This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
SubZer0
Contributor
‎2024-09-16 06:45 AM

Google reCAPTCHA on Mobile Access

Did anybody add Google Captcha to Mobile Access page? I fond this CheckPoint document: https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_MobileAccess_AdminGuide/Cont...

If you used did you have any problems?

0 Kudos
6 Replies
PhoneBoy
Admin
Admin
‎2024-09-16 09:59 AM

Moved this to the Remote Access space (which is also for Mobile Access Blade)

0 Kudos
Matthias42
Contributor
‎2024-09-16 10:12 PM

There are huge problems with the google captcha. 

Ok, the technical details of this captcha are googles trade secret, so i can only describe an informed guess about what i observe.

The captcha claims some sort of "behaviour based" response. That seems to be just a misleading name for using all sorts of advertising trackers as input to the captcha process.

If a user cares for his privacy and uses Ad blockers, cookie managers, Javascript-filters, etc. Google will fight this and punish him. The captcha will never end, Google will deny access to your service.

On the other hand, if a careless user has a huge footprint on googles tracker databases, the captcha will not even show up and just pass the user.

So in the end, by using the captcha, you are rewarding carelessness, and punishing responsible behaviour.

This is not a "I am not a robot" thing, this is a "track me now" thing.

 

SubZer0
Contributor
‎2024-09-30 07:25 AM
In response to Matthias42

Is there any other option to secure or. block after 5 attempts? 2FW is already in use but customer get brute force everyday.. so I want to stop this. ATM I block everyday new IP address.

0 Kudos
Matthias42
Contributor
‎2024-09-30 07:51 AM
In response to SubZer0

I implement this in the radius server. Depending on environment, i block a user after x attempts, and unblock after y hours later. Or "tarpit" function, that is make every successive failed attempts excessively slower.

You can also use the SRC Ip adress of the request as a criteria, i think for that to work you have to enable the sending of extra radius attributes. Search knowledgebase for "Framed IP Address". 

 

0 Kudos
PhoneBoy
Admin
Admin
‎2024-09-30 08:25 AM
In response to SubZer0

You can configure a SmartEvent Automatic Reaction for this:

image.png

SubZer0
Contributor
‎2024-10-02 08:14 AM
In response to PhoneBoy

Thanks for this. What are best practice config? I am thinking to set up after 5 connections in 10 seconds to block.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top