Authentication with Exchange Server must be required.

From Microsoft Outlook 2010

Part of DTOO280 - Authentication w/Exchange Svr

SV-33486r1_rule Authentication with Exchange Server must be required.

Vulnerability discussion

Exchange Server supports the Kerberos authentication protocol and NTLM for authentication. The Kerberos protocol is the more secure authentication method and is supported on Windows 2000 Server and later versions. NTLM authentication is supported in pre-Windows 2000 environments.By default, Outlook will attempt to authenticate using the Kerberos authentication protocol, if it cannot (because no Windows 2000 or later domain controllers are available), it will authenticate using NTLM.

Check content

The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Account Settings -> Exchange “Authentication with Exchange Server” must be set to “Enabled (Kerberos/NTLM Password Authentication)”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\security Criteria: If the value AuthenticationService is REG_DWORD = 9, this is not a finding.

Fix text

Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Account Settings -> Exchange “Authentication with Exchange Server” to “Enabled (Kerberos/NTLM Password Authentication)”.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer