle connections for excessive intervals. If the timeout period is too long, idle connections may be maintained for unnecessarily long time periods, preventing new connections from being established. Sluggish connectivity increases the risk of lost data. A value of 10 or less is optimal.
Check Content
Review the Email Domain Security Plan (EDSP). Determine the Connection Timeout value. Open the Exchange Management Shell and enter the following command: Get-SendConnector | Select Name, Identity, ConnectionInactivityTimeOut For each send connector, if the value of "ConnectionInactivityTimeOut" is not set to "00:10:00", this is a finding. or If "ConnectionInactivityTimeOut" is set to other than "00:10:00" and has signoff and risk acceptance in the EDSP, this is not a finding.
Fix Text
Update the EDSP to reflect the Connection Timeout value. Open the Exchange Management Shell and enter the following command: Set-SendConnector -Identity <'IdentityName'> -ConnectionInactivityTimeOut 00:10:00 Note: The <IdentityName> value must be in single quotes. or The value as identified by the EDSP that has obtained a signoff with risk acceptance. Repeat the procedure for each send connector.
Additional Identifiers
Rule ID: SV-221220r879651_rule
Vulnerability ID: V-221220
Group Title: SRG-APP-000247
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001095 |
The information system manages excess capacity, bandwidth, or other redundancy to limit the effects of information flooding types of denial of service attacks. |
Controls
Number | Title |
---|---|
SC-5 (2) |
Excess Capacity / Bandwidth / Redundancy |