AGAT

CONTACT US
CONTACT US

Tag: Account lockout

Categories
ADFS Skype for Business SkypeShield

New security vulnerabilities exposed in Microsoft ADFS

Tests carried out on a number of large organizations using Microsoft’s ADFS (Active Directory Federation Services) for SSO (single sign on) to cloud or third party services such as Office 365, Skype for Business (Lync) Online or Salesforce revealed that they expose their corporate networks to account lockout threats.

Testing conclusively demonstrated that companies using ADFS for authentication are vulnerable to threats caused by the external exposure of authentication services.

The tests by AGAT Software demonstrated the ability of hackers to lock Active Directory network user accounts, which were believed to be protected. Only knowledge of the username was required, which is typically easy to guess or to find out.

The tests revealed that attackers can lock accounts through ADFS even when the ADFS Extranet Lockout feature of Windows 2012 is deployed to protect ADFS.

A successful attack can cause significant business damage by preventing the user from logging into the network and from performing any type of work. Even resources not requiring ADFS are affected. This attack vector can be abused as part of a wider DDoS attack, halting all the company’s activities by locking all of the domain network users.

Beyond protecting ADFS, AGAT also offers a unified defense solution for protecting Skype for Business against account lockout. The Skype for Business topology creates challenges that are hard to address using generic solutions due to the multiple protocols, channels and methods used by a plethora of supported clients.

In order to raise awareness of the vulnerabilities that ADFS and Skype for Business deployments cause, AGAT Software is now offering a free test to companies wishing to validate that their network accounts are protected against account lockout for both ADFS deployments and Skype for Business on-premise deployments.

Categories
Skype for Business SkypeShield Uncategorized

Skype for Business: How to protect against account lockout through ADFS

SkypeShield has released an innovative ADFS (Active Directory Federation Services) Protector for safe Skype for Business (SfB) deployment.

The ADFS solution, which uses a unified monitoring and prevention mechanism, blocks DDoS attacks causing Active Directory network account lockout.

The security component protects against account lockout attacks coming through ADFS authentication channels by monitoring the traffic to the ADFS server. It sanitizes and blocks (in the DMZ) failed login attempts to the Active Directory, while allowing valid users to continue working seamlessly.

“As a growing number of companies move online, the usage of ADFS is growing accordingly and companies are seeking to handle DDoS attacks, which cause account lockouts,” says Yoav Crombie, Product Manager at AGAT Software, which developed SkypeShield. “Our solution resolves the problem entirely. By using our ADFS Protector, companies can manage their identities on premise in their Active Directory, while taking advantage of online services such as Skype for Business and Exchange.”

The new ADFS Protector offers the following advantages:

  • Prevents account lockout while using ADFS
  • Provides generic protection covering all Office 365 services and custom application using ADFS
  • Supports Azure AD connect
  • Allows unified monitoring of ADFS and Active directory services
  • Provides monitoring tools with extended info

SkypeShiled’s solution minimizes the load on the Active Directory and improves security by configuring a whitelist pattern of authentication requests, filtering the requests in the DMZ and enabling valid requests to enter the network.

ADFS protector addresses scenarios that other generic solution fail to handle, including the ADFS Extranet Lockout feature of Win 2012 R2.

The ADFS Protector supports hybrid and online deployments of any services using ADFS authentication such as Office 365, Skype for Business and Microsoft Exchange.

Categories
LyncShield Microsoft Lync Uncategorized

New enterprise solution secures external access for Lync from laptop and desktop

LyncShield has added new security features protecting the users of external devices who wish to use Microsoft Lync from outside the organization.

Following the addition of the new features, users can now safely connect to Lync servers from smartphones, tablets, laptops, desktop PCs and any other external device outside the organization. The advanced security solution prevents unauthorized devices from penetrating the corporate network and protects the Active Directory (AD).

“Following the introduction of our solutions for secure mobile Lync connectivity, customers asked us to develop a similar solution for external devices,” said Guy Eldan, CEO of AGAT Software Solutions, which developed LyncShield. “We are now offering the ideal security suit for any organization looking to allow its workers to connect to its Lync client, regardless of where they are and which device they are using.”

The latest release offers an identical security solution for both mobile and external devices in terms of functionality and user experience, allowing hydride deployment to be securely deployed.

LyncShield now offers the following enterprise security features:

  • Active Directory credentials protection – defining dedicated credentials that are different from the Active Directory credentials to minimize damage and risk in case of a stolen or lost device, or if the credentials are hacked.
  • Two factor authentication – by matching the device and user, the organization can limit users to using only corporate devices or specific devices that meet the company’s security requirements.
  • Account lockout protection – preventing account lockout for organizations that wish to safely connect computers from outside the corporate network to their Lync edge access control server.
  • Reverse proxy Lync publishing – scalable, event-driven and secure reverse proxy alternative for Microsoft Forefront Threat Management Gateway (TMG) to publish Lync.

Get a free trial

Sign-up for a free trial and demo with an AGAT expert

    Select your service

    For support please login to our support portal

    Get in touch

    Har-Hotzvim Hi-Tech Park, Jerusalem, Israel

    +972-2-579-9123

    info@agatsoftware.com

    Facebook Twitter Youtube Linkedin

    Compliance

    Ethical Wall

    Real Time DLP

    Archive & eDiscovery

    Recording AI Compliance Analysis

    Productivity

    AI Meeting Assistant

    Channel Management

    AI Sentiment Analysis

    Privacy Policy

    Terms and Conditions

    Resources​

    Company overview

    Partners

    Careers

    Blog

    Contact

    © 2013-2023 AGAT ALL RIGHTS RESERVED