OCS federation risks...please assist RRS feed

  • Question


    Hello All,


    This is my very first time useing MS security forum and I was hopeing if someone could please share his/her thoughts on federation risks.


    I am only aware of three major risks when comes to federation


    1- viruses and spam and supposedly forefront security should be able to take care of that althought it hasnt been released yet.


    2- Name discovery. Are you aware of how this could be exploited and what would you recommend to mitigate this risk?


    3- DoS attacks: I find this a signficant issue as IDS would have no visibility on the OCS traffic as its encrypted. What would you recommend to mitigate DoS in regardsw to OCS federation. Is there some setting that should be done differently by admins to alert them when the number of requests exceds the limit.


    4- MITM (man in the middle) this should be mitigated by MTLS as all OCS traffic is over MTLS.



    In addition to the above are you familiar with any further risks or standards associated with OCS federation. Your quick response is most appreciated.







    Thursday, July 31, 2008 5:14 PM

All replies