This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
The firewall is indicating that users are taking advantage of 1Password and Lastpass in the form of a browser plugin. How do I see if they are using them on personal sites or company urls. I want to prove if they are saving company passwords to personal password managers.
Not aware of a way to prove this from the network side of things. Having said that, controlling the browser plugins used by end users is something organizations typically do (e.g. allow only specific approved ones).
You cannot see this with a firewall. It would require HTTPS inspection and all the plain data to be readable for you. Then somehow collect this data what is inside this extension.
From my point of view you should either block these types of extensions (can be done via GPO) or allow them. I would allow them and provide a tool managed by the company. Reason for that is, if a user is not allowed to use a password management tool the user will most likely write down the passwords on a piece of paper or put it in a plain text file on the desktop. Also it will force the user to use more easy passwords and reuse old passwords (just change 1 number and add up every reset). Last reason is that with a password tool a user is more likely to use a different password for different websites. Instead of 1 easy to remember password for all websites.
------- If you like this post please give a thumbs up(kudo)! 🙂
I was thinking maybe QUIC protocol, but probably not. Cant recall now if there are any browser logins that could be blocked via ssl inspection policy, but will check in the lab later.
I think this is actually really good response from AI copilot, but it involves harmony endpoint.
Andy
**************************
To monitor and prevent the use of corporate passwords on personal sites, you can use thePassword Reuse Protectionfeature in Harmony Endpoint. This feature alerts users and logs incidents when corporate passwords are used on non-corporate domains. Here’s how you can set it up:
Steps to Configure Password Reuse Protection
Access the Policy Settings:
Go toPolicy>Threat Prevention>Policy Capabilities.
Select the Rule:
Select the rule set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session.
Navigate to Web & Files Protection:
In theCapabilities & Exclusionspane, selectWeb & Files Protection.
Configure Credential Protection:
In theWeb & Files Protectiontab, scroll down toCredential Protection.
UnderPassword Reuse, select a mode:
Prevent mode: Blocks the user from entering the corporate password and opens the blocking page in a new tab. If you enableAllow users to dismiss the password reuse alert and access the website, then it allows the user to dismiss the blocking page and continue to enter the corporate password.
Detect mode: The system does not block the user from entering the corporate password. If a user enters the corporate password, it is captured in the Harmony Browse logs.
Off: Turns off password reuse protection.
Example Configuration
Prevent mode - Blocks the user from entering the corporate password and opens the blocking page in a new tab. If you enable Allow users to dismiss the password reuse alert and access the website, then it allows the user to dismiss the blocking page and continue to enter the corporate password.
Notes:
Detect mode: The system does not block the user from entering the corporate password. If a user enters the corporate password, it is captured in the Harmony Browse logs.
Off: Turns off password reuse protection.
Additional Information:
This feature is not supported with Safari and Internet Explorer browser extensions.
Ensure that the browser extension is installed and configured correctly for Chrome or Edge browsers.
By enabling and configuring the Password Reuse Protection feature, you can monitor and log incidents where corporate passwords are used on personal sites, helping you to prove if users are saving company passwords to personal password managers like 1Password and LastPass.
BE AWARE
Important - To prevent negative impact on your production environment, double-check the provided information in the Administration Guide for the involved product.