Hi all,
I was reading this short post about how to protect your users from getting their AD account locked by an attacker when ADFS is proxied to the internet with WAP and using 1FA:
http://technet.microsoft.com/en-us/library/dn486806.aspx
Basicly you tell ADFS to prevent more then 3 bad authentication attemps per given timespan (let's say 30 minutes), assuming your AD account locks out after 5 tries.
How does this protect your AD account against lockout? If I've interpeted the artical correctly the attacker can just come back after 30 minutes and perform the last 2 bad authentication attempts to succesfully lock the AD account?
Does anyone has experience with this or could anyone confirm this? If this is the case its quite useless.
Robin
Find me on linkedin: http://nl.linkedin.com/in/tranet