Help
Cybersecurity Forum

This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.

Riverside
New Contributor

Created on ‎06-28-2020 12:31 PM

Fortigate Firewall with MAPI

Anyone have ways of protecting from attacks when the attacker is using MAPI to connect to Exchange?   We are finding that hackers with password via some means (phishing, or others) able to get into the Exchange server without needing 2FA and able to send emails from employees.

What we have done so far:

Added a specific IPS to the firewall rule that allows HTTPS from the public IP address
Added the AV profile that includes MAPI
Added DNS filter that doesn't seem to be doing much
Blocked all foreign countries using the GEO location address objects
We are looking at Certificate for content inspection but not sure what that will buy us.
We have 2FA for exchange, but its only for OWA, and not MAPI connections with a 3rd party 2FA solution.

We are also looking at FortiWAF, as we have one for our patient portal, and now we are going to look at protecting our exchange.

Thanks!



------------------------------
Erik J. Devine
Chief Information Security & Technology Officer
Riverside Healthcare
edevine@rhc.net
------------------------------
Erik J. Devine Chief Information Security & Technology Officer Riverside Healthcare edevine@rhc.net
Erik J. Devine Chief Information Security & Technology Officer Riverside Healthcare edevine@rhc.net
Labels:
720
0 Kudos
1 Solution
LestYang
New Contributor II

Created on ‎06-29-2020 09:07 AM

Not sure there's a good way and that's the reason Microsoft is pushing to disable basic authentication in Exchange Online.  You can also disable basic authentication for on-premise Exchange but it requires using hybrid modern authentication: https://redmondmag.com/articles/2019/06/21/microsoft-disabling-exchange-protocols.aspx.  

You can also block external MAPI connections and force remote users to connect via VPN or drive users towards using OWA when working remotely since you have 2FA setup there.

View solution in original post

699
0 Kudos
2 REPLIES 2
LestYang
New Contributor II

Created on ‎06-29-2020 09:07 AM

Not sure there's a good way and that's the reason Microsoft is pushing to disable basic authentication in Exchange Online.  You can also disable basic authentication for on-premise Exchange but it requires using hybrid modern authentication: https://redmondmag.com/articles/2019/06/21/microsoft-disabling-exchange-protocols.aspx.  

You can also block external MAPI connections and force remote users to connect via VPN or drive users towards using OWA when working remotely since you have 2FA setup there.
700
0 Kudos
Riverside
New Contributor
In response to LestYang

Created on ‎07-10-2020 09:20 AM

Thanks Lester, I appreciate the help!

------------------------------
Erik J. Devine
Chief Information Security & Technology Officer
Riverside Healthcare
edevine@rhc.net
------------------------------
Erik J. Devine Chief Information Security & Technology Officer Riverside Healthcare edevine@rhc.net
Erik J. Devine Chief Information Security & Technology Officer Riverside Healthcare edevine@rhc.net
699
0 Kudos
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.