Publishing Skype for Business to the Internet exposes your network to DoS (Denial-of-Service) and , DDoS (Distributed-Denial-of-Service) and brute force attacks.
These attacks can cause make your network to become unavailable and result in cause significant business damage.
SphereShield blocks these attacks on the gateway level by configuring a block-failed login policy that blocks the attack attempts from reaching the Active Directory.
In order to get to the DOS protection settings, we'll need to your business.sign in to the Access Portal admin area → Settings → DOS Protection, or by using the following URL:/admin/settings?category=settings_dos_protection_category_header
Soft lockout users after the defined number of failed authentication requests in defined period - How many failed authentication requests should be allowed before a soft lockout should take place. This value should be lower than the value defined in AD for "Account lockout threshold".
Reset account lockout counter after (seconds) - How much time should pass before reset the soft lockout counter and allow the blocked account to try authenticate again. This value should be slightly higher than the value defined in your AD for "Reset account lockout counter after".
Block period (minutes) - The time window
Check DDoS on - adf
SkypeShield counts failed attempts to sign in to AD and once they reach a certain threshold, SkypeShield blocks further requests from reaching application servers.
...