Companies that allow employees to sign in to Office Communications Server remotely from the Internet can be susceptible to denial-of-service (DoS) and brute-force attacks. These kinds of attacks involve guessing users’ passwords or locking out user accounts when too many incorrect password attempts are made to a valid Active Directory user account when password policy is enforced. Although internal security is not compromised, these types of attacks are disruptive to users and use up internal server resources. To prevent such attacks at the edge, you can install a security filter on the Edge Server that monitors sign-in attempts and enforces account lockout at the network perimeter.
More Info: TechNet