Description

Deploying Edge Servers exposes your Skype for Business to the Internet. This exposure puts your users and infrastructure potentially at risk. To protect your network from security threats targeting the SIP protocol, you need a solution that understands this application protocol and defends against attacks at this layer. This link provides a comprehensive list of the surface area of attack.


Key Benefits


The Security Edge Filter protects your network from the following types of attacks:


  • Protects Active Directory accounts from account lockout

  • Blocks NTLM authentication

  • Prevents non-Active Directory joined computer from connecting

Architecture

The Security Edge Filter installs directly on the Edge Server. It inspects the SIP and SDP protocols on the Edge Server before this traffic reaches the internal network.



The Security Edge Filter tracks all authentication requests by uniquely identifying each user to prevent denial of service (DoS) or password brute force attacks, and filters out invalid requests.

It can block users from signing in from a non-corporate computer that is not joined to Active Directory.

It can block authentication requests from using NTLM.