再次苏珊布拉德利CSO在线提醒你为什么禁用基本身份验证是非常重要的。我们谈到了它早些时候关于Office 365的,现在我们要谈的前提交流你怎么能与Exchange 2019做,而是先怎么样的,为什么密码是很坦率地说很容易成为攻击者一个小小的提醒到达,得到。最近有一个微软博客放出来,真正陈列柜它是多么容易为攻击者,让我们的凭据。让我们先用凭据馅基本上在那里,他们已经得到了我们的密码。为什么他们已经拥有了它。因为我们重用密码经常我们去一个网站,我们放在一个用户名。我们投入,因为我们没有看到它作为一个网站的这一重要的密码相同。然后我们再利用该密码一遍又一遍。然后沿着攻击者来了。 They attack the site they grab the database of passwords of the hash values and then they can go through and say hey let's try and reuse those passwords in all sorts of other locations. So do they need to spend a lot of energy trying to break that password. No. Because they already have it. What about phishing. How easy is it to trick somebody to handing over your credentials. Unfortunately all too easy. About point five percent of all inbound e-mails are phishing attacks. Keystroke logging discovery extortions password spray attacks the list goes on of what attackers can do to get your information.
如果你想,哦,不,不可能是我,我的密码不在那里。只要到现场就可以了。我是pwned.com,输入你的用户名吗?看看这个密码出现的频率。在各种不同的数据库破坏中拥有。例如,我的个人电子邮件账户在多个网站上被入侵了19次,Adobe是第一个被入侵的。事实上,当你向下滚动列表,你会看到我的电子邮件账户被入侵的所有网站,其中一些我甚至不记得了,我也不记得了。我想我已经注册了,但是因为他们与其他数据库共享信息。我的电子邮件帐户和密码。妥协了。 Look at all the different places. Scary huh. And a reminder that if you use a user name and a password. Better known as basic authentication and Office 365. The attacker can use it too. So. What can we do. Remember we've already discussed how to disable basic authentication and Microsoft Office 365. But for those of you for on premise exchange what options do you have. You do have an option. For those of you deploying exchange 2019 it now provides the best ability to disable legacy authentication. With the second cumulative update (CU2) for exchange 2019. You can do the same thing that you can do in office 365 and disable that legacy and authentication method. Now before we disable legacy authentication let's make sure that we've got some things in mind. You want to make sure that you understand the impact your environment. So look to see if there's any applications that you use. Or. Or additions to exchange that rely on basic authentication. Talk to your vendors. Do the research ahead of time. Make sure that the clients and all the different applications that you're using to connect your exchange also support modern authentication. So for example you need to meet make sure that you're on Outlook 2013 or later. Outlook 2016 for Macintosh your later. Outlook for OS and Android. Or mail for IOS eleven point three point one or later if you're not on those versions you can't support the modern authentication. You'll also have to make sure that hybrid authentication is working in your exchange environment. And if you still do use Outlook 2013 you'll have to make sure certain registry keys are in place. For example you'll have to enter two registry keys under HKey current user software. Microsoft Office 15.0 common identity and then enable a Dword value of 1. And then go down to version. And make sure you've got a D word value of 1. Now once you have all that in place you can go into the exchange powershell. And put in place a policy. So what you're doing here is you're building a new authentication policy with a name like block legacy auth. And you're setting up that all the different. Ways that they that you connect and to exchange use. Or I should say block the legacy authentication method. So for example here we are blocking Auto discover, Imap, Offline address book, Pop, Legacy Web services are all turned off to make sure that legacy is not used anymore. Then the next step. Is what you build a list of all the users in your organization and you insert into the script. If it's a brand new exchange 20 19 deployment you can set it to block it from the get go. It just depends on how you set up exchange. So keep in mind that multi factor authentication blocks ninety nine point nine percent of the attacks out there. Let me restate that again. As they say here in the blog post your account is more than ninety nine point nine percent less likely to be compromised if you use multi factor. So whether it's Office 365 or on premise e-mail. Look to see if you can rollout multi factor authentication. It's very key in today's environment. So until next time. Don't forget to sign up for the tech talk from IDG from the youtube channel. This is Susan Bradley signing off for CSO Online. Thanks again.