Allowing external computers and mobile devices to connect to Lync servers exposes the corporate network to serious risk. While the main threat is to mobile devices, connecting desktops, and especially laptops, to Lync services is also risky because this requires access to the Active Directory and exposes the organization to account lockout issues.
In order to solve this problem, MobilityShield has developed an innovative solution, Lync Edge Access Control. The new solution enables the safe connection of computers from outside the corporate network to the organization’s Lync server and prevents account lockout.
Account lockout can be the result of network password policy or of someone knowing your account and failing to authenticate, or in the worst case scenario, of DDoS attack.
Lync Edge Access Control eliminates these threats by blocking failed attempts at the Edge server side before they reach the Active Directory. This is done by configuring a block-failed login policy that blocks attack attempts from reaching the Active Directory. The policy includes a limited number of allowed failed attempts within a defined period.
“Lync Edge Access Control was developed at the request of MobilityShield clients who were looking for a solution that will complement the company’s innovative LyncShield solution to protect connections required for laptops or external desktops to Lync,” said Guy Eldan, CEO of AGAT Software Solutions. “With the additional new Edge Access Control module, we are expanding our protection beyond mobile devices to prevent account lockout when allowing PCs and laptops to connect externally.”
Lync Edge Access control can also secure the authentication. By using Lync Edge Access Control, the authentication can be configured to block NTLM and force certificate authentication, thus achieving a Two Factor Authentication process for desktops and laptops outside the corporate network.