Common security threats for lync server 2010 this

Info icon This preview shows pages 8–10. Sign up to view the full content.

View Full Document Right Arrow Icon
Common Security Threats for Lync Server 2010 This section identifies the more common threats to the security of your Microsoft Lync Server 2010 infrastructure and communications, and for each threat it includes a link to the features, technologies, and procedures that can help mitigate the threat. If you have a particular security concern, you can use this section to go immediately to the appropriate section of this guide. Or you can read the entire section to quickly familiarize yourself with the ways in which Lync Server 2010 addresses the main security concerns facing all private networks. In This Section This section includes the following topics: Compromised-Key Attack Network Denial-of-Service Attack Eavesdropping Identity Spoofing (IP Address Spoofing) Man-in-the-Middle Attack RTP Replay Attack Spim Viruses and Worms Personally Identifiable Information Compromised-Key Attack A key is a secret code or number that is used to encrypt, decrypt, or validate secret information. There are two sensitive keys in use in public key infrastructure (PKI) that must be considered: the private key that each certificate holder has and the session key that is used after a successful identification and session key exchange by the communicating partners. A compromised-key attack occurs when the attacker determines the private key or the session key. When the attacker is successful in determining the key, the attacker can use the key to decrypt encrypted data without the knowledge of the sender. Lync Server 2010 uses the PKI features in Windows Server 2008 operating system and Windows Server 2008 R2 operating system to protect the key data used for encryption for the Transport Layer Security (TLS) connections. The keys used for media encryptions are exchanged over TLS connections. 4
Image of page 8

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Microsoft Lync Server 2010 Security Guide Network Denial-of-Service Attack The denial-of-service attack occurs when the attacker prevents normal network use and function by valid users. By using a denial-of-service attack, the attacker can: Send invalid data to applications and services running in the attacked network to disrupt their normal function. Send a large amount of traffic, overloading the system until it stops responding or responds slowly to legitimate requests. Hide the evidence of the attacks. Prevent users from accessing network resources. Eavesdropping Eavesdropping can occur when an attacker gains access to the data path in a network and has the ability to monitor and read the traffic. This is also called sniffing or snooping. If the traffic is in plain text, the attacker can read the traffic when the attacker gains access to the path. An example is an attack performed by controlling a router on the data path.
Image of page 9
Image of page 10
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern