BYOD Mobile Security Skype for Business Two Factor Authentication Uncategorized

Mobile Skype for Business connectivity security threats need to be addressed

BYOD (Bring-Your-Own-Device), in which a growing number of workers use their smartphones for both personal and work purposes is a hot trend.

A recent report by research company Gartner predicts that by 2017 half of all employers will require  employees to supply their own device for work purposes. The report, entitled “Bring Your Own Device:  The Facts and the Future,” indicates that security remains the top concern for BYOD.

Another survey, published by the Ponemon Institute and Zix Corporation, indicates that the majority of  IT and IT specialists believe their companies do not use any tools or policies to protect corporate data  from risks arising from BYOD.

The research shows that 60 percent of IT professionals are dissatisfied with  current BYOD solutions, mostly due to cost and inadequate security.

The problem is not limited to organizations that deploy a BYOD policy, but also includes companies which provide their workers with mobile devices. So for example, workers who use the corporate network to connect to services such as Microsoft Skype for Business (Lync) may expose their employers to serious security threats.

The major risks for the organizations’ networks include:

Hacking of network active directory credentials

Active Directory usernames and passwords can be hacked and used to provide unauthorized access to many core business applications. Using Active Directory credentials in the non-secured environment of a mobile device introduces major risks.

The exposed credentials might be hacked and used to either receive emails or log in to other corporate applications. Hacking is typically achieved by “eavesdropping” on public networks, through hostile applications installed by users or received by SMS. Another danger is that the user will allow other people, such as friends and family members, to use his or her device, and unintentionally expose the corporate network to risk.

The best solution for such problems is to try to refrain from using or storing the Active Directory credentials on the mobile device.

Usage of uncertified devices

The worker might connect to the corporate network by using his or her name and password on other unauthorized devices, therefore companies need to adopt a policy in which workers can access the system only from authorized devices.

An addition risk is posed when someone has access to a user’s credentials and can connect unnoticeably from a different device.
To avoid these two issues, the required solution is to allow only registered devices to connect, thus implementing a Two Factor Authentication connection.

Brute Force attack and denial of service (DoS)

The exposure of internal services, such as Skype for Business, through the use of a BYOD policy introduces a risk of brute force attacks and denial of service attacks.

The authentication of these services must be publicly available in order to allow the worker to connect anytime from anywhere, thus exposing the Active Directory authentication interface to potential attacks.

Brute-force attacks are conducted by systematically checking all possible keys or passwords until the correct one is found.

Denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) are attempts to make the corporate network unavailable to its intended users. They generally consist of efforts to temporarily or indefinitely interrupt or suspend the services of a host connected to the Internet.

These attacks can make the network unavailable and cause significant business damage. The best way to defend the organization from such attacks is by blocking them at the gateway level by configuring a block-failed login policy that prevents the attack attempts from reaching the Active Directory by implementing a gateway layer blocking these attacks before they enter the network.

Identifying the risks arising from adopting BYOD policies and from making internal services available for external mobile devices is the first step that organizations need to take before they authorize such a strategy.

As the BYOD trend is expected to play a major role in the future, IT managers should explore the possible solutions and find the ones that are most suitable for their organization.

BYOD LyncShield Microsoft Lync Mobile Security Two Factor Authentication Uncategorized

Israel’s Foreign Ministry deploys LyncShield’s Two Factor Authentication solution


The Israel Ministry of Foreign Affairs has implemented LyncShield‘s innovative solution for secure mobile Lync connectivity.

LyncShield was developed by security company AGAT Software Solutions to allow workers safely use approved mobile devices outside the corporate network to connect through Microsoft Lync.

The Foreign Ministry is using LyncShield’s innovative two factor authentication to determine which devices will be granted access to the system based on a self-service registration process.

The two-factor authentication ensures that the Foreign Ministry benefits from another protection layer by adding device identification to the user name and password. It allows the ministry to control and manage the approved device and prevent uncertified devices from using the service.

In order to protect corporate passwords, LyncShield defines application authentication credentials exclusively for Lync. The Active Directory credentials are not stored on a mobile device. LyncShield also protects from DoS, DDoS and brute force attacks.

By adopting LyncShield’s unique approach, the Ministry has eliminated the usage of network credentials on workers’ mobile devices, and resolved the threat of unauthorized connection.

“We were looking for a solution that would allow us to decide which workers would have access to Lync through their mobile devices and to specify which smartphones would be granted such access,” said Yaniv Cohen, system administrator at the Foreign Ministry. “Our experience with LyncShield was very positive and we are currently exploring ways of using more LyncShield features.”

“LyncShield’s solution, which ensures that workers use only a predefined device, has enabled Foreign Ministry workers to benefit for the first time from the advantages of Lync when they are outside the office,” said Yoav Crombie, Business Manager of AGAT Software Solutions. “This successful project illustrates the benefits of using LyncShield for organizations that adopt a BYOD policy.”

 AGAT intends to launch soon a similar solution for Microsoft’s SharePoint and business apps for supporting all mobile devices.