Author: Yoav

Categories
Skype for Business LyncShield Microsoft Lync Two Factor Authentication UC Solutions

SkypeShield presented new Skype for Business security solutions at Microsoft’s partner meeting in Hong Kong

SkypeShield has presented a complete security suit for safely connecting to corporate Skype for Business (Lync) servers from mobile and external devices at the upcoming Microsoft partner meeting Channel Kick-off 2015, which took place in Hong Kong on September 11, 2011.

SkypeShield’s solutions had been presented at the event by Continuous Technologies, which has recently become SkypeShield’s distributer in Hong Kong.

At the Microsoft event, SkypeShield showcased solutions to protect the organization’s Active Directory, Skype for Business and Exchange infrastructure. Among others, the company presented new security solutions including:

  • Network protection – Protect against account lockout in DDoS attack.
  • Two Factor Authentication – TFA by requiring the device as the second factor in addition to credentials to Lync & Exchange (EWS). Optionally can require three factor based on VPN access / certificate.
  • Device Access Control – Restrict the usage of Skype for Business & Exchange only to registered devices. Solution can limit usage to corporate or managed devices (with MDM) or control BYOD deployment.
  • Active Directory credentials protection – Avoid using and storing AD credentials on device by defining dedicated Skype for Business credentials or using RSA tokens.

Established in 1989 and headquartered in Hong Kong with offices in Beijing, Shanghai, Guangzhou and Nanjing, Continuous Technologies is a Microsoft Gold Communications Partner. With more than 20 years of implementation experience across multiple industries, Continuous Technologies are experts in customer interaction systems with a proven track record in implementing Skype for Business.

The Channel Kick-off 2015 was aimed at showing Microsoft partners the latest technology and innovation. Local partners, IT community leaders and Microsoft executives attended the event.

Categories
Skype for Business SkypeShield Two Factor Authentication UC Solutions

Keep your corporate email safe while publishing Skype for Business

Skype for Business (Lync) is gaining popularity among organizations that wish to benefit from high-quality communication within the corporation.

These organizations should realize, however, that as part of the Skype for Business deployment, Exchange Web Services (EWS) are required to be published externally in order to allow meeting information to be available to the Skype for Business client. This carries the risk of enabling a potential attacker to obtain access to all of the Exchange’s resources including emails, attachments and contacts.

These risks are divided into two categories:

  • The EWS service allows for retrieving events, mails and attachments, tasks and contacts. Therefore, once exposed, all the Exchange data is also exposed.
  • The deployment of EWS requires authentication, thus exposing the network to account lockout in case of a DDoS attack.

SkypeShield has identified these risks and has eliminated them, blocking any information requests arriving from unregistered devices and adding a Two Factor Authentication (TFA) layer for the Exchange.

The solution is based on a Two Factor Authentication process, which requires for the authentication to have both the user’s password and device. The result is that unauthorized usage of the user’s credentials is not sufficient to connect to Skype for Business or Exchange without having access to the device itself.

Categories
Skype for Business SkypeShield Two Factor Authentication UC Solutions

How to limit Skype for Business usage only to devices with MDM?

­One of the main security challenges many organizations using Skype for Business (Lync) are facing is the need to restrict workers to using Skype for Business on managed devices only.

Many enterprises require that Skype for Business access would be limited to managed devices with installed corporate Mobile Device Management (MDM) software only. These organizations want to verify that these devices meet the company’s security requirements and that using Active Directory (AD) credentials for Skype for Business is only done from a device that is compatible with the company’s security policy.

To meet this challenge, SkypeShield offered an approach based on certificate enrollment. However, based on customer feedbacks the company has decided to extend the solution with the new innovative approach of MDM Binding solution. SkypeShield now offers a suite that can fit all needs to limit Skype for Business usage only to devices with MDM installed.

The new solution is compatible with leading MDM vendors including AirWatch, MobileIron, IBM MaaS360, Good Technology and XenMobile.

SkypeShield’s solution offers several deployment approaches to fit the specific MDM implementation. It can be implemented based on one of the following MDM capabilities:

  • Certificate enrollment
  • VPN access control
  • Mobile Application Management (MAM)

It should be noted, that Implementation based on MAM capabilities requires using SkypeShield’s mobile app for Skype for Business usage. In this case, SkypeShield’s server expects to obtain an encrypted background handshake request from the mobile app once the Skype for Business client starts. As a result, only devices with the SkypeShield app can connect to corporate Skype for Business servers.

By implementing the new solution, corporate clients can benefit from Multifactor Authentication by adding two additional factors besides the password. The solution offers a high security level by preventing authentication in case of Man ­in­ the­ Middle (MITM) attacks.

Linkedin Facebook Youtube X-twitter

Sign up to get the latest AGAT News.