Uncategorized Skype for Business SkypeShield Smart card for authentication Two Factor Authentication

What’s broken with Skype for Business security and how to fix it

Two factor authentication (2FA) security solutions are gaining popularity as they add a meaningful extra level of protection against phishing, keyloggers, password reuse and other threats.

At the same time, users of Microsoft’s on premises products, such as Skype for Business (Lync) and SharePoint are left behind. The vast majority of Skype for Business users are limited to authentication practices that became insufficient already in the mid 90’s.

Skype for Business offers only one option for securing yourself using two factor authentication – smart cards. These cards work, however, only on a Windows desktop client, making this an option only for organizations that are willing to issue workers smart cards and are not planning mobility deployment in the future.

Using Skype for Business Online (part of Office 365) is problematic as well. Microsoft claims it offers 2FA but it does not work for Skype for Business desktop or mobile. These mobile and desktop clients require “App Passwords”, which only offer one factor authentication.

Enabling Microsoft’s native 2FA, whether on the cloud or on premises, disables essential parts of Lync, such as access to Exchange for meeting info and to any contacts in the Unified contact store.

So what can be done?

SkypeShield hardens Skype for Business security and provides essential new features, which work with Lync 2013 as well as Skype for Business.

It offers device management that allows users to self-register their mobile devices easily, so that malicious parties cannot authenticate, even if they manage to obtain a user’s password.

SkypeShield also offers two factor authentication using existing RSA secure ID tokens or the widely used Google Authenticator as well as plenty of other significant security features.

All of these additional security options protect access to MS Exchange too, providing uninterrupted access to meeting information and contacts.

The writer is Technical lead at SkypeShield

LyncShield Microsoft Lync Skype for Business Smart card for authentication Two Factor Authentication Uncategorized

The ultimate Lync security suite for the enterprise market

The number of organizations seeking to protect themselves and avoid any unauthorized use of Lync is growing rapidly and LyncShield is constantly asked to expand its Lync security suite and add new features.

We have addressed all these requests, and are proud to be able to offer now the ultimate Lync security suite to organizations looking for secure Lync (Skype for Business) connectivity. By using LyncShield, organizations can safely connect users to Lync servers from smartphones, tablets and any other external device.

Our innovative enterprise solution prevents unauthorized devices (mobiles and desktops) from connecting to the corporate network, avoids the usage of Active Directory (AD) credentials and protects against account lockout/DDoS.

LyncShield is already successfully deployed by some of the world’s leading financial institutions, consultancy companies, banks and other large multinational organizations.

LyncShield offers the following security features:

  • Active Directory credentials protection – avoids usage of active directory credentials on the device by defining specific credentials for Lync that are different from the AD credentials.
  • Two Factor Authentication (TFA)/ Device registration – verifies that Lync connection is achieved only from registered devices. The solution includes a website with several registration workflows offering either a self-service enrollment or a central management approval process to register devices.
  • Block DDoS attacks and prevent account lockout – prevents a Lync account lockout situation in Denial-of-Service (DoS/DDoS) attacks. The solution offers a unique site defense approach handling an attack going through all authentication channels (HTTP/S, SOAP, SIP and more).
  • Restrict Lync to corporate or managed devices– limits access to the organization’s Lync server only to corporate or managed devices that have the MDM client installed. The solution offers several approaches depending on the MDM implementation and supports most of the MDM vendors in the market.
  • Smart card login for Lync mobile – offers a solution to organizations with a network policy requiring smart card login to allow authentication and user Lync mobile.
  • RSA Token Authentication– eliminates the need to use AD credentials for users of secure tokens wishing to connect to Lync servers from external devices and enables Two Factor Authentication based on the token. RSA solution also handles Exchange connectivity.
  • Exchange Protection – protects Exchange Web Services (EWS) against account lockout and limits access to the EWS only from registered device (TFA).

“Connecting to the organization’s server using the Lync client from smartphones, tablets and any other device outside the organization poses serious security risks,” said Guy Eldan, CEO of AGAT Software, which developed LyncShield. “These risks derive from the need to authenticate a user connecting externally from non-managed environments and devices.”

“We have managed to come up with a solution that addresses all security issues and is already successfully deployed by some of the global financial institutions, business consulting services firms, and other large multinational organizations. By using LyncShield organizations can protect themselves and avoid any unauthorized use of Lync.”

Microsoft Lync Mobile Security Skype for Business SkypeShield Smart card for authentication Two Factor Authentication Uncategorized

New security solution protects smart card login of Skype for Business mobile users

A growing number of organizations around the world, such as financial institutions and governments, are providing their workers with a smart card device to strengthen the identity authentication process. These organizations are facing a problem while implementing Skype for Business (Lync) mobile authentication requiring the user to enter his or her Active Directory (AD) credentials.

In such organizations, users do not have Active Directory credentials as they use the smart card for authentication instead. This in turn may cause a problem, as Microsoft Skype for Business requires Active Directory (AD) credentials to connect from handheld devices.

To solve this problem, SkypeShield has developed a new security solution for smart card authentication enabling mobile Skype for Business authentication for organizations with a network policy that requires their workers to use smart card login.

SkypeShield’s innovative solution addresses this challenge by applying the authentication process in two separate steps:

• The user creates dedicated Skype for Business credentials from a self-service registration web site after using his/her smart card for authentication to the site from a PC.

• The user then needs to connect his/her mobile device within a limited time frame by entering the dedicated Skype for Business credentials on the mobile device.

SkypeShield’s new solution also addresses account lockout protection and Two Factor Authentication (TFA) for external Skype for Business clients.

“We were approached by customers who couldn’t find a good solution for smart card authentication,” said Guy Eldan, CEO of AGAT Software, which developed SkypeShield. “Our simple and easy-to-implement security solution allows organizations to continue maintaining the smart card authentication policy enabling mobile users connect to the corporate network from outside network without using Active Directory credentials.”