Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
s_milidrag
Contributor
Contributor
Jump to solution

Restrict Access to MS Active Directory Services

Hello,

I would like to know what Service object do you prefer to use to restrict access to Active Directory services.

In Application Control Blade there is a Application signature "Active Directory"

Active Directory Object

policy rule:

policy

Or  do you prefer to place in Service & Application column all needed services:

policy2

Which one is the more secure ?

Thanks

SM
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

If an Application Control signature exists, you should use it.

In terms of the ports allowed, they are identical.

The signature does provide extra checking.

View solution in original post

4 Replies
Nick_Doropoulos
Advisor

The answer would depend on how your LDAP server has been configured. If the server listens on TCP and UDP port 389, which is the default configuration, then you would have to include the following services:

ldap_udp(UDP/389)

ldap(TCP/389)

If your question is about which is the most secure protocol, then the answer would be ldap-ssl(TCP/636) as it will allow LDAP-related traffic to be encrypted. 

Once again though, the service selected will depend on your LDAP server's configuration.

s_milidrag
Contributor
Contributor

Thanks Nicholas,

Thanks you for your answer,

Maybe I was not so clear.

There is Application Signature "Active Directory" which should recognized all Active Directory services (tcp/135, tcp/138, ldap_udp, ldap, Kerberos, nbname ......)

So my question is what is more secure/preferable to use in Services & Applications column:

policy3

OR

policy4

Thanks

SM
0 Kudos
PhoneBoy
Admin
Admin

If an Application Control signature exists, you should use it.

In terms of the ports allowed, they are identical.

The signature does provide extra checking.

Ilovecheckpoint
Participant

I wish it could work properly, but it doesn't.

I created two rules, the first one allowing active directory application.

The second rules allow all Microsoft services.

The second rule matches more times than the first one.

Finally, I has to open by services.

Does anybody has the expected result?

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events