Sunday, June 21, 2009

Auditing Exchange Server for vulnerabilities?

I have an engagement coming up where we'll have to audit some Exchange servers. Currently, the DISA Exchange checklist is in draft. Yes, we'll be running Gold Disk on the servers, and we'll be running Oval to check the patches. However, is there any other guidance for auditing Exchange?

As I find other options, I'll post them here. And of course, I'll write up our methodology after the trip.

Edit: NSA Exchange guide

Unfortunately, CIS doesn't have a tool for Exchange.

No comments:

Post a Comment