Secure Lync mobile Authentication

Slides:



Advertisements
Similar presentations
Secure Single Sign-On Across Security Domains
Advertisements

Enabling Secure Internet Access with ISA Server
!! Are we under attack !! Consumer devices continue to invade *Corporate enterprise – just wanting to plug in* Mobile Device Management.
Sophos Mobile Control SophSkills Session Name: Thomas Lippert – Product Management DPG Date: 17-Feb-2011.
Web Filtering. ExchangeDefender Web Filtering provides policy-controlled protection from dangerous content on the web. Web Filtering is agent based, allowing.
Extending ForeFront beyond the limit TMGUAG ISAIAG AG Security Suite.
The Natural way for Secure Mobile v.1.4
Secure SharePoint mobile connectivity
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Module 5: Configuring Access to Internal Resources.
Firewall Configuration Strategies
Implementing ISA Server Caching. Caching Overview ISA Server supports caching as a way to improve the speed of retrieving information from the Internet.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Active Directory Integration with Microsoft Office 365
Barracuda Web Filter Overview March 26, 2008 Alan Pearson, Monroe County School District Marcus Burge, Network Engineer.
Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.
Active Directory Integration with Microsoft Office 365 Ross Adams & Jono Luk Program Managers Microsoft Corporation OSP321.
1 Enabling Secure Internet Access with ISA Server.
Page Copyright Giritech A/S an – Excitor company.
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
Managing Client Access
Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.
Course 201 – Administration, Content Inspection and SSL VPN
May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.
Access and Identity Management System (AIMS) Federal Student Aid PESC Fall 2009 Data Summit October 20, 2009 Balu Balasubramanyam.
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.
Securing Microsoft® Exchange Server 2010
Enforcing Concurrent Logon Policies with UserLock.
Threat Management Gateway 2010 Questo sconosciuto? …ancora per poco! Manuela Polcaro Security Advisor.
Module 8 Configuring and Securing SharePoint Services and Service Applications.
Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.
Module 9 Configuring Messaging Policy and Compliance.
Extending Forefront beyond the limit TMG UAG ISA IAG Security Suite
20411B 8: Installing, Configuring, and Troubleshooting the Network Policy Server Role Presentation: 60 minutes Lab: 60 minutes After completing this module,
Module 9: Configuring IPsec. Module Overview Overview of IPsec Configuring Connection Security Rules Configuring IPsec NAP Enforcement.
Module 5 Configuring Authentication. Module Overview Lesson 1: Understanding Classic SharePoint Authentication Providers Lesson 2: Understanding Federated.
Module 9: Designing Network Access Protection. Scenarios for Implementing NAP Verifying the health of: Roaming laptops Desktop computers Visiting laptops.
Microsoft ® Official Course Module 13 Implementing Windows Azure Active Directory.
1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.
Integrating and Troubleshooting Citrix Access Gateway.
Extending ISA/IAG beyond the limit. AGAT Security suite - introduction AGAT Security suite is a set of unique components that allow extending ISA / IAG.
Secure Lync mobile Authentication V5V5.
Secure Skype for Business
DNS DNS changes required to validate domains in Office 365 UPN – User Principal Name Every user must have a UPN UPN suffixes must match a validated.
3/5/2016Faculty : Trần Thị Ngọc Hoa1 From Proxy Server To ISA 2006  Overview  History  Functions  Caching Process  Caching Types  How does it work.
VPN. CONFIDENTIAL Agenda Introduction Types of VPN What are VPN Tokens Types of VPN Tokens RSA How tokens Work How does a user login to VPN using VPN.
Agenda  Microsoft Directory Synchronization Tool  Active Directory Federation Server  ADFS Proxy  Hybrid Features – LAB.
David B. Cross Product Unit Manager Microsoft Corporation Session Code: SIA303 Donny Rose Senior Program Manager.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Secure Skype for Business V6.2
Munix Bus WiFi Authentication, Log Management, Internet Security, Content Filter & VPN Service Internet Gateway & Business Intelligence
Secure Single Sign-On Across Security Domains
Module 3: Enabling Access to Internet Resources
Munix for Education Content Filter, Bandwidth Control, Location Mapping, Movement Analysis, User Self Management Portal, Time Analysis, and much more ….
Enabling Secure Internet Access with TMG
Configuring Windows Firewall with Advanced Security
Power BI Security Best Practices
Enhanced ADFS Protection for Securing Cloud Services
Implementing TMG Server Publishing
Secure Skype for Business
IIS.
11/15/2018 3:42 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Server-to-Client Remote Access and DirectAccess
Microsoft Ignite /20/2018 2:21 PM
Getting Started.
Getting Started.
4/9/2019 5:05 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS.
Designing IIS Security (IIS – Internet Information Service)
Microsoft Virtual Academy
Presentation transcript:

Secure Lync mobile Authentication http://www.mobility-shield.com V3

Background & Overview Connecting external devices (mobile/computers) to the corporate network raises security risks related the Active Directory exposure. Typically there is no control over apps installed on employees’ smartphones and the networks that these devices are connected to. LyncShield is a server side solution with not additional client install supporting all devices. The product is available on TMG or Bastion reverse proxy

Security issues and solutions Problem Two Factor Authentication Connecting non authorized devices Avoid AD credentials on device – dedicated log in Active Directory password leakage Blocking false authentication attempts in DMZ proxy before the Active Directory Account lockout /DDoS All the solutions are available for both mobile and external PC/ Laptops

[1] - Two Factor authentication Based on Device ID sent by client Several registration/ enrolment options to enforce access control policy based on matching the device and the user.

Access Control – Enrollment Support several access control policies: Automatic Registration – Device ID is registered upon first use of account. Two steps registration process:  Two Step Registration – User registers on internal site and then must sync within a defined time frame to complete registration. Admin Manual Enrollment – Admin management of user list using training mode and rejected auditing list.

Two Step Registration

Two Factor Authentication architecture

Access Portal admin View approved & blocked users Restrict registration and ongoing connection by IP range Allow / Block Web app login Access Rule black / White list Allow / Block guest users Number of devices per user SMTP notification Product settings- Registration, Authentication… Two level admin - local domain admin Reports & Search

Access Portal admin control

[2]- AD credential protection approach Lync Shield introduces a new approach for protecting the Active Directory credentials With Lync Shield the connection to Lync is done by using dedicated Lync credentials that are created by the user rather than the regular network Active Directory credential Lync Shield completely eliminates the need to store Active Directory passwords on the device

Active Directory dedicated login The user creates dedicated Lync credentials on a self service internal web site for use on device, instead of Active Directory credentials.

Dedicated Lync credentials architecture

Mobile Smart Card solution Many organizations that smart card for network login do not have a username and password for Active Directory. LyncShield allows the usage of Lync without the need to manage Active Directory credentials. With the dedicated login solution, the user logs into the Access Portal authenticating with his smart card from his network computer and creates dedicated SharePoint credentials for use on the mobile device.

[3]- Active Directory Account Lockout protection Account lockout can be the result of the following: The user changed the Active Directory password, but did not change the settings on the device. The username (without the password) being obtained by a hacker who tried to log in several times Ddos , Dos , brute force attacks- Such attacks can result in the network becoming unavailable LyncShield eliminates these threats by blocking the failed attempts on the gateway server side, before reaching the Active Directory

Coming soon- RSA / ADFS / Office 365 RSA integration User will authenticate in a web site using RSA User will need to connect device within short time (5 minutes for example) to complete registration RSA Authentication will be valid for a limited configurable time (like one day). Two Factor Authentication for Office 365 / Device registration Solution for using Lync with ADFS without breaking Exchange connectivity Solutions planned to be released by end of Q4, 2014

Coming soon- - EWS Protector Exchange Web Service Protector is an independent product securing the Exchange services required for Lync meeting information Offers currently: DDos protection/ account lockout protection for EWS authentication services (available) Two Factor Authentication (available) Password protection (using Lync credentials and not AD)- to be released soon (available) Filter by operations – allowing only meeting requests (soon)

Bastion Reverse proxy forwarding traffic to the configured backend servers. Cross-platform- Windows / Linux Pluggable filtering architecture. Filters HTTP(S). Scalable Event-Driven Architecture. Can publish multiple servers in parallel. Highly efficient asynchronous architecture. Bi-directional content filtering.

Bastion (cont) Geared towards full-featured HTTP filtering. Most reverse proxy solutions are geared towards web acceleration. Supports many HTTP features and scenarios. Chunked, gzip and deflate Transfer-Encodings. Pipelining. Supports filtering content, blocking content or generating proxy responses anytime during the filtering chain (unlike TMG and UAG).

AGAT Security suite - Overview LyncShield and MobilityShield are part of AGAT’s Security suite. AGAT Security suite is a set of unique components that allow extending Forefront (ISA/TMG IAG/UAG) functionality to solve complex architectures and requirements, typically implemented in large, complex and well secured networks. The solution is also available on Bastion reverse proxy without the use of Forefront.

To learn more about our solutions please visit our website at http://www.mobility-Shield.com info@agatsolutions.com

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.