If one deploys Jabber via VCS-Control & TMS, then uses Direct AD integration on the VCS-C, so it joins the domain. I am pretty sure that someone trying to log into an AD account via Jabber, entering the password wrong several times would lock the AD account, correct? Now if you add a VCS-E to the mix, now you open your AD network to the world per say, in that someone from the outside, if they were able to figure out your usernames they could start locking all your accounts.
Does any have some ideas on ways to overcome this?
I dont think this to be a security problem. Because thinking this way, the enterprises would never provide any service on internet.
For example, many companies provide webmail service for their employees via internet. The webmail page is public, anybody can get there and try to log in. It does not represent a security problem exactly, because companies normally have several security policies with regards usernames and passwords, like complexity of passwords, time for expiration and so on. I would consider the same regarding Jabber through VCSe.
To improve security regarding DoS and things like that, there are specific solutions, like border IDS and IPS solutions.
Was my response helpful? Please rate useful replies and remember to mark any solved questions as "answered".