Forum Discussion
Nimbostratusmitigation of brute force attacks using ASM for lync autodiscover
Hi we do use LTM as reverse proxy to publish lync autodiscover service externally. however it cause a security issue as any person can download lync mobile client and cause account lockout after multiple try with worng password. is there any way to protect ntlm authentication during the autodiscover process by using ASM. (we are running lync 2010 in hybrid mode) the below article explain a way to mitigate the risk but did any one used it for Lync ? https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-11-4-0/21.html
we do profer to use ASM as Irules looks to be complicated
4 Replies
Chris_GrantEmployee
You might be able to do this, but the general consensus from most of my colleagues is that this is generally a bad idea. Lync is only partially HTTP and the ASM will simply refuse to pass any traffic that is not RFC compliant HTTP traffic. You might be able to protect the authentication, but you will still need an iRule to disconnect the ASM once that's done.
Also be aware that our Brute Force protection protects a specific URL, so you will need to know which page Lync is trying to hit for authentication.
Michael_Koyfma1Cirrus
Have you seen this great solution by Yann? https://devcentral.f5.com/codeshare/dos-and-ntlm-brute-force-protection-for-https-flow-904?tag=programmability+contest
Should help you accomplish what you're looking for.
GUIZ49_261118Hello thanks for your replies. I was able to configure dynamic brute force attack and it does reject connection after few tries. however we are trying now to enable session tracking but session tracking doesn't pick any attempt to login....
- GUIZ49_261118
Hello thanks for your replies. I was able to configure dynamic brute force attack and it does reject connection after few tries. however we are trying now to enable session tracking but session tracking doesn't pick any attempt to login....
