Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Lync mobile Authentication

Published byKarlee Litster Modified over 9 years ago

Similar presentations

Presentation on theme: "Secure Lync mobile Authentication"— Presentation transcript:

1 Secure Lync mobile Authentication
V3

2 Background & Overview Connecting external devices (mobile/computers) to the corporate network raises security risks related the Active Directory exposure. Typically there is no control over apps installed on employees’ smartphones and the networks that these devices are connected to. LyncShield is a server side solution with not additional client install supporting all devices. The product is available on TMG or Bastion reverse proxy

3 Security issues and solutions
Problem Two Factor Authentication Connecting non authorized devices Avoid AD credentials on device – dedicated log in Active Directory password leakage Blocking false authentication attempts in DMZ proxy before the Active Directory Account lockout /DDoS All the solutions are available for both mobile and external PC/ Laptops

4 [1] - Two Factor authentication
Based on Device ID sent by client Several registration/ enrolment options to enforce access control policy based on matching the device and the user.

5 Access Control – Enrollment
Support several access control policies: Automatic Registration – Device ID is registered upon first use of account. Two steps registration process:  Two Step Registration – User registers on internal site and then must sync within a defined time frame to complete registration. Admin Manual Enrollment – Admin management of user list using training mode and rejected auditing list.

6 Two Step Registration

7 Two Factor Authentication architecture

8 Access Portal admin View approved & blocked users
Restrict registration and ongoing connection by IP range Allow / Block Web app login Access Rule black / White list Allow / Block guest users Number of devices per user SMTP notification Product settings- Registration, Authentication… Two level admin - local domain admin Reports & Search

9 Access Portal admin control

10 [2]- AD credential protection approach
Lync Shield introduces a new approach for protecting the Active Directory credentials With Lync Shield the connection to Lync is done by using dedicated Lync credentials that are created by the user rather than the regular network Active Directory credential Lync Shield completely eliminates the need to store Active Directory passwords on the device

11 Active Directory dedicated login
The user creates dedicated Lync credentials on a self service internal web site for use on device, instead of Active Directory credentials.

12 Dedicated Lync credentials architecture

13 Mobile Smart Card solution
Many organizations that smart card for network login do not have a username and password for Active Directory. LyncShield allows the usage of Lync without the need to manage Active Directory credentials. With the dedicated login solution, the user logs into the Access Portal authenticating with his smart card from his network computer and creates dedicated SharePoint credentials for use on the mobile device.

14 [3]- Active Directory Account Lockout protection
Account lockout can be the result of the following: The user changed the Active Directory password, but did not change the settings on the device. The username (without the password) being obtained by a hacker who tried to log in several times Ddos , Dos , brute force attacks- Such attacks can result in the network becoming unavailable LyncShield eliminates these threats by blocking the failed attempts on the gateway server side, before reaching the Active Directory

15 Coming soon- RSA / ADFS / Office 365
RSA integration User will authenticate in a web site using RSA User will need to connect device within short time (5 minutes for example) to complete registration RSA Authentication will be valid for a limited configurable time (like one day). Two Factor Authentication for Office 365 / Device registration Solution for using Lync with ADFS without breaking Exchange connectivity Solutions planned to be released by end of Q4, 2014

16 Coming soon- - EWS Protector
Exchange Web Service Protector is an independent product securing the Exchange services required for Lync meeting information Offers currently: DDos protection/ account lockout protection for EWS authentication services (available) Two Factor Authentication (available) Password protection (using Lync credentials and not AD)- to be released soon (available) Filter by operations – allowing only meeting requests (soon)

17 Bastion Reverse proxy forwarding traffic to the configured backend servers. Cross-platform- Windows / Linux Pluggable filtering architecture. Filters HTTP(S). Scalable Event-Driven Architecture. Can publish multiple servers in parallel. Highly efficient asynchronous architecture. Bi-directional content filtering.

18 Bastion (cont) Geared towards full-featured HTTP filtering.
Most reverse proxy solutions are geared towards web acceleration. Supports many HTTP features and scenarios. Chunked, gzip and deflate Transfer-Encodings. Pipelining. Supports filtering content, blocking content or generating proxy responses anytime during the filtering chain (unlike TMG and UAG).

19 AGAT Security suite - Overview
LyncShield and MobilityShield are part of AGAT’s Security suite. AGAT Security suite is a set of unique components that allow extending Forefront (ISA/TMG IAG/UAG) functionality to solve complex architectures and requirements, typically implemented in large, complex and well secured networks. The solution is also available on Bastion reverse proxy without the use of Forefront.

20 To learn more about our solutions please visit our website at

Download ppt "Secure Lync mobile Authentication"

Similar presentations

Secure Single Sign-On Across Security Domains

Secure Single Sign-On Across Security Domains
Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
!! Are we under attack !! Consumer devices continue to invade *Corporate enterprise – just wanting to plug in* Mobile Device Management.

!! Are we under attack !! Consumer devices continue to invade *Corporate enterprise – just wanting to plug in* Mobile Device Management.
Sophos Mobile Control SophSkills Session Name: Thomas Lippert – Product Management DPG Date: 17-Feb-2011.

Sophos Mobile Control SophSkills Session Name: Thomas Lippert – Product Management DPG Date: 17-Feb-2011.
Web Filtering. ExchangeDefender Web Filtering provides policy-controlled protection from dangerous content on the web. Web Filtering is agent based, allowing.

Web Filtering. ExchangeDefender Web Filtering provides policy-controlled protection from dangerous content on the web. Web Filtering is agent based, allowing.
Extending ForeFront beyond the limit www.AGATSolutions.com TMGUAG ISAIAG AG Security Suite.

Extending ForeFront beyond the limit TMGUAG ISAIAG AG Security Suite.
The Natural way for Secure Mobile Email v.1.4 www.AGATSolutions.com.

The Natural way for Secure Mobile v.1.4
Secure SharePoint mobile connectivity

Secure SharePoint mobile connectivity
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Module 5: Configuring Access to Internal Resources.

Module 5: Configuring Access to Internal Resources.
Firewall Configuration Strategies

Firewall Configuration Strategies
Implementing ISA Server Caching. Caching Overview ISA Server supports caching as a way to improve the speed of retrieving information from the Internet.

Implementing ISA Server Caching. Caching Overview ISA Server supports caching as a way to improve the speed of retrieving information from the Internet.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Active Directory Integration with Microsoft Office 365

Active Directory Integration with Microsoft Office 365
Barracuda Web Filter Overview March 26, 2008 Alan Pearson, Monroe County School District Marcus Burge, Network Engineer.

Barracuda Web Filter Overview March 26, 2008 Alan Pearson, Monroe County School District Marcus Burge, Network Engineer.
Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.

Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.
Active Directory Integration with Microsoft Office 365 Ross Adams & Jono Luk Program Managers Microsoft Corporation OSP321.

Active Directory Integration with Microsoft Office 365 Ross Adams & Jono Luk Program Managers Microsoft Corporation OSP321.
1 Enabling Secure Internet Access with ISA Server.

1 Enabling Secure Internet Access with ISA Server.
Page Copyright Giritech A/S an – Excitor company.

Page Copyright Giritech A/S an – Excitor company.

Similar presentations

Ads by Google