Microsoft Exchange Server 2013 brings the entire Management of Exchange Server to the browser which in some cases can be risky and expose the server to risks from outside the intranet.
In Exchange Server 2013 this risk can be minimized by blocking access to the EAC via the internet and only allowing access via the intranet.
To turn off the EAC via the internet open the Exchange Management Shell and use the following cmdlet:
Set-ECPVirtualDirectory -Identity “EXC01\ecp (default web site)” -AdminEnabled $false
The cmdlet block access to the ECP directory on the CAS server that is exposed to the internet.
If you have more than one CAS server exposed to the internet run the cmdlet with the other servers.