Account Lockout Protection

Highlights:

  • Block DoS & DDos attacks
  • Protect Lync against brute force attacks
  • Block attacks on the gateway level
  • Prevents account lockout
  • Custom login credentials exclusively for Lync

Lync Edge Access Control is an innovative security solution, which prevents account lockout. Lync Edge Access Control is specifically designed to meet the security requirements of organizations that wish to safely connect computers from outside the corporate network to their Lync server.

Background

Connecting computers and mobile devices to Edge servers from outside exposes the network to serious risks.
While the main threat is to mobile devices as they are less controlled, connecting desktops, and laptops, to Lync services is also risky because this requires access to the Active Directory and exposes the organization to account lockout issues.

Account lockout problem

Account lockout might be the result of:

  • The user changed the Active Directory password, but did not change his computer settings
  • The username (without the password) being obtained by a hacker who tried to log in several times
  • The system became the target of DDoS, Dos and brute force attacks. Such attacks can result in an unavailable network and cause significant business damage

Lync Edge Access Control features

Lync Edge Access Control offers the following features:

  • Solution for account lockout

Lync Edge Access Control eliminates these threats by blocking failed attempts at the Edge server side before they reach the Active Directory. This is done by configuring a block-failed login policy that blocks attack attempts from reaching the Active Directory. The policy includes a limited number of allowed failed attempts within a defined period.

  • Non-mobile credentials problem

Lync Edge server offers both NTLM and certificate-based authentication (TLS-DSK). This is particularly useful for organizations which fear the usage of credentials that are passing through the Web while using NTLM authentication. When allowing NTLM, you have the risk of the password been hacked while passing to the domain or used on the device.

  • Solution for certificate authentication

By using Lync Edge Access Control, the authentication can be configured to block NTLM and force the certificate authentication, thus achieving a Two-Factor Authentication process for desktops/ laptops outside the corporate network.

While using certificate authentication, the Lync client requires a certificate on the first authentication request made with the user’s corporate credentials (Kerberos). Once a certificate is set for the client, it is subsequently used for the ongoing authentication process.