Description

Publishing your Skype for Business and Exchange servers to the Internet through your reverse proxy exposes your corporate network to security threats. To protect your network from sophisticated attacks at the application protocol layer used by Skype for Business and Exchange, you need a solution that understands these protocols and recognizes which attacks these protocols are vulnerable to. This link provides a comprehensive list of the surface area of attack.


Key Benefits


The Security Web Filter protects your network from the following types of attacks:


  • Protects Active Directory accounts from account lockout

  • Blocks email clients from connecting to Exchange

  • Requires Skype for Business Mobile clients to be registered to gain full access


Architecture

The Security Web Filter inspects Skype for Business and Exchange traffic at the reverse proxy level in your network perimeter before it reaches your internal network. Supported reverse proxy is F5.



While a network firewall secures traffic at Layers 3 and 4, the Security Web Filter performs deep packet inspection of Skype for Business and Exchange traffic at layer 7.


F5's BIG-IP routes the Web traffic to the Security Web Filter for inspection. The Security Web Filter instructs the BIG-IP reverse proxy whether to allow the traffic through or drop the packets.


It filters out invalid requests and protects your internal Active Directory from account lockouts. It uniquely identifies users and enforces lockout rules configured by the administrator. When the number of failed login attempts exceeds the administrator’s specified threshold, the Security Web Filter blocks all further login attempts for that account until the lockout period expires or the administrator unlocks the account.



For organizations who do not allow email access externally, but want to allow Skype for Business clients to access calendar information to join meetings, the Security Web Filter can block any email client from connecting to Exchange Web Services (EWS) except Skype for Business clients based off a unique endpoint signature.


The Security Web Filter can restrict access to only registered mobile devices (Skype for Business Mobile). If the mobile device is not registered, the Security Web Filter disables the Skype for Business Mobile client from accessing the user's contact list, calendar, presence and sending IMs.