Collective Software, LLC

>Innovating ISA Server

Solutions

MEETING YOUR NEEDS

With unmatched expertise for ISA filter development, and a proven track record in the community.

SOLUTIONS FOR:

Visit Microsoft's ISA Server home
Collective Software is a Microsoft® Partner company.

LockoutGuard: Prevent denial of service


Protect your extranet from lockout attacks quickly and easily, without service impact.
  • Implements a pre-emptive "soft lockout"
  • Active Directory accounts protected
  • Configurable lockout threshold

Problem: Denial of service

  • Each failed authentication attempt to your extranet counts in Active Directory as a failed login.
  • Therefore, it is trivial for a remote attacker to lock out any of your AD accounts if they know (or can guess) the login name. No further credentials or privilege is required for this attack.
  • In severe cases this attack may represent a substantial remotely triggerable denial of service vulnerability in your network.

Solution

LockoutGuard from Collective Software augments the capabilities of ISA 2006 and Forefront TMG to allow a “soft lockout”.

  • LockoutGuard can be configured to start denying authentication attempts before the AD lockout limit is reached.
  • This acts as an additional tier of “lockout security”, safely locking the account out of the extranet.
  • During soft lockout of a user's account, password guessing on the extranet will fail since LockoutGuard is blocking authentication attempts for that account.
  • Even during this soft lockout, the user account can still be logged in from inside your LAN, or over a VPN. Thus, the DoS potential is substantially controlled, with a minimum inconvenience.

Powerpoint slides from sales presentation

The current release of LockoutGuard is version 1.1.3
Download LockoutGuard documentation Download LockoutGuard for ISA (evaluations must be activated in 30 days) Download LockoutGuard for TMG (evaluations must be activated in 30 days) Purchase LockoutGuard licenses online LockoutGuard knowledge base articles