Solutions › LockoutGuard


0 item(s) $0.00 Checkout »

$208 / server   Buy For TMG
$208 / server   Buy for ISA

LockoutGuard: Prevent denial of service

Protect your extranet from lockout attacks quickly and easily, without service impact.
  • Implements a pre-emptive "soft lockout"
  • Active Directory accounts protected
  • Configurable lockout threshold

Problem: Denial of service

  • Each failed authentication attempt to your extranet counts in Active Directory as a failed login.
  • Therefore, it is trivial for a remote attacker to lock out any of your AD accounts if they know (or can guess) the login name. No further credentials or privilege is required for this attack.
  • In severe cases this attack may represent a substantial remotely triggerable denial of service vulnerability in your network.


LockoutGuard from Collective Software augments the capabilities of ISA 2006 and Forefront TMG to allow a “soft lockout”.
  • LockoutGuard can be configured to start denying authentication attempts before the AD lockout limit is reached.
  • This acts as an additional tier of “lockout security”, safely locking the account out of the extranet.
  • During soft lockout of a user's account, password guessing on the extranet will fail since LockoutGuard is blocking authentication attempts for that account.
  • Even during this soft lockout, the user account can still be logged in from inside your LAN, or over a VPN. Thus, the DoS potential is substantially controlled, with a minimum inconvenience.