SphereShield’s Tarpit Solution for User Enumeration
To learn about the User Enumeration attack, read our post –> Click Here SphereShield’s Tarpit
SphereShield’s Tarpit feature for Skype for Business protects against enumeration attacks directed at exposed authentication services, such as the Webticket NTLM authentication interface as well as SOAP and OAuth interfaces that Skype for Business exposes externally.
Additionally, Skype for Business’s Lyncdiscover service, which is unauthenticated, is also protected.
SphereShield’s Tarpit delays failed authentication attempts and other relevant communication to prevent server response times from revealing whether the username sent exists or not.
The Tarpit can be fine-tuned by system admins to correspond with real-world delay times in the Skype for Business on-prem environment.
The user experience of users with correct credentials remains unaffected when activating this feature.
Additional Protection
SphereShield’s existing “SphereShield Credentials” feature continues to provide blanket protection against user enumeration attacks and many other potential vulnerabilities. Deployments using SphereShield Credentials don’t expose Windows Authentication interfaces to the internet.
Organizations using SphereShield Credentials have their users create a dedicated Skype for Business password which is different from their AD password and only used to connect externally to Skype for Business from Mobile and external Windows clients.
Customers already using SphereShield Credentials are already protected against user enumeration attacks and don’t need to activate this feature.
Skip to the content 
