cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted

Restrict Access to MS Active Directory Services

Jump to solution

Hello,

I would like to know what Service object do you prefer to use to restrict access to Active Directory services.

In Application Control Blade there is a Application signature "Active Directory"

Active Directory Object

policy rule:

policy

Or  do you prefer to place in Service & Application column all needed services:

policy2

Which one is the more secure ?

Thanks

SM
1 Solution

Accepted Solutions
Admin
Admin

Re: Restrict Access to MS Active Directory Services

Jump to solution

If an Application Control signature exists, you should use it.

In terms of the ports allowed, they are identical.

The signature does provide extra checking.

3 Replies

Re: Restrict Access to MS Active Directory Services

Jump to solution

The answer would depend on how your LDAP server has been configured. If the server listens on TCP and UDP port 389, which is the default configuration, then you would have to include the following services:

ldap_udp(UDP/389)

ldap(TCP/389)

If your question is about which is the most secure protocol, then the answer would be ldap-ssl(TCP/636) as it will allow LDAP-related traffic to be encrypted. 

Once again though, the service selected will depend on your LDAP server's configuration.

Re: Restrict Access to MS Active Directory Services

Jump to solution

Thanks Nicholas,

Thanks you for your answer,

Maybe I was not so clear.

There is Application Signature "Active Directory" which should recognized all Active Directory services (tcp/135, tcp/138, ldap_udp, ldap, Kerberos, nbname ......)

So my question is what is more secure/preferable to use in Services & Applications column:

policy3

OR

policy4

Thanks

SM
0 Kudos
Admin
Admin

Re: Restrict Access to MS Active Directory Services

Jump to solution

If an Application Control signature exists, you should use it.

In terms of the ports allowed, they are identical.

The signature does provide extra checking.