AGAT

CONTACT US
CONTACT US

Category: Skype for Business

Categories
How To Microsoft Lync Mobile Security Skype for Business SkypeShield Two Factor Authentication

How to safely connect to Skype for Business using RSA security token

SkypeShield offers innovative security solution that allows users of RSA SecurityID and other secure tokens to safely connect to their organization’s Skype for Business server without using their  Active Directory (AD) credentials.

SkypeShield’s solution adds another secured authentication option, enabling strong mobile and external Skype for Business authentication for organizations with a network policy that requires Hardware One Time Password (OTP) or Two Factor Authentication (TFA).

Organizations that use OTP tokens, such as RSA SecurID Authenticator device, have a problem using them in conjunction with Skype for Business. The new solution enables therefore both mobile and desktop users to connect to Skype for Business using their RSA token while avoiding the usage of AD credentials and implementing TFA.

Moreover, SkypeShield can require the user to register in a self-service portal to further add security to the authentication process and make sure only registered devices can connect.

The device registration process is completed once and the user uses his RSA token to authenticate and enable Skype for Business connectivity thereafter.

“The market for security tokens is constantly growing, requiring organizations, that use Skype for Business to look for new security solutions,” said Guy Eldan, CEO of AGAT Software which developed SkypeShield. “After we launched a special solution for smart card mobile authentication, it was only natural to add another special solution for security tokens.”

SkypeShield’s solution does not require setting Active Directory Federation Services (ADFS) and offers a complete user experience including both Skype for Business & Exchange information, which can be safely used from the external device.

It also addresses account lockout protection and other TFA software solutions for external Skype for Business clients.

A recent survey by research company Frost & Sullivan indicated that the global OTP market is growing at an annual rate of 7.5 percent and is expected to reach $1.2 billion by 2017.

Categories
Microsoft Lync Mobile Security Skype for Business SkypeShield Two Factor Authentication Uncategorized

Protecting EWS while publishing Skype for Business

Using Skype for Business (Lync), the client interacts with the Exchange server to obtain meeting information. In order to implement this connection, the deployment of Skype for Business requires Exchange Web Services (EWS) published externally to the world.

This exposes the client to several threats:

  • The deployment of EWS includes an authentication service, thus exposing the network to account lockout in case of a DDoS attack.
  • The EWS service allows for retrieving events, mails and attachments, tasks and contacts. Therefore, once exposed, all the Exchange data is also exposed.

So, for example, users using Outlook Web Access (OWA) have access to their full mail data, creating the risk that an attacker with valid AD credentials will also obtain access to the users’ organizations’ mail by using this services.

To minimize this risk, SkypeShield blocks any request for information that arrives from a device that is not registered, and adds a Two Factor Authentication (TFA) layer for the Exchange.

SkypeShield is based on a Two Factor Authentication using the client’s password and device. Thus, unauthorized use of the user’s credentials will not be sufficient to connect to Lync or Exchange without having access to the device itself. This also allows for restricting the usage of these services to approved or registered devices only.

Categories
Skype for Business SkypeShield Uncategorized

Skype for Business: How to protect against account lockout through ADFS

SkypeShield has released an innovative ADFS (Active Directory Federation Services) Protector for safe Skype for Business (SfB) deployment.

The ADFS solution, which uses a unified monitoring and prevention mechanism, blocks DDoS attacks causing Active Directory network account lockout.

The security component protects against account lockout attacks coming through ADFS authentication channels by monitoring the traffic to the ADFS server. It sanitizes and blocks (in the DMZ) failed login attempts to the Active Directory, while allowing valid users to continue working seamlessly.

“As a growing number of companies move online, the usage of ADFS is growing accordingly and companies are seeking to handle DDoS attacks, which cause account lockouts,” says Yoav Crombie, Product Manager at AGAT Software, which developed SkypeShield. “Our solution resolves the problem entirely. By using our ADFS Protector, companies can manage their identities on premise in their Active Directory, while taking advantage of online services such as Skype for Business and Exchange.”

The new ADFS Protector offers the following advantages:

  • Prevents account lockout while using ADFS
  • Provides generic protection covering all Office 365 services and custom application using ADFS
  • Supports Azure AD connect
  • Allows unified monitoring of ADFS and Active directory services
  • Provides monitoring tools with extended info

SkypeShiled’s solution minimizes the load on the Active Directory and improves security by configuring a whitelist pattern of authentication requests, filtering the requests in the DMZ and enabling valid requests to enter the network.

ADFS protector addresses scenarios that other generic solution fail to handle, including the ADFS Extranet Lockout feature of Win 2012 R2.

The ADFS Protector supports hybrid and online deployments of any services using ADFS authentication such as Office 365, Skype for Business and Microsoft Exchange.

Get a free trial

Sign-up for a free trial and demo with an AGAT expert

    Select your service

    For support please login to our support portal

    Get in touch

    Har-Hotzvim Hi-Tech Park, Jerusalem, Israel

    +972-2-579-9123

    info@agatsoftware.com

    Facebook Twitter Youtube Linkedin

    Compliance

    Ethical Wall

    Real Time DLP

    Archive & eDiscovery

    Recording AI Compliance Analysis

    Productivity

    AI Meeting Assistant

    Channel Management

    AI Sentiment Analysis

    Privacy Policy

    Terms and Conditions

    Resources​

    Company overview

    Partners

    Careers

    Blog

    Contact

    © 2013-2023 AGAT ALL RIGHTS RESERVED