31 กรกฎาคม 2551 17:14
This is my very first time useing MS security forum and I was hopeing if someone could please share his/her thoughts on federation risks.
I am only aware of three major risks when comes to federation
1- viruses and spam and supposedly forefront security should be able to take care of that althought it hasnt been released yet.
2- Name discovery. Are you aware of how this could be exploited and what would you recommend to mitigate this risk?
3- DoS attacks: I find this a signficant issue as IDS would have no visibility on the OCS traffic as its encrypted. What would you recommend to mitigate DoS in regardsw to OCS federation. Is there some setting that should be done differently by admins to alert them when the number of requests exceds the limit.
4- MITM (man in the middle) this should be mitigated by MTLS as all OCS traffic is over MTLS.
In addition to the above are you familiar with any further risks or standards associated with OCS federation. Your quick response is most appreciated.
31 กรกฎาคม 2551 22:14
1)First of all you can disable federation or only configure the domains that you allow
2)You can indeed use Forefront Security for OCS to mitigate for virusses and spim
3)The EDGE Server is actually a firewall but not completely sure how DOS would be handled
4)Clients only do SIP TLS so no MTLS (unlike servers that allways do MTLS)
Maybe you will find all your information in the OCS Security guide