DDOS with Azure using on Prem ADFS and Secure ID
We had a set up with our Azure AD which we use our on Prem ADFS and on Prem Secure ID. We have discovered an issue where a malicious agent could lock out our users via multiple incorrect log ins.
Is there a way to stop this sort of DDOS attack using this setup? If not stop, limit our exposure.
- Auth Agent
- Authentication Agent
- Community Thread
- Forum Thread
- RSA SecurID
- RSA SecurID Access
Can I ask what version of ADFS you are running?
I ask this because Microsoft has introduced some capabilities to help with this in ADFS 2019
1. Extranet "smart lockout"
2. Second factor before password
You can read more here.
Additional authentication methods in AD FS 2019 | Microsoft Docs
Setting the second factor (SecurID token password, MFA Push/Biometric) before the AD credentials will protect against an AD lockout DOS attack. In Auth Manager if using SecurID tokens you could set auto-unlock to 5 or 10 minutes so users would be inconvenienced but it won't leave users locked out of their windows laptop/desktop.