This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
GerryORahilly
New Contributor
New Contributor
‎2020-07-08 11:27 AM

DDOS with Azure using on Prem ADFS and Secure ID

We had a set up with our Azure AD which we use our on Prem ADFS and on Prem Secure ID. We have discovered an issue where a malicious agent could lock out our users via multiple incorrect log ins. 

Is there a way to stop this sort of DDOS attack using this setup? If not stop, limit our exposure. 

Labels (1)
Labels
0 Likes
Reply
2 Replies
RandyBelbin
Frequent Contributor Frequent Contributor
Frequent Contributor
‎2020-07-08 12:23 PM

Hi Gerry,

 

Can I ask what version of ADFS you are running?

 

I ask this because Microsoft has introduced some capabilities to help with this in ADFS 2019

 

1. Extranet "smart lockout"
2. Second factor before password

 

You can read more here.
Additional authentication methods in AD FS 2019 | Microsoft Docs 

Reply
SeanDoyle
Trusted Contributor Trusted Contributor
Trusted Contributor
In response to RandyBelbin
‎2020-07-08 12:31 PM

Setting the second factor (SecurID token password, MFA Push/Biometric) before the AD credentials will protect against an AD lockout DOS attack. In Auth Manager if using SecurID tokens you could set auto-unlock to 5 or 10 minutes so users would be inconvenienced but it won't leave users locked out of their windows laptop/desktop.

Reply
© 2022 RSA Security LLC or its affiliates. All rights reserved.