Securing lync web app sessions the sessions between

Info icon This preview shows pages 48–50. Sign up to view the full content.

View Full Document Right Arrow Icon
Securing Lync Web App Sessions The sessions between clients and the Lync Web App can be made more secure by using session timeouts and encryption. This section discusses ways to enhance the security of sessions between the client and Lync Web App. Securing Tokens In Lync Web App, the same token is used for the session token and the authentication token. You can enhance the security of tokens by using short timeouts on Lync Web App virtual servers that service external requests. You can set different timeout values for public and private computers in the external virtual server’s properties. Using Encryption The following are the requirements and recommendations regarding encryption: 44
Image of page 48

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Microsoft Lync Server 2010 Security Guide You must use TLS/MTLS for all communications between Lync Web App and servers that are running Microsoft Lync Server 2010. You should always use HTTPS unless SSL offloading is used for performance reasons and other effective security safeguards are in place. You may use HTTP for communications between a hardware load balancer or other device and the Lync Web App if SSL offloading is used for performance reasons. In this case, the physical link should be secured. Do not use HTTP between the client and the Lync Web App. Using PKI, Certificates, and SSL for Lync Web App Lync Web App does not require separate certificates. The reverse proxy server does require certificates. For details about reverse proxy server certificate requirements, see Reverse Proxy Publishing in the Planning documentation. Addressing Threats to Enterprise Voice for Lync Server 2010 Enterprise Voice is the software-based VoIP solution available in Microsoft Lync Server 2010. Enterprise Voice uses VoIP for both internal calls and for connecting to traditional telephone networks. Because internal VoIP calls, like IM, are all encrypted, security concerns that are specific for VoIP focus on the transfer of calls to and from the unencrypted public switched telephone network (PSTN). Enterprise Voice requires two devices to provide VoIP connectivity with the PSTN: A device with connectivity to the PSTN such as IP PBX, Media gateway, Session Border Controller at a service provider. A Lync Server 2010 server role, the Mediation Server, that can translate SIP over TCP to SIP over TLS for internal routing, if necessary. If you choose to configure the link between a media gateway and the Mediation Server for TCP, that link becomes a potential security loophole because the signaling is unencrypted. Nevertheless, some currently available devices with connectivity to the PSTN do not support MTLS, so a TCP connection to the Mediation Server may be required until such time as you are able to upgrade your device. The recommended mitigation for this potential security issue is to deploy the Mediation Server in its own subnet by installing a two network interface cards, each with a separate IP address in a separate subnet with a separate port setting. One card serves as the Mediation Server’s internal edge, listening for TLS traffic from internal servers. The second
Image of page 49
Image of page 50
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern