Pro-Exchange,Lync & Office 365
Belgian Microsoft Unified Communications Professionals
Microsoft Exchange Server, Microsoft Lync Server & Office 365
Protecting the Edge Server Against DoS and Password Brute Force Attacks in Office Communications Server

I come across this question from customers a lot and am happy to see there is a nice solution for it using a security filter on the OCS Edge Server.

The principle is quite simple:

Every time the Edge Server receives a sign-in request, the request is passed to the security filter. The security filter checks whether the sign-in request has exceeded the maximum allowed number for the particular user account. If the request has not exceeded the maximum lockout count permitted, the security filter allows the request to continue its course to the Director or internal pool. If the request exceeds the maximum lockout count permitted, the security filter blocks the request and returns a 403 response rejecting the request. Any further sign-in attempts are rejected for the duration of the lockout period. After the lockout period expires, it is reset to allow new sign-in requests to be authenticated.

Protecting the Edge Server Against DoS and Password Brute Force Attacks in Office Communications Server
http://technet.microsoft.com/en-us/ff706687.aspx

You can download the application here:
http://go.microsoft.com/fwlink/?LinkId=195423

Posted 07-02-2010 10:51 by Tonino