INTEGRATIONS

DLP/Threat
Prevention

Task
Management

Recording

MDM/UEM

Home / Edge Access Control for Skype-for-Business

EDGE ACCESS CONTROL FOR SKYPE-FOR-BUSINESS

Skype for Business Edge Access Control is an innovative solution preventing account lockout for organizations that wish to safely connect computers from outside the corporate network to their Skype for Business server.
Background
Connecting computers and mobile devices to Edge servers from outside exposes the network to serious risks.

While the main threat is to mobile devices as they are less controlled, connecting desktops, and especially laptops, to Skype for Business services is also risky because this requires access to the Active Directory (AD) and exposes the organization to account lockout issues.
Account lockout
Account lockout might be the result of:

· The user changing the Active Directory password, but not changing his computer settings

· The username (without the password) being obtained by a hacker who tried to log in several times

· The system becoming the target of DDoS, Dos and brute force attacks. Such attacks can result in an unavailable network and cause significant business damage
Non-mobile authentication options
Skype for Business Edge server offers both NTLM and certificate-based authentication (TLS-DSK). This is particularly useful for organizations which fear the usage of credentials that are passing through the Web while using NTLM authentication.

While using certificate authentication, the Skype for Business client requests a certificate on the first authentication request made with the user’s corporate credentials (Kerberos). Once a certificate is set for the client, it is subsequently used for the ongoing authentication process.
Solution for account lockout
Skype for Business Edge Access Control eliminates these threats by blocking failed attempts at the Edge server side before they reach the Active Directory.

This is done by configuring a block-failed login policy that blocks attack attempts from reaching the Active Directory. The policy includes a limited number of allowed failed attempts within a defined period.
Solution for certificate authentication
By using Skype for Business Edge Access Control, the authentication can be configured to block NTLM and force the certificate authentication, thus achieving a Two Factor Authentication (2FA) process for desktops/laptops outside the corporate network.
Highlights
· Prevent connecting unauthorized devices which carry corporate credentials
· Matching the device and user
· Two step strong verification
· Avoid connection to Skype for Business servers by hackers and other unauthorized users

Get a Free Trial

Sign-up for a free trial and demo with a SphereShield expert

For support please login to our support portal.

AGAT

ABOUT US

AGAT is an innovative software provider specializing in security and compliance solutions. AGAT’s award-winning flagship product - SphereShield, is a leading solution providing control of data and activities for Unified Communication (UC) & Collaboration services.
SphereShield AI RegTech capabilities analyze messages, files, audio and video for policy enforcement required by regulations such as FINRA, GDPR, HIPAA & MiFID II. It enables real-time content inspection addressing Data Leak Prevention (DLP), Ethical Wall as well as Anti Malware and eDiscovery requirements. SphereShield’s  conditional access capabilities and AI-based risk engine features add significant security improvements to on-prem or cloud UC service.

© 2013-2023 AGAT ALL RIGHTS RESERVED

NEWSLETTER  SIGN-UP


linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram