https://blog.mehedy.com/wp-content/uploads/2018/06/Brute-Force-Attacks-960x600_c.jpg

Protect Exchange OWA from Brute-Force attack


Protecting Exchange OWA from any Brute-Force attack follow the below steps.

Step1: Maintain Password Policy from Active Directory Domain Controller

To protect the OWA from Brute-Force attack we can proceed with simple things. First, we need to manage the password policy on our Active Directory.

Protect Exchange OWA from Brute-Force attack

To get manage this policy, we can simply configure it from the Group Policy. Selecting the password policy GPO.

Step 2: Configure the cache for IIS authentication

Once the Password Policy has been maintained the next step is to configure the cache for IIS authentication. As I have mentioned earlier, even though user is locked on Active Directory they will still get access on the OWA Portal. So to stop it, we need to reduce the cache of the IIS website. To reduce the cache we need to perform below action.

  1. Open Regedit on Exchange CAS server.
  2. Go to HKLM\SYSTEM\CurrentControlSET\Services\InetInfo\Parameters
  3. Create a new DWORD with name UserTokenTTL and keep the value 30 ( this means keeping the Cache only for 30 Sec).

    Protect Exchange OWA from Brute-Force attack

Now, if the user enters few number of wrong password. Then user will not be able to login into their OWA or get authenticate until account is unlocked by administrator.

Hope this will help you to protect from the Brute-force attack.

Mehedy Mizan

Other posts by

Menu