Collective Software, LLC

>Innovating ISA Server

Solutions

MEETING YOUR NEEDS

With unmatched expertise for ISA filter development, and a proven track record in the community.

SOLUTIONS FOR:

Visit Microsoft's ISA Server home
Collective Software is a Microsoft® Partner company.

LockoutGuard: Prevent denial of service


Protect your extranet from lockout attacks quickly and easily, without service impact.
  • Implements a pre-emptive "soft lockout"
  • Active Directory accounts protected
  • Configurable lockout threshold

Problem: Denial of service

  • Each failed authentication attempt to your extranet counts in Active Directory as a failed login.
  • Therefore, it is trivial for a remote attacker to lock out any of your AD accounts if they know (or can guess) the login name. No further credentials or privilege is required for this attack.
  • In severe cases this attack may represent a substantial remotely triggerable denial of service vulnerability in your network.

Solution

LockoutGuard from Collective Software augments the capabilities of ISA 2006 to allow a “soft lockout”.

  • LockoutGuard can be configured to start denying authentication attempts before the AD lockout limit is reached.
  • This acts as an additional tier of “lockout security”, safely locking the account out of the extranet.
  • During soft lockout of a user's account, password guessing on the extranet will fail since LockoutGuard is blocking authentication attempts for that account.
  • Even during this soft lockout, the user account can still be logged in from inside your LAN, or over a VPN. Thus, the DoS potential is substantially controlled, with a minimum inconvenience.

Powerpoint slides from sales presentation

Download LockoutGuard documentation Download LockoutGuard v1.0.9 (evaluations must be activated in 30 days) Purchase LockoutGuard licenses online LockoutGuard knowledge base articles