BOOK MEETING
CONTACT US
Categories
Uncategorized Microsoft Lync Skype for Business SkypeShield

New application firewall security solution for Skype for Business

SkypeShield has launched a new application firewall solution for securing guest and anonymous requests when entering corporate networks.

The need for the new solution arose because, as part of the Skype for Business (Lync) topology, requests are sent anonymously to the front server in the corporate network without being authenticated or inspected. Once allowed, these requests, which might contain malicious code, can pass through DMZ firewalls with no control.

The application firewall has the following security layers:

  • Request rewrite – session termination in the DMZ and rewrite of the request that is sent to the domain
  • Protocol level sanitization – inspecting the traffic to validate the structure of the traffic as expected by the protocol
  • Application level inspection – validating that the data content matches what is expected by the server
  • Device pre-authentication – performing device validation before allowing any request to enter the domain

“Common attacks take advantage of network protocol vulnerabilities to execute operations that are not approved by design. Some of these techniques generate or modify valid requests with data that look valid, but maliciously alter the server’s behavior. An example of a common concern handled by the firewall is blocking non-valid meeting ID in the DMZ,” said Guy Eldan, CEO of AGAT Software, which developed SkypeShield.

“SkypeShield’s new Application Firewall offers the best available solution for such security vulnerabilities by intercepting all anonymous Skype for Business traffic in the DMZ and validating them before allowing them to enter the domain network,” added Eldan.

In order to ensure that no malicious code is injected into a request, the solution passes each request through multiple security inspections and validation channels, including session termination and rewrite, protocol sanitation, data validating and device pre-authentication. By doing so, the risk of most protocol and application level attacks is eliminated, as the original request is not allowed to enter the domain.

The application firewall performs session termination of the request and creates a new request with the same parameters built as expected by the server schema. This concept blocks, by design, any extra code injected into the original request.

SkypeShield’s application firewall protects the internal servers by performing a wide set of sanitized filtering operations detecting malicious requests and blocking them from passing to the DMZ.

Categories
Uncategorized Skype for Business SkypeShield Smart card for authentication Two Factor Authentication

What’s broken with Skype for Business security and how to fix it

Two factor authentication (2FA) security solutions are gaining popularity as they add a meaningful extra level of protection against phishing, keyloggers, password reuse and other threats.

At the same time, users of Microsoft’s on premises products, such as Skype for Business (Lync) and SharePoint are left behind. The vast majority of Skype for Business users are limited to authentication practices that became insufficient already in the mid 90’s.

Skype for Business offers only one option for securing yourself using two factor authentication – smart cards. These cards work, however, only on a Windows desktop client, making this an option only for organizations that are willing to issue workers smart cards and are not planning mobility deployment in the future.

Using Skype for Business Online (part of Office 365) is problematic as well. Microsoft claims it offers 2FA but it does not work for Skype for Business desktop or mobile. These mobile and desktop clients require “App Passwords”, which only offer one factor authentication.

Enabling Microsoft’s native 2FA, whether on the cloud or on premises, disables essential parts of Lync, such as access to Exchange for meeting info and to any contacts in the Unified contact store.

So what can be done?

SkypeShield hardens Skype for Business security and provides essential new features, which work with Lync 2013 as well as Skype for Business.

It offers device management that allows users to self-register their mobile devices easily, so that malicious parties cannot authenticate, even if they manage to obtain a user’s password.

SkypeShield also offers two factor authentication using existing RSA secure ID tokens or the widely used Google Authenticator as well as plenty of other significant security features.

All of these additional security options protect access to MS Exchange too, providing uninterrupted access to meeting information and contacts.

The writer is Technical lead at SkypeShield

Categories
Skype for Business SkypeShield Uncategorized

SkypeShield appoints NextiraOne as its distributor for Skype for Business security solutions in France

SkypeShield has chosen NextiraOne, a European multinational company that designs, installs, maintains, and supports business solutions and communications services throughout Europe, as its leading distributor in France.

“As part of our overall strategy to further expand our activities in Europe, we have chosen to work with NextiraOne in order to substantially widen their offerings and add security layers to NextiraOne’s Skype for Business services,” said Guy Eldan, CEO of AGAT Software, which developed SkypeShield.

“NextiraOne, with its leading position in the French unified communications market, is an ideal partner, allowing us to provide a complete suite for those looking for the most advanced Skype for business authentication solutions.”

NextiraOne, which serves over 43,000 private and public sector clients throughout Europe, will distribute SkypeShield’s innovative Skype for Business (Lync) security solutions in the fast-growing French market.

NextiraOne has already deployed SkypeShield with one of the top largest professional services companies in the world.

Using its expertise in leading-edge communications, including data centers, contact centers, unified communications, secure network infrastructures and managed services, NextiraOne helps its customers to transform their organizations by making the complex simple.