Exchange Security Tip – WST


January 10, 2019 Exchange Security Tip - WST 10-D performs hundreds of penetration tests each year, so we see trends for weaknesses into customer networks.  One of the more common weaknesses we currently see is a weakness with public facing Exchange servers. It is commonly perceived that if you lock down the Exchange Outlook Web App (OWA) login portal by denying most users access and enabling two-factor authentication for the others you will secure your Exchange server from attackers. Unfortunately, a service commonly enabled on many Exchange instances called Exchange Web Services (EWS) bypasses both of those [...]