Virtual memory monitoring notifications are not configured with threshold and action.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-18714	EMG2-813 Exch2K3	SV-20369r1_rule	ECSC-1	Medium

Description
Log files help establish a history of activities, and can be useful in detecting attack attempts or determining tuning adjustments to improve availability. Exchange 2003 built-in monitors enable the administrator to generate alerts if thresholds are reached, better enabling them to react in a timely fashion. This field offers choices of alerts when a ‘warning’ or ‘critical’ threshold is reached on low virtual memory. A good rule of thumb (default) is to issue warnings when virtual memory is less than 25% for a duration of 3 minutes, and critical messages when less than 10% for a duration of 3 minutes, which should only exist occasionally. Frequent alerts against this counter may indicate that additional capacity is needed, or a network or other issue (such as inbound SPAMMER traffic) that directly impacts e-mail delivery. Virtual Memory availability should be monitored. Frequent alerts on this counter could indicate that the server is nearing capacity and that load mitigation measures may be needed.

Description

Log files help establish a history of activities, and can be useful in detecting attack attempts or determining tuning adjustments to improve availability. Exchange 2003 built-in monitors enable the administrator to generate alerts if thresholds are reached, better enabling them to react in a timely fashion. This field offers choices of alerts when a ‘warning’ or ‘critical’ threshold is reached on low virtual memory. A good rule of thumb (default) is to issue warnings when virtual memory is less than 25% for a duration of 3 minutes, and critical messages when less than 10% for a duration of 3 minutes, which should only exist occasionally. Frequent alerts against this counter may indicate that additional capacity is needed, or a network or other issue (such as inbound SPAMMER traffic) that directly impacts e-mail delivery. Virtual Memory availability should be monitored. Frequent alerts on this counter could indicate that the server is nearing capacity and that load mitigation measures may be needed.

STIG	Date
Microsoft Exchange Server 2003	2014-08-19

Details

Check Text ( C-22432r1_chk )
If Virtual Memory Utilization monitoring is performed via a third party tool as part of an overall data center monitoring strategy, then this check is N/A. Review virtual memory utilization monitoring and notification. Procedure: Exchange System Manager >> Administrative Groups >> [administrative group] >> Servers >> [server] >> Properties >> Monitoring tab >> Virtual Memory Threshold >> Details button "Warning" should be set (for a sustained duration of 3 minutes) to a value not less than 25%. "Critical" should be a value not less than 10%. Minimum Action should be E-mail to an on-call Exchange Administrator or to an Incident Response administrator. Criteria: If "Warning" is set (for a sustained duration of 3 minutes) to a value 25% or higher, and "Critical" is 10% or higher,and Action is an E-mail to an on-call Exchange Administrator, this is not a finding.

Check Text ( C-22432r1_chk )

If Virtual Memory Utilization monitoring is performed via a third party tool as part of an overall data center monitoring strategy, then this check is N/A.

Review virtual memory utilization monitoring and notification.

Procedure: Exchange System Manager >> Administrative Groups >> [administrative group] >> Servers >> [server] >> Properties >> Monitoring tab >> Virtual Memory Threshold >> Details button

"Warning" should be set (for a sustained duration of 3 minutes) to a value not less than 25%. "Critical" should be a value not less than 10%. Minimum Action should be E-mail to an on-call Exchange Administrator or to an Incident Response administrator.

Criteria: If "Warning" is set (for a sustained duration of 3 minutes) to a value 25% or higher, and "Critical" is 10% or higher,and Action is an E-mail to an on-call Exchange Administrator, this is not a finding.

Fix Text (F-19360r1_fix)
Configure Virtual Memory utilization monitoring and notification. Procedure: Exchange System Manager >> Administrative Groups >> [administrative group] >> Servers >> [server] >> Properties >> Monitoring tab >> Virtual Memory Threshold >> Details button 1) Add the monitor, if needed: Click ADD, select Virtual Memory Threshold. 2) Set the duration, warning and critical thresholds Set (for a sustained duration of 3 minutes) Warning value not less than 25% and Critical value not less than 10%. 3) Create the notifications: Exchange System Manager >> Tools >> Monitoring and Status >> Notifications: Declare notifications and communication methods as required by local organization policy. At minimum, E-mail an on-call Exchange administrator or an Incident Response administrator.

Fix Text (F-19360r1_fix)

Configure Virtual Memory utilization monitoring and notification.

Procedure: Exchange System Manager >> Administrative Groups >> [administrative group] >> Servers >> [server] >> Properties >> Monitoring tab >> Virtual Memory Threshold >> Details button

1) Add the monitor, if needed:
Click ADD, select Virtual Memory Threshold.

2) Set the duration, warning and critical thresholds
Set (for a sustained duration of 3 minutes) Warning value not less than 25% and Critical value not less than 10%.

3) Create the notifications:
Exchange System Manager >> Tools >> Monitoring and Status >> Notifications:
Declare notifications and communication methods as required by local organization policy. At minimum, E-mail an on-call Exchange administrator or an Incident Response administrator.