Cybersecurity Forum

This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.

Riverside
New Contributor

Fortigate Firewall with MAPI

Anyone have ways of protecting from attacks when the attacker is using MAPI to connect to Exchange?   We are finding that hackers with password via some means (phishing, or others) able to get into the Exchange server without needing 2FA and able to send emails from employees.

What we have done so far:

Added a specific IPS to the firewall rule that allows HTTPS from the public IP address
Added the AV profile that includes MAPI
Added DNS filter that doesn't seem to be doing much
Blocked all foreign countries using the GEO location address objects
We are looking at Certificate for content inspection but not sure what that will buy us.
We have 2FA for exchange, but its only for OWA, and not MAPI connections with a 3rd party 2FA solution.

We are also looking at FortiWAF, as we have one for our patient portal, and now we are going to look at protecting our exchange.

Thanks!



------------------------------
Erik J. Devine
Chief Information Security & Technology Officer
Riverside Healthcare
edevine@rhc.net
------------------------------
Erik J. Devine Chief Information Security & Technology Officer Riverside Healthcare edevine@rhc.net
Erik J. Devine Chief Information Security & Technology Officer Riverside Healthcare edevine@rhc.net
1 Solution
LestYang
New Contributor II

Not sure there's a good way and that's the reason Microsoft is pushing to disable basic authentication in Exchange Online.  You can also disable basic authentication for on-premise Exchange but it requires using hybrid modern authentication: https://redmondmag.com/articles/2019/06/21/microsoft-disabling-exchange-protocols.aspx.  

You can also block external MAPI connections and force remote users to connect via VPN or drive users towards using OWA when working remotely since you have 2FA setup there.

View solution in original post

2 REPLIES 2
LestYang
New Contributor II

Not sure there's a good way and that's the reason Microsoft is pushing to disable basic authentication in Exchange Online.  You can also disable basic authentication for on-premise Exchange but it requires using hybrid modern authentication: https://redmondmag.com/articles/2019/06/21/microsoft-disabling-exchange-protocols.aspx.  

You can also block external MAPI connections and force remote users to connect via VPN or drive users towards using OWA when working remotely since you have 2FA setup there.
Riverside

Thanks Lester, I appreciate the help!

------------------------------
Erik J. Devine
Chief Information Security & Technology Officer
Riverside Healthcare
edevine@rhc.net
------------------------------
Erik J. Devine Chief Information Security & Technology Officer Riverside Healthcare edevine@rhc.net
Erik J. Devine Chief Information Security & Technology Officer Riverside Healthcare edevine@rhc.net
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.