This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
EitanNeuman
Explorer
‎2023-07-30 03:21 AM
Jump to solution

DNS Implied rule

Hi,

I wanted to ask about the DNS Implied rule in the CP Gateway (UDP/53).

 

Since in my organization, we are using both the implied rule and manual DNS rule (where needed) with TCP/53 port I would like to know the follows:

  1. Is there a way for a hacker, from inside or the outside, to use the DNS implied rule of the CP to perform any kind of an attack, which can happened under are noses?
  2. Since Implied rules are not changeable, what is the best practice to work with the specific DNS Implied rule, to achieve – maximum security?
  3. If I would like to Block the use of the DNS Implied rule of the Gateway, from one subnet to another or to Any, how should I do it the best way?

 

0 Kudos
1 Solution

Accepted Solutions
_Val_
Admin
Admin
‎2023-08-02 07:42 AM
Jump to solution

Let's start with the main question. Can hackers use DNS? the answer is yes. We just had a TechTalk about DNS security, you can watch it here: https://community.checkpoint.com/t5/General-Topics/Hacking-DNS-TechTalk-Video-Slides-and-Q-amp-A/m-p...

Now, you can also adjust and log implied rules. DNS is NOT enabled through the implied rules by default.

Screenshot 2023-08-02 at 16.38.37.png

You can also create explicit rules to control your DNS traffic. Lastly, with Threat prevention, you can put additional protections over DNS traffic, regardless of how you configure your rules, implied or explicit.


 

View solution in original post

2 Replies
_Val_
Admin
Admin
‎2023-08-02 07:42 AM
Jump to solution

Let's start with the main question. Can hackers use DNS? the answer is yes. We just had a TechTalk about DNS security, you can watch it here: https://community.checkpoint.com/t5/General-Topics/Hacking-DNS-TechTalk-Video-Slides-and-Q-amp-A/m-p...

Now, you can also adjust and log implied rules. DNS is NOT enabled through the implied rules by default.

Screenshot 2023-08-02 at 16.38.37.png

You can also create explicit rules to control your DNS traffic. Lastly, with Threat prevention, you can put additional protections over DNS traffic, regardless of how you configure your rules, implied or explicit.


 

the_rock
Legend
Legend
‎2023-08-02 06:36 PM
Jump to solution

I think what Val gave you sums it all up pretty well. I would certainly watch DNS hacking presentation by Ralph, it was fantastic.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events