Security Issues

  • Secure mobile Skype for Business connectivity
  • Active Directory (AD) protection
  • Two-factor authentication
  • Eliminates need to use AD credentials on mobile device
  • Block DDoS, DoS attacks &  Brute force attacks
  • Solution for smart card authentication
  • Available as a filter for Forefront (ISA/TMG) servers or as a gateway

The outgoing 2015 was a dramatic year for Lync users, after Microsoft has launched the new version of Skype for Business. The launch of the Microsoft Unified Communications (UC) has not solved the security vulnerabilities arising from connecting mobile and other external devices to the corporate network.

Here are some security vulnerabilities arising from external access to Skype for business that organizations should pay attention to:

  • Account lockout – someone who knows your user name can lock your internal account by sending failed login attempts. Generic solutions fail to monitor all authentication channels exposed, including SIP and SOAP.SkypeShield offers a unified monitoring and protection solution. Malicious code accessing internal server- In order to support guests joining meetings, some service support anonymous access. From a security perspective, there are requests that can reach the web servers in the domain without the need to authenticate and without inspection. SkypeShield offers a four-layer application firewall for Skype for Business including session termination, application and protocol inspection and rewriting requests.
  • Password theft from infected device – A valid employee can use any device, including his personal device that might be jail broken or infected, to connect to the network. In such a case, domain credentials can fall to the wrong hands. Even with an Mobile Device Management (MDM) solution implemented, there is no control when using a non-managed device. Protect yourself by using device access control and limit the usage only to devices with MDM.
  • Exposing emails – If calendar information is enabled on the organization’s Skype for Business clients, someone with valid credentials can have access to all emails. SkypeShield offers a solution for protecting the corporate Exchange by blocking any Exchange request, unless coming from a registered device and from a Skype for Business client.
  • Data and privacy information exposed – While implementing federation trust with external companies, privacy (availability) and server information data is exposed. The federation is available globally for all company members with all federated external companies with no control over the different modalities allowed, such as file sharing.Deploying SkypeShield ethical wall handles these issues by defining granular control based on user, groups and companies based policies.
  • Data leak prevention – As the usage of Skype for Business extends outside the network boundaries, enabling communication with external parties via federation meetings poses some serious security and data protection risks. This arises from the fact that data flow between parties is very accessible and easy to use at any time, any place, and by any device.Preventing data leaks going through Skype for Business  is very challenging because of the variety of mobile, web and desktop clients Skype for Business offers and because of the SIP protocol in use by the clients. SkypeShield offers a new concept based on a server side inspection covering all of the data channels. The Data Leak Prevention (DLP) solution supports both a built in DLP engine as well as integration with commercial DLP vendors.