UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Web email must use standard ports protocols.


Overview

Finding ID Version Rule ID IA Controls Severity
V-33584 Exch-1-202 SV-44003r1_rule ECSC-1 Medium
Description
PPSM standard defined ports and protocols must be used for all Exchange services. The standard port for HTTP connections is 80 and the standard port for HTTPS connections is 443. Changing the ports to non-standard values provides only temporary and limited protection against automated attacks since these attacks will not likely connect to the custom port. However, a determined attacker may still be able to determine which ports are used for the HTTP and HTTPS protocols by performing a comprehensive port scan. Negative impacts to using nonstandard ports include complexity for the system administrator, custom configurations for connecting clients, risk of port conflict with non-exchange applications, and risk of incompatibility with standard port monitoring applications.
STIG Date
Exchange 2010 Client Access Server STIG 2013-07-11

Details

Check Text ( C-41690r2_chk )
Open a Windows PowerShell Module and enter the following command:

Get-WebBinding -Name <'WebSiteName'>| Format-List

If the Web binding values are not on standard port 80 for HTTP connections or port 443 for HTTPS connections, this is a finding.
Fix Text (F-37475r1_fix)
Configure web ports to be port 80 and 443, as specified by PPSM standards.