How Ethical Wall can be used to control external meeting communications in Microsoft Teams One of the issues that businesses are now facing is blocking sensitive corporate information from being released and complying with regulations in business policies while internal users join a meeting hosted externally with people from outside their organization. How can SphereShield […]
Keep your corporate email safe while publishing Skype for Business
Skype for Business (Lync) is gaining popularity among organizations that wish to benefit from high-quality communication within the corporation.
These organizations should realize, however, that as part of the Skype for Business deployment, Exchange Web Services (EWS) are required to be published externally in order to allow meeting information to be available to the Skype for Business client. This carries the risk of enabling a potential attacker to obtain access to all of the Exchange’s resources including emails, attachments and contacts.
These risks are divided into two categories:
- The EWS service allows for retrieving events, mails and attachments, tasks and contacts. Therefore, once exposed, all the Exchange data is also exposed.
- The deployment of EWS requires authentication, thus exposing the network to account lockout in case of a DDoS attack.
SkypeShield has identified these risks and has eliminated them, blocking any information requests arriving from unregistered devices and adding a Two Factor Authentication (TFA) layer for the Exchange.
The solution is based on a Two Factor Authentication process, which requires for the authentication to have both the user’s password and device. The result is that unauthorized usage of the user’s credentials is not sufficient to connect to Skype for Business or Exchange without having access to the device itself.