Check: EX16-ED-000310
Microsoft Exchange 2016 Edge Transport Server STIG:
EX16-ED-000310
(in versions v2 r5 through v1 r1)
Title
The Exchange Internet Receive connector connections count must be set to default. (Cat III impact)
Discussion
Email system availability depends in part on best practice strategies for setting tuning configurations. This configuration controls the maximum number of simultaneous inbound connections allowed to the SMTP server. By default, the number of simultaneous inbound connections is 5000. If a limit is set too low, the connections pool may be filled. If attackers perceive the limit is too low, they could deny service to the Simple Mail Transfer Protocol (SMTP) server by using a connection count that exceeds the limit set. By setting the default configuration to 5000, attackers would need many more connections to cause denial of service.
Check Content
Review the Email Domain Security Plan (EDSP). Determine the Maximum Inbound connections value. Open the Exchange Management Shell and enter the following command: Get-ReceiveConnector | Select Name, Identity, MaxInboundConnection Identify Internet-facing connectors. For each receive connector, if the value of "MaxInboundConnection" is not set to "5000", this is a finding. or If "MaxInboundConnection" is set to a value other than "5000" or is set to unlimited and has signoff and risk acceptance in the EDSP, this is not a finding.
Fix Text
Update the EDSP to reflect the Maximum Inbound connections value. Open the Exchange Management Shell and enter the following command: Set-ReceiveConnector -Identity <'IdentityName'> -MaxInboundConnection 5000 Note: The <IdentityName> value must be in single quotes. or The value as identified by the EDSP that has obtained a signoff with risk acceptance. Repeat the procedure for each receive connector.
Additional Identifiers
Rule ID: SV-221230r879651_rule
Vulnerability ID: V-221230
Group Title: SRG-APP-000247
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001095 |
The information system manages excess capacity, bandwidth, or other redundancy to limit the effects of information flooding types of denial of service attacks. |
Controls
Number | Title |
---|---|
SC-5 (2) |
Excess Capacity / Bandwidth / Redundancy |