STIGQter: STIG Summary: MS Exchange 2010 Edge Transport Server STIG Version: 1 Release: 15 Benchmark Date: 26 Apr 2019:

Internet Receive Connector connections count must be set to default.

DISA Rule

SV-43983r2_rule

Vulnerability Number

V-33563

Group Title

Exch-2-708

Rule Version

Exch-2-708

Severity

CAT III

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Noting the Internet-facing receive connector name, open the Exchange Management Shell and enter the following command:

Set-ReceiveConnector -Identity <'ReceiveConnector'> -MaxInboundConnection unlimited

If an alternate value is desired, obtain signoff with risk acceptance and document in the EDSP.

Check Contents

Obtain the Email Domain Security Plan (EDSP) and locate the 'Maximum Inbound connections' value.

Open the Exchange Management Shell and enter the following command:

Get-ReceiveConnector | Select Name, Identity, MaxInboundConnection

Identify Internet-facing connectors on the Edge Transport server.

If 'MaxInboundConnection' is set to a different numeric value or unlimited, and has signoff and risk acceptance in the EDSP, this is not a finding.

If the value of 'MaxInboundConnection' is not set to 5000, this is a finding.

Vulnerability Number

V-33563

Documentable

False

Rule Version

Exch-2-708

Severity Override Guidance

Obtain the Email Domain Security Plan (EDSP) and locate the 'Maximum Inbound connections' value.

Open the Exchange Management Shell and enter the following command:

Get-ReceiveConnector | Select Name, Identity, MaxInboundConnection

Identify Internet-facing connectors on the Edge Transport server.

If 'MaxInboundConnection' is set to a different numeric value or unlimited, and has signoff and risk acceptance in the EDSP, this is not a finding.

If the value of 'MaxInboundConnection' is not set to 5000, this is a finding.

Check Content Reference

M

Target Key

1995

Comments