AGAT

CONTACT US
CONTACT US

Tag: Exchange Web Services

Categories
Microsoft Lync Mobile Security Skype for Business SkypeShield Two Factor Authentication Uncategorized

Protecting EWS while publishing Skype for Business

Using Skype for Business (Lync), the client interacts with the Exchange server to obtain meeting information. In order to implement this connection, the deployment of Skype for Business requires Exchange Web Services (EWS) published externally to the world.

This exposes the client to several threats:

  • The deployment of EWS includes an authentication service, thus exposing the network to account lockout in case of a DDoS attack.
  • The EWS service allows for retrieving events, mails and attachments, tasks and contacts. Therefore, once exposed, all the Exchange data is also exposed.

So, for example, users using Outlook Web Access (OWA) have access to their full mail data, creating the risk that an attacker with valid AD credentials will also obtain access to the users’ organizations’ mail by using this services.

To minimize this risk, SkypeShield blocks any request for information that arrives from a device that is not registered, and adds a Two Factor Authentication (TFA) layer for the Exchange.

SkypeShield is based on a Two Factor Authentication using the client’s password and device. Thus, unauthorized use of the user’s credentials will not be sufficient to connect to Lync or Exchange without having access to the device itself. This also allows for restricting the usage of these services to approved or registered devices only.

Categories
Skype for Business SkypeShield Two Factor Authentication Uncategorized

Keep your corporate email safe while publishing Skype for Business

Skype for Business (Lync) is gaining popularity among organizations that wish to benefit from high-quality communication within the corporation.

These organizations should realize, however, that as part of the Skype for Business deployment, Exchange Web Services (EWS) are required to be published externally in order to allow meeting information to be available to the Skype for Business client. This carries the risk of enabling a potential attacker to obtain access to all of the Exchange’s resources including emails, attachments and contacts.

These risks are divided into two categories:

  • The EWS service allows for retrieving events, mails and attachments, tasks and contacts. Therefore, once exposed, all the Exchange data is also exposed.
  • The deployment of EWS requires authentication, thus exposing the network to account lockout in case of a DDoS attack.

SkypeShield has identified these risks and has eliminated them, blocking any information requests arriving from unregistered devices and adding a Two Factor Authentication (TFA) layer for the Exchange.

The solution is based on a Two Factor Authentication process, which requires for the authentication to have both the user’s password and device. The result is that unauthorized usage of the user’s credentials is not sufficient to connect to Skype for Business or Exchange without having access to the device itself.

Get a free trial

Sign-up for a free trial and demo with an AGAT expert

    Select your service

    For support please login to our support portal

    Get in touch

    Har-Hotzvim Hi-Tech Park, Jerusalem, Israel

    +972-2-579-9123

    info@agatsoftware.com

    Facebook Twitter Youtube Linkedin

    Compliance

    Ethical Wall

    Real Time DLP

    Archive & eDiscovery

    Recording AI Compliance Analysis

    Productivity

    AI Meeting Assistant

    Channel Management

    AI Sentiment Analysis

    Privacy Policy

    Terms and Conditions

    Resources​

    Company overview

    Partners

    Careers

    Blog

    Contact

    © 2013-2023 AGAT ALL RIGHTS RESERVED