Skip to the content SkypeShield, an innovative enterprise solution that secures Skype for Business (Lync) access and authentication while connecting devices (mobiles and desktops) to the corporate network, has developed a new application firewall solution for securing guest and anonymous requests when entering corporate networks.
The need for the new solution arose because, as part of the Skype for Business (Lync) topology, requests are sent anonymously to the front server in the corporate network without being authenticated or inspected. Once allowed, these requests, which might contain malicious code, can pass through DMZ firewalls with no control.
The application firewall has the following security layers:
“Common attacks take advantage of network protocol vulnerabilities to execute operations that are not approved by design. Some of these techniques generate or modify valid requests with data that look valid, but maliciously alter the server’s behavior. An example of a common concern handled by the firewall is blocking non-valid meeting ID in the DMZ,” said Guy Eldan, CEO of AGAT Software, which developed SkypeShield.
“SkypeShield’s new Application Firewall offers the best available solution for such security vulnerabilities by intercepting all anonymous Skype for Business traffic in the DMZ and validating them before allowing them to enter the domain network,” he added.
In order to ensure that no malicious code is injected into a request, SkypeShield passes each request through multiple security inspections and validation channels. By doing so, the risk of most protocol and application level attacks is eliminated, as the original request is not allowed to enter the domain.
The application firewall also includes a new pre-authentication module inspecting authenticated requests in the DMZ based on device validation before any traffic is allowed to enter the domain including the authentication request itself.
