{"id":14096,"date":"2025-12-17T21:38:55","date_gmt":"2025-12-17T18:38:55","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=14096"},"modified":"2025-12-17T21:38:55","modified_gmt":"2025-12-17T18:38:55","slug":"exchange-se-hardening-2026","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/exchange-se-hardening-2026\/14096\/","title":{"rendered":"Exchange sunucular\u0131n\u0131 g\u00fc\u00e7lendirme"},"content":{"rendered":"<p>Microsoft Exchange sunucular\u0131na y\u00f6nelik sald\u0131r\u0131lar\u0131n ka\u00e7\u0131n\u0131lmaz olarak g\u00f6r\u00fclmesi gerekti\u011fine ve g\u00fcvenlik ihlali riskinin s\u00fcrekli y\u00fcksek oldu\u011funa itiraz edecek \u00e7ok az siber g\u00fcvenlik uzman\u0131 vard\u0131r. Ekim ay\u0131nda Microsoft, <a href=\"https:\/\/techcommunity.microsoft.com\/blog\/exchange\/released-october-2025-exchange-server-security-updates\/4461276\" target=\"_blank\" rel=\"noopener nofollow\">Exchange Server 2019 deste\u011fini sonland\u0131rarak<\/a> Exchange Server Subscription Edition (<a href=\"https:\/\/techcommunity.microsoft.com\/blog\/exchange\/upgrading-your-organization-from-current-versions-to-exchange-server-se\/4241305\" target=\"_blank\" rel=\"noopener nofollow\">Exchange SE<\/a>) \u00fcr\u00fcn\u00fcn\u00fc 2026 y\u0131l\u0131 i\u00e7in desteklenen tek kurum i\u00e7i \u00e7\u00f6z\u00fcm haline getirdi. Buna ra\u011fmen, bir\u00e7ok kurulu\u015f Exchange Server 2016, 2013 ve hatta daha eski s\u00fcr\u00fcmleri kullanmaya devam ediyor.<\/p>\n<p>Tehdit akt\u00f6rleri i\u00e7in Exchange, kar\u015f\u0131 konulmaz bir hedeftir. Pop\u00fclerli\u011fi, karma\u015f\u0131kl\u0131\u011f\u0131, ayarlar\u0131n\u0131n bollu\u011fu ve en \u00f6nemlisi d\u0131\u015f a\u011flardan eri\u015filebilir olmas\u0131, onu \u00e7ok \u00e7e\u015fitli sald\u0131r\u0131lara kar\u015f\u0131 savunmas\u0131z hale getirir:<\/p>\n<ul>\n<li><a href=\"https:\/\/www.forbes.com\/sites\/daveywinder\/2025\/06\/13\/microsoft-users-warned-of-ongoing-password-spraying-attack---act-now\/\" target=\"_blank\" rel=\"noopener nofollow\">Parola p\u00fcsk\u00fcrtme<\/a> sald\u0131r\u0131lar\u0131 veya hedefli kimlik av\u0131 yoluyla posta kutular\u0131na s\u0131zma<\/li>\n<li>Eski kimlik do\u011frulama ileti\u015fim kural\u0131 yoluyla hesap ele ge\u00e7irme<\/li>\n<li>Exchange Web Hizmetleri arac\u0131l\u0131\u011f\u0131yla k\u00f6t\u00fc ama\u00e7l\u0131 posta ak\u0131\u015f\u0131 kurallar\u0131 enjekte ederek belirli e-postalar\u0131 \u00e7alma<\/li>\n<li>Exchange posta i\u015fleme altyap\u0131s\u0131ndaki kusurlar\u0131 kullanarak \u00e7al\u0131\u015fan kimlik do\u011frulama belirte\u00e7lerini <a href=\"https:\/\/securelist.com\/analysis-of-attack-samples-exploiting-cve-2023-23397\/110202\/\" target=\"_blank\" rel=\"noopener\">ele ge\u00e7irme<\/a> veya <a href=\"https:\/\/www.kaspersky.com\/blog\/cve-2024-49040-email-spoofing-protection\/52699\/\" target=\"_blank\" rel=\"noopener nofollow\">mesaj sahtecili\u011fi<\/a><\/li>\n<li>Exchange g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131 istismar ederek sunucuda <a href=\"https:\/\/securelist.com\/toddycat\/106799\/\" target=\"_blank\" rel=\"noopener\">rastgele kod \u00e7al\u0131\u015ft\u0131rma<\/a> (web kabuklar\u0131 da\u011f\u0131tma)<\/li>\n<li>Yanal hareket ve sunucu g\u00fcvenli\u011fi ihlali, Exchange sunucusunun a\u011f ke\u015ffi, k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m bar\u0131nd\u0131rma ve trafik t\u00fcnelleme i\u00e7in <a href=\"https:\/\/cloud.google.com\/blog\/topics\/threat-intelligence\/pst-want-shell-proxyshell-exploiting-microsoft-exchange-servers\" target=\"_blank\" rel=\"noopener nofollow\">bir dayanak noktas\u0131 haline geldi\u011fi<\/a> durumlar<\/li>\n<li>Exchange i\u00e7in \u00f6zel yerle\u015ftirmeler arac\u0131l\u0131\u011f\u0131yla uzun vadeli e-posta s\u0131zd\u0131rma<\/li>\n<\/ul>\n<p>Exchange sald\u0131r\u0131lar\u0131n\u0131n karma\u015f\u0131kl\u0131\u011f\u0131n\u0131 ve \u00e7e\u015fitlili\u011fini tam olarak anlamak i\u00e7in <a href=\"https:\/\/securelist.com\/ghostcontainer\/116953\/\" target=\"_blank\" rel=\"noopener\">GhostContainer<\/a>, <a href=\"https:\/\/securelist.com\/owowa-credential-stealer-and-remote-access\/105219\/\" target=\"_blank\" rel=\"noopener\">Owowa<\/a>, <a href=\"https:\/\/securelist.com\/cve-2022-41040-and-cve-2022-41082-zero-days-in-ms-exchange\/108364\/\" target=\"_blank\" rel=\"noopener\">ProxyNotShell <\/a>ve <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/new-powerexchange-malware-backdoors-microsoft-exchange-servers\/\" target=\"_blank\" rel=\"noopener nofollow\">PowerExchange<\/a> tehditleri hakk\u0131ndaki ara\u015ft\u0131rmalar\u0131 incelemek faydal\u0131 olacakt\u0131r.<\/p>\n<p>Sald\u0131rganlar\u0131n Exchange\u2019i ele ge\u00e7irmesini zorla\u015ft\u0131rmak ve ba\u015far\u0131l\u0131 bir sald\u0131r\u0131n\u0131n etkisini azaltmak imkans\u0131z de\u011fildir, ancak basit yap\u0131land\u0131rma de\u011fi\u015fikliklerinden yo\u011fun \u00e7aba gerektiren kimlik do\u011frulama protokol\u00fc ge\u00e7i\u015flerine, \u00e7ok \u00e7e\u015fitli \u00f6nlemler al\u0131nmas\u0131n\u0131 gerektirir. CISA, Kanada Siber G\u00fcvenlik Merkezi ve di\u011fer siber g\u00fcvenlik d\u00fczenleyicileri taraf\u0131ndan \u00f6ncelikli savunma \u00f6nlemlerinin ortak bir incelemesi yak\u0131n zamanda <a href=\"https:\/\/www.cisa.gov\/resources-tools\/resources\/microsoft-exchange-server-security-best-practices\" target=\"_blank\" rel=\"noopener nofollow\">yay\u0131nland\u0131<\/a>. Peki kurum i\u00e7i Exchange sunucunuzu nas\u0131l g\u00fc\u00e7lendirmeye ba\u015flayabilirsiniz?<\/p>\n<h2>EOL s\u00fcr\u00fcmlerinden ge\u00e7i\u015f<\/h2>\n<p>Hem Microsoft hem de CISA, zaman\u0131nda g\u00fcvenlik g\u00fcncellemeleri almak i\u00e7in <a href=\"https:\/\/techcommunity.microsoft.com\/blog\/exchange\/upgrading-your-organization-from-current-versions-to-exchange-server-se\/4241305\" target=\"_blank\" rel=\"noopener nofollow\">Exchange SE<\/a>\u2018ye ge\u00e7i\u015f yap\u0131lmas\u0131n\u0131 tavsiye etmektedir. Hemen ge\u00e7i\u015f yapamayan kurulu\u015flara, 2016 ve 2019 s\u00fcr\u00fcmleri i\u00e7in \u00fccretli Geni\u015fletilmi\u015f G\u00fcvenlik G\u00fcncellemeleri (ESU) aboneli\u011fi mevcuttur. Microsoft, 2016 veya 2019 s\u00fcr\u00fcm\u00fcnden Exchange SE\u2019ye y\u00fckseltmenin, standart bir Toplu G\u00fcncelle\u015ftirme y\u00fcklemesiyle benzer bir karma\u015f\u0131kl\u0131kta oldu\u011funu vurgulamaktad\u0131r.<\/p>\n<p>Herhangi bir nedenle desteklenmeyen bir s\u00fcr\u00fcm\u00fc \u00e7al\u0131\u015f\u0131r durumda tutman\u0131z gerekiyorsa, bu s\u00fcr\u00fcm hem i\u00e7 hem de d\u0131\u015f a\u011flardan tamamen izole edilmelidir. T\u00fcm posta ak\u0131\u015f\u0131, \u00f6zel olarak yap\u0131land\u0131r\u0131lm\u0131\u015f bir <a href=\"https:\/\/www.kaspersky.com.tr\/small-to-medium-business-security\/mail-security-appliance?icid=tr_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder_______\" target=\"_blank\" rel=\"noopener\">e-posta g\u00fcvenlik a\u011f ge\u00e7idi<\/a> \u00fczerinden y\u00f6nlendirilmelidir.<\/p>\n<h2>D\u00fczenli g\u00fcncellemeler<\/h2>\n<p>Microsoft, ayl\u0131k g\u00fcvenlik d\u00fczeltmeleriyle birlikte y\u0131lda iki Toplu G\u00fcncelleme (CU) yay\u0131nlar. Exchange y\u00f6neticileri i\u00e7in \u00f6nemli bir g\u00f6rev, tehdit akt\u00f6rleri bilinen g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131 h\u0131zla silah olarak kullanmaya ba\u015flad\u0131\u011f\u0131ndan, bu g\u00fcncellemeleri gecikmeden da\u011f\u0131tmak i\u00e7in bir s\u00fcre\u00e7 olu\u015fturmakt\u0131r. Bu g\u00fcncellemelerin yay\u0131n takvimini ve i\u00e7eri\u011fini <a href=\"https:\/\/learn.microsoft.com\/en-us\/exchange\/new-features\/build-numbers-and-release-dates\" target=\"_blank\" rel=\"noopener nofollow\">Microsoft\u2019un resmi sayfas\u0131ndan<\/a> takip edebilirsiniz. Exchange kurulumunuzun durumunu ve g\u00fcncelleme durumunu do\u011frulamak i\u00e7in <a href=\"https:\/\/microsoft.github.io\/CSS-Exchange\/Setup\/SetupAssist\/\" target=\"_blank\" rel=\"noopener nofollow\">SetupAssist<\/a> ve <a href=\"https:\/\/aka.ms\/ExchangeHealthChecker\" target=\"_blank\" rel=\"noopener nofollow\">Exchange Health Checker<\/a> gibi ara\u00e7lar\u0131 kullanabilirsiniz.<\/p>\n<h2>Acil durum hafifletme \u00f6nlemleri<\/h2>\n<p>Kritik, aktif olarak istismar edilen g\u00fcvenlik a\u00e7\u0131klar\u0131 i\u00e7in ge\u00e7ici \u00f6nlem k\u0131lavuzlar\u0131 genellikle <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/exchange-team-blog\/bg-p\/Exchange\" target=\"_blank\" rel=\"noopener nofollow\">Exchange blogunda<\/a> ve <a href=\"https:\/\/learn.microsoft.com\/exchange\/plan-and-deploy\/post-installation-tasks\/security-best-practices\/exchange-emergency-mitigation-service\" target=\"_blank\" rel=\"noopener nofollow\">Exchange Emergency Mitigation<\/a> hizmeti sayfas\u0131nda yay\u0131nlan\u0131r. Emergency Mitigation (EM) hizmeti, Exchange Posta Kutusu sunucular\u0131n\u0131zda etkinle\u015ftirilmelidir. EM, acil tehditlere y\u00f6nelik hafifletme kurallar\u0131n\u0131 indirmek ve uygulamak i\u00e7in Office Config Hizmetine otomatik olarak ba\u011flan\u0131r. Bu \u00f6nlemler, <a href=\"https:\/\/tr.wikipedia.org\/wiki\/Internet_Information_Services\" target=\"_blank\" rel=\"noopener nofollow\">IIS<\/a>\u2018deki URL yeniden yazma kurallar\u0131n\u0131 kullanarak savunmas\u0131z hizmetleri h\u0131zla devre d\u0131\u015f\u0131 b\u0131rakabilir ve k\u00f6t\u00fc ama\u00e7l\u0131 istekleri engelleyebilir.<\/p>\n<h2>G\u00fcvenli temeller<\/h2>\n<p>Bir kurulu\u015fun ihtiya\u00e7lar\u0131na g\u00f6re optimize edilmi\u015f, kurulu\u015f genelinde tek tip bir yap\u0131land\u0131rma seti, yaln\u0131zca Exchange sunucular\u0131na de\u011fil, t\u00fcm platformlardaki posta istemcilerine ve bunlar\u0131n temel i\u015fletim sistemlerine de uygulanmal\u0131d\u0131r.<\/p>\n<p>\u00d6nerilen g\u00fcvenlik temel standartlar\u0131 \u00e7e\u015fitli i\u015fletim sistemleri ve Exchange s\u00fcr\u00fcmleri i\u00e7in farkl\u0131l\u0131k g\u00f6sterdi\u011finden, CISA k\u0131lavuzu \u00fccretsiz olarak eri\u015filebilen pop\u00fcler <a href=\"https:\/\/downloads.cisecurity.org\/#\/\" target=\"_blank\" rel=\"noopener nofollow\">CIS Benchmark<\/a> ve <a href=\"https:\/\/learn.microsoft.com\/en-us\/microsoft-365-apps\/security\/security-baseline\" target=\"_blank\" rel=\"noopener nofollow\">Microsoft<\/a> talimatlar\u0131na at\u0131fta bulunmaktad\u0131r. En son CIS Benchmark, Exchange 2019 i\u00e7in olu\u015fturulmu\u015ftur, ancak mevcut Subscription Edition, yap\u0131land\u0131r\u0131labilir se\u00e7enekleri a\u00e7\u0131s\u0131ndan Exchange Server 2019 CU15\u2019ten farkl\u0131 olmad\u0131\u011f\u0131ndan, Exchange SE i\u00e7in de ge\u00e7erlidir.<\/p>\n<h2>\u00d6zel g\u00fcvenlik \u00e7\u00f6z\u00fcmleri<\/h2>\n<p>Bir\u00e7ok kurulu\u015fun yapt\u0131\u011f\u0131 kritik bir hata, Exchange sunucular\u0131nda EDR ve EPP ajanlar\u0131na sahip olmamakt\u0131r. G\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131n istismar edilmesini ve web kabuklar\u0131n\u0131n \u00e7al\u0131\u015ft\u0131r\u0131lmas\u0131n\u0131 \u00f6nlemek i\u00e7in sunucunun <a href=\"https:\/\/www.kaspersky.com.tr\/enterprise-security\/endpoint-detection-response-edr?icid=tr_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder_______\" target=\"_blank\" rel=\"noopener\">Kaspersky Endpoint Detection and Response<\/a> gibi bir g\u00fcvenlik \u00e7\u00f6z\u00fcm\u00fc ile korunmas\u0131 gerekir. Exchange Server, g\u00fcvenlik ara\u00e7lar\u0131n\u0131n sunucu taraf\u0131ndaki olaylar\u0131 etkili bir \u015fekilde i\u015flemek i\u00e7in <a href=\"https:\/\/support.kaspersky.com\/KESWin\/12.5\/tr-TR\/173854.htm\" target=\"_blank\" rel=\"noopener\">Antimalware Scan Interface (AMSI)<\/a> ile entegre olur.<\/p>\n<p>Uygulama izin listesi, Exchange g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131 istismar etmeye \u00e7al\u0131\u015fan sald\u0131rganlar\u0131 \u00f6nemli \u00f6l\u00e7\u00fcde engelleyebilir. Bu \u00f6zellik, en geli\u015fmi\u015f EPP \u00e7\u00f6z\u00fcmlerinde standart olarak sunulmaktad\u0131r. Ancak, bunu yerel Windows ara\u00e7lar\u0131yla uygulamak gerekirse, App Control for Business veya AppLocker arac\u0131l\u0131\u011f\u0131yla g\u00fcvenilmeyen uygulamalar\u0131 k\u0131s\u0131tlayabilirsiniz.<\/p>\n<p>\u00c7al\u0131\u015fanlar\u0131 ve makinelerini korumak i\u00e7in sunucu, posta trafi\u011fini filtrelemek \u00fczere <a href=\"https:\/\/www.kaspersky.com.tr\/small-to-medium-business-security\/mail-server?icid=tr_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder_______\" target=\"_blank\" rel=\"noopener\">Kaspersky Security for Mail Server<\/a> gibi bir \u00e7\u00f6z\u00fcm kullanmal\u0131d\u0131r. Bu, kullan\u0131ma haz\u0131r \u015firket i\u00e7i Exchange\u2019in sahip olmad\u0131\u011f\u0131 ara\u00e7larla ilgili bir\u00e7ok sorunu ele al\u0131r. SPF, DKIM ve DMARC ileti\u015fim kurallar\u0131 arac\u0131l\u0131\u011f\u0131yla g\u00f6nderen kimlik do\u011frulamas\u0131 veya geli\u015fmi\u015f spam ve hedefli kimlik av\u0131na kar\u015f\u0131 koruma \u00f6rnek olarak verilebilir.<\/p>\n<p>Herhangi bir nedenle sunucuya tam bir EDR kurulmam\u0131\u015fsa, en az\u0131ndan varsay\u0131lan antivir\u00fcs program\u0131n\u0131n etkinle\u015ftirilmesi ve <a href=\"https:\/\/learn.microsoft.com\/tr-tr\/defender-endpoint\/attack-surface-reduction-rules-reference\" target=\"_blank\" rel=\"noopener nofollow\">Attack Surface Reduction<\/a> (ASR) kural\u0131 olan \u201cSunucular i\u00e7in Webshell olu\u015fturmay\u0131 engelle\u201d se\u00e7ene\u011finin etkinle\u015ftirildi\u011finden emin olunmas\u0131 \u00e7ok \u00f6nemlidir.<\/p>\n<p>Varsay\u0131lan antivir\u00fcs yaz\u0131l\u0131m\u0131n\u0131 \u00e7al\u0131\u015ft\u0131r\u0131rken sunucu performans\u0131n\u0131n d\u00fc\u015fmesini \u00f6nlemek i\u00e7in Microsoft, belirli dosya ve klas\u00f6rleri taramalardan hari\u00e7 tutman\u0131z\u0131 <a href=\"https:\/\/learn.microsoft.com\/en-us\/exchange\/antispam-and-antimalware\/windows-antivirus-software\" target=\"_blank\" rel=\"noopener nofollow\">\u00f6nerir<\/a>.<\/p>\n<h2>Y\u00f6netimsel eri\u015fimi k\u0131s\u0131tlama<\/h2>\n<p>Sald\u0131rganlar genellikle Exchange Admin Center (EAC) ve PowerShell uzaktan eri\u015fimine izinsiz eri\u015fim sa\u011flayarak ayr\u0131cal\u0131klar\u0131n\u0131 art\u0131r\u0131rlar. En iyi uygulama, bu ara\u00e7lar\u0131n yaln\u0131zca sabit say\u0131da ayr\u0131cal\u0131kl\u0131 eri\u015fim i\u015f istasyonundan (PAW) eri\u015filebilir olmas\u0131n\u0131 gerektirir. Bu, Exchange sunucular\u0131ndaki g\u00fcvenlik duvar\u0131 kurallar\u0131 arac\u0131l\u0131\u011f\u0131yla veya g\u00fcvenlik duvar\u0131 kullan\u0131larak uygulanabilir. Exchange\u2019de yerle\u015fik olarak bulunan <a href=\"https:\/\/learn.microsoft.com\/en-us\/exchange\/clients\/client-access-rules\/client-access-rules\" target=\"_blank\" rel=\"noopener nofollow\">\u0130stemci Eri\u015fim Kurallar\u0131<\/a> da bu senaryoda s\u0131n\u0131rl\u0131 bir fayda sa\u011flayabilir, ancak PowerShell\u2019in k\u00f6t\u00fcye kullan\u0131m\u0131n\u0131 engelleyemez.<\/p>\n<h2>NTLM yerine Kerberos ve SMB\u2019yi benimsemek<\/h2>\n<p>Microsoft, eski a\u011f ve kimlik do\u011frulama ileti\u015fim kurallar\u0131n\u0131 kademeli olarak kullan\u0131mdan kald\u0131r\u0131yor. Modern Windows kurulumlar\u0131, SMBv1 ve NTLMv1\u2019i varsay\u0131lan olarak devre d\u0131\u015f\u0131 b\u0131rak\u0131r, gelecek s\u00fcr\u00fcmlerde de NTLMv2\u2019nin devre d\u0131\u015f\u0131 b\u0131rak\u0131lmas\u0131 planlanmaktad\u0131r. <a href=\"https:\/\/techcommunity.microsoft.com\/blog\/exchange\/exchange-server-roadmap-update\/4132742\" target=\"_blank\" rel=\"noopener nofollow\">Exchange SE CU1<\/a>\u2018den itibaren, NTLMv2, varsay\u0131lan kimlik do\u011frulama ileti\u015fim kural\u0131 olarak HTTP \u00fczerinden MAPI kullan\u0131larak uygulanan Kerberos ile de\u011fi\u015ftirilecektir.<\/p>\n<p>BT ve g\u00fcvenlik ekipleri, altyap\u0131lar\u0131ndaki eski ileti\u015fim kurallar\u0131 kullan\u0131m\u0131n\u0131 kapsaml\u0131 bir \u015fekilde denetlemeli, daha modern ve daha g\u00fcvenli kimlik do\u011frulama y\u00f6ntemlerine ge\u00e7i\u015f i\u00e7in bir plan geli\u015ftirmelidir.<\/p>\n<h2>Modern kimlik do\u011frulama y\u00f6ntemleri<\/h2>\n<p>Exchange 2019 CU13\u2019ten itibaren, istemciler sa\u011flam sunucu kimlik do\u011frulamas\u0131 i\u00e7in OAuth 2.0, MFA ve ADFS\u2019nin bir kombinasyonunu kullanabilmektedirler. Bu \u00e7er\u00e7eve, <a href=\"https:\/\/learn.microsoft.com\/en-us\/exchange\/plan-and-deploy\/post-installation-tasks\/enable-modern-auth-in-exchange-server-on-premises?view=exchserver-2019\" target=\"_blank\" rel=\"noopener nofollow\">Modern Authentication<\/a> (Modern Kimlik Do\u011frulama) veya k\u0131saca Modern Auth olarak bilinir. Bu \u015fekilde, kullan\u0131c\u0131lar ADFS arac\u0131l\u0131\u011f\u0131yla MFA\u2019y\u0131 ba\u015far\u0131yla tamamlad\u0131ktan sonra posta kutusuna eri\u015febilirler ve Exchange sunucusu ADFS sunucusundan ge\u00e7erli bir eri\u015fim belirteci al\u0131r. T\u00fcm kullan\u0131c\u0131lar Modern Auth\u2019a ge\u00e7i\u015f yapt\u0131ktan sonra, Exchange sunucusunda Temel kimlik do\u011frulama <a href=\"https:\/\/learn.microsoft.com\/en-us\/exchange\/plan-and-deploy\/post-installation-tasks\/disable-basic-authentication-on-exchange-server-virtual-directories\" target=\"_blank\" rel=\"noopener nofollow\">devre d\u0131\u015f\u0131 b\u0131rak\u0131lmal\u0131d\u0131r<\/a>.<\/p>\n<h2>Geni\u015fletilmi\u015f Koruma \u00d6zelli\u011fini Etkinle\u015ftirme<\/h2>\n<p><a href=\"https:\/\/learn.microsoft.com\/en-us\/exchange\/plan-and-deploy\/post-installation-tasks\/security-best-practices\/exchange-extended-protection?view=exchserver-2019\" target=\"_blank\" rel=\"noopener nofollow\">Geni\u015fletilmi\u015f Koruma<\/a> (EP), <a href=\"https:\/\/web.archive.org\/web\/20251010130732\/https:\/www.microsoft.com\/en-us\/msrc\/blog\/2024\/12\/mitigating-ntlm-relay-attacks-by-default\/\" target=\"_blank\" rel=\"noopener nofollow\">NTLM aktar\u0131m<\/a> sald\u0131r\u0131lar\u0131, Ortadaki Sald\u0131rgan ve benzeri tekniklere kar\u015f\u0131 savunma sa\u011flar. Kanal Ba\u011flama Belirteci (CBT) kullanarak TLS g\u00fcvenli\u011fini art\u0131r\u0131r. Bir sald\u0131rgan kimlik bilgilerini veya bir belirteci \u00e7ald\u0131\u011f\u0131nda ve bunlar\u0131 farkl\u0131 bir TLS oturumunda kullanmaya \u00e7al\u0131\u015ft\u0131\u011f\u0131nda, sunucu ba\u011flant\u0131y\u0131 sonland\u0131r\u0131r. EP\u2019yi etkinle\u015ftirmek i\u00e7in, t\u00fcm Exchange sunucular\u0131n\u0131n ayn\u0131 TLS s\u00fcr\u00fcm\u00fcn\u00fc kullanacak \u015fekilde yap\u0131land\u0131r\u0131lmas\u0131 gerekir.<\/p>\n<p>Geni\u015fletilmi\u015f Koruma, Exchange 2019 CU14 ile ba\u015flayan yeni sunucu kurulumlar\u0131nda varsay\u0131lan olarak etkindir.<\/p>\n<h2>G\u00fcvenli TLS s\u00fcr\u00fcmleri<\/h2>\n<p>T\u00fcm Exchange sunucular\u0131 dahil olmak \u00fczere t\u00fcm sunucu altyap\u0131s\u0131, ayn\u0131 TLS s\u00fcr\u00fcm\u00fcn\u00fc kullanacak \u015fekilde yap\u0131land\u0131r\u0131lmal\u0131d\u0131r: 1.2 veya ideal olarak 1.3. Microsoft, optimum yap\u0131land\u0131rma ve gerekli \u00f6n ko\u015ful kontrolleri hakk\u0131nda <a href=\"https:\/\/learn.microsoft.com\/en-us\/exchange\/plan-and-deploy\/post-installation-tasks\/security-best-practices\/exchange-tls-configuration\" target=\"_blank\" rel=\"noopener nofollow\">ayr\u0131nt\u0131l\u0131 bir k\u0131lavuz<\/a> sa\u011flar. Bu ayarlar\u0131n do\u011frulu\u011funu ve tutarl\u0131l\u0131\u011f\u0131n\u0131 kontrol etmek i\u00e7in <a href=\"https:\/\/microsoft.github.io\/CSS-Exchange\/Diagnostics\/HealthChecker\/TLSConfigurationCheck\/\" target=\"_blank\" rel=\"noopener nofollow\">Health Checker<\/a> komut dosyas\u0131n\u0131 kullanabilirsiniz.<\/p>\n<h2>HSTS<\/h2>\n<p>T\u00fcm ba\u011flant\u0131lar\u0131n TLS ile korunmas\u0131n\u0131 sa\u011flamak i\u00e7in, ek olarak HTTP Strict Transport Security (HSTS) yap\u0131land\u0131rman\u0131z gerekir. Bu, belirli AitM sald\u0131r\u0131lar\u0131n\u0131 \u00f6nlemeye yard\u0131mc\u0131 olur. <a href=\"https:\/\/learn.microsoft.com\/en-us\/exchange\/plan-and-deploy\/post-installation-tasks\/security-best-practices\/configure-http-strict-transport-security-in-exchange-server\" target=\"_blank\" rel=\"noopener nofollow\">Microsoft taraf\u0131ndan \u00f6nerilen<\/a> Exchange Server yap\u0131land\u0131rma de\u011fi\u015fikliklerini uygulad\u0131ktan sonra, web \u00fczerinde Outlook (OWA) ve EAC\u2019ye yap\u0131lan t\u00fcm ba\u011flant\u0131lar \u015fifreleme kullanmaya zorlanacakt\u0131r.<\/p>\n<h2>\u0130ndirme etki alanlar\u0131<\/h2>\n<p><a href=\"https:\/\/learn.microsoft.com\/en-us\/exchange\/plan-and-deploy\/post-installation-tasks\/security-best-practices\/exchange-download-domains\" target=\"_blank\" rel=\"noopener nofollow\">\u0130ndirme Etki Alanlar\u0131<\/a> \u00f6zelli\u011fi, ek indirmelerini kurulu\u015fun web \u00fczerindeki Outlook\u2019unu bar\u0131nd\u0131ran etki alan\u0131 d\u0131\u015f\u0131ndaki bir etki alan\u0131na ta\u015f\u0131yarak belirli \u00e7apraz site istek sahtecili\u011fi sald\u0131r\u0131lar\u0131na ve \u00e7erez h\u0131rs\u0131zl\u0131\u011f\u0131na kar\u015f\u0131 koruma sa\u011flar. Bu, kullan\u0131c\u0131 aray\u00fcz\u00fc ve mesaj listesinin y\u00fcklenmesini dosya eklerinin indirilmesinden ay\u0131r\u0131r.<\/p>\n<h2>Rol tabanl\u0131 y\u00f6netim modeli<\/h2>\n<p>Exchange Server, ayr\u0131cal\u0131kl\u0131 kullan\u0131c\u0131lar ve y\u00f6neticiler i\u00e7in Rol Tabanl\u0131 Eri\u015fim Kontrol\u00fc (RBAC) modelini uygular. CISA, AD y\u00f6netici ayr\u0131cal\u0131klar\u0131na sahip hesaplar\u0131n genellikle Exchange\u2019i y\u00f6netmek i\u00e7in de kullan\u0131ld\u0131\u011f\u0131n\u0131 belirtmektedir. Bu yap\u0131land\u0131rmada, Exchange sunucusunun g\u00fcvenli\u011fi ihlal edildi\u011finde, t\u00fcm etki alan\u0131 g\u00fcvenli\u011fi de hemen ihlal edilmi\u015f olur. Bu nedenle, Exchange y\u00f6netimini di\u011fer y\u00f6netim ayr\u0131cal\u0131klar\u0131ndan ay\u0131rmak i\u00e7in <a href=\"https:\/\/learn.microsoft.com\/en-us\/exchange\/permissions\/split-permissions\/configure-exchange-for-split-permissions?view=exchserver-2019\" target=\"_blank\" rel=\"noopener nofollow\">b\u00f6l\u00fcnm\u00fc\u015f izinler<\/a> ve RBAC kullanmak \u00e7ok \u00f6nemlidir. Bu, \u00e7ok fazla ayr\u0131cal\u0131\u011fa sahip kullan\u0131c\u0131 ve y\u00f6netici say\u0131s\u0131n\u0131 azalt\u0131r.<\/p>\n<h2>PowerShell ak\u0131\u015f imzalamas\u0131<\/h2>\n<p>Y\u00f6neticiler, Exchange Management Shell (EMS) arac\u0131l\u0131\u011f\u0131yla ayarlar\u0131 de\u011fi\u015ftirmek ve Exchange sunucular\u0131n\u0131 y\u00f6netmek i\u00e7in cmdlet olarak bilinen PowerShell komut dosyalar\u0131n\u0131 s\u0131kl\u0131kla kullan\u0131rlar. Uzak PowerShell eri\u015fimi ideal olarak devre d\u0131\u015f\u0131 b\u0131rak\u0131lmal\u0131d\u0131r. Etkinle\u015ftirildi\u011finde, sunucuya g\u00f6nderilen komut veri ak\u0131\u015flar\u0131 <a href=\"https:\/\/learn.microsoft.com\/en-us\/exchange\/plan-and-deploy\/post-installation-tasks\/security-best-practices\/exchange-serialization-payload-sign?view=exchserver-2019\" target=\"_blank\" rel=\"noopener nofollow\">sertifikalarla<\/a> korunmal\u0131d\u0131r. Kas\u0131m 2023 itibar\u0131yla, bu ayar Exchange 2013, 2016 ve 2019 i\u00e7in varsay\u0131lan olarak etkindir.<\/p>\n<h2>Posta ba\u015fl\u0131klar\u0131n\u0131n korunmas\u0131<\/h2>\n<p>Kas\u0131m 2024\u2019te Microsoft, P2 FROM posta ba\u015fl\u0131klar\u0131n\u0131n sahtecili\u011fini i\u00e7eren sald\u0131r\u0131lara kar\u015f\u0131 geli\u015fmi\u015f koruma \u00f6zelli\u011fini tan\u0131tt\u0131. Bu \u00f6zellik, e-postalar\u0131n kurbanlara g\u00fcvenilir bir g\u00f6ndericiden g\u00f6nderilmi\u015f gibi g\u00f6r\u00fcnmesini sa\u011fl\u0131yordu. Yeni tespit kurallar\u0131, bu ba\u015fl\u0131klar\u0131n muhtemelen de\u011fi\u015ftirilmi\u015f oldu\u011fu e-postalar\u0131 art\u0131k i\u015faretliyor. Y\u00f6neticiler bu korumay\u0131 <a href=\"https:\/\/learn.microsoft.com\/en-us\/exchange\/plan-and-deploy\/post-installation-tasks\/security-best-practices\/exchange-non-compliant-p2from-detection?view=exchserver-2019\" target=\"_blank\" rel=\"noopener nofollow\">devre d\u0131\u015f\u0131 b\u0131rakmamal\u0131<\/a> ve X-MS-Exchange-P2FromRegexMatch ba\u015fl\u0131\u011f\u0131n\u0131 ta\u015f\u0131yan \u015f\u00fcpheli e-postalar\u0131 daha ayr\u0131nt\u0131l\u0131 analiz i\u00e7in g\u00fcvenlik uzmanlar\u0131na iletmelidir.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kesb-trial-leadgen\">\n","protected":false},"excerpt":{"rendered":"<p>Kurulu\u015funuzun posta sunucular\u0131na y\u00f6nelik hedefli sald\u0131r\u0131lar\u0131n risklerini azaltman\u0131n yollar\u0131n\u0131 a\u00e7\u0131kl\u0131yoruz.<\/p>\n","protected":false},"author":2722,"featured_media":14097,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1284],"tags":[2019,2829,1921,790,618,519,1274,1074,38,537],"class_list":{"0":"post-14096","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-tips","8":"tag-bec","9":"tag-degisim","10":"tag-e-posta","11":"tag-guvenlik-aciklari","12":"tag-hedefli-saldirilar","13":"tag-ipuclari-2","14":"tag-is","15":"tag-kimlik-avi","16":"tag-microsoft","17":"tag-tehditler"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/exchange-se-hardening-2026\/14096\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/exchange-se-hardening-2026\/29882\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/exchange-se-hardening-2026\/24962\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/exchange-se-hardening-2026\/29769\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/exchange-se-hardening-2026\/28827\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/exchange-se-hardening-2026\/31718\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/exchange-se-hardening-2026\/30373\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/exchange-se-hardening-2026\/40949\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/exchange-se-hardening-2026\/54835\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/exchange-se-hardening-2026\/23455\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/exchange-se-hardening-2026\/32989\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/exchange-se-hardening-2026\/35691\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/exchange-se-hardening-2026\/35319\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/e-posta\/","name":"e-posta"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/14096","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/2722"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=14096"}],"version-history":[{"count":3,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/14096\/revisions"}],"predecessor-version":[{"id":14099,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/14096\/revisions\/14099"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/14097"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=14096"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=14096"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=14096"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}