Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Contributor

Prevent Brute-Force and MITM attack on Externally hosted FTP Server

We have multiple FTP Servers in our Data Center DMZ Zone which are accessible over Internet.

We had observed Brute Force attack on our servers from multiple Regions, also since FTP uses plain text it is susceptible to MITM attack as well. 

After going through the current IPS Features to prevent this I was able to find only the below one in "IPS Protections" as an accurate solution:

FTP PATTERNS

But it is last updated on 30 March 2006, which too old, so wanted to check if we have any other features available in Checkpoint IPS to prevent  Brute-Force and MITM attack on Externally hosted FTP Server.

 

 

5 Replies
Highlighted
Admin
Admin

The solution to MITM attacks is to switch to an encrypted protocol.
For Brute Force, the ways you detect that haven't changed all that much, thus even though that signature hasn't updated in a while, it should still be effective.

Highlighted
Contributor

Thank you @PhoneBoy  for your response.

At present I a have Enabled the FTP PATTERNS feature to detect mode with Packet Capture and loging enabled, but wanted to get a few thing clarified on the "Additional Settings" option, at present there is 2 options:

1. Use default Settings 

2. Customize

Qusetion 1: What are the parameters selected in the "Use default Settings" option ?

Question 2:  In customize we have only one option selected out of the total of 6 protections by default, since I have  set it to detect mode with packet capture and logging enabled, would it not show the logs for the remaining 5 protections which are currently unchecked.

 

 

0 Kudos
Reply
Highlighted
Contributor

Protection Details-FTP PatternsProtection Details-FTP PatternsCustomize option-FTP PatternsCustomize option-FTP Patterns

0 Kudos
Reply
Highlighted
Contributor

Hi @PhoneBoy ,

Just checking on to see if you had a chance to look on the above questions.

Thanks in advance.

 

 

0 Kudos
Reply
Admin
Admin

I believe the defaults are shown in your screenshot there.
Further, for the items not checked, they won't show in logs in detect mode, either.