How can Checkpoint detect default applications run...

MarcuzShinz

The detailed description of the case is as follows:
- We needs to block remote desktop tcp/3389, however, when the administrator changes the rdp service to a port other than 3389, the written RDP blocking policy cannot block it.

- Therefore, the we needs to find a way to use Checkpoint to block Microsoft's RDP application even when RDP runs on a custom port (not 3389). Not only RDP, there needs to be a radical solution to block other protocols/apps such as ssh, telnet nonstandard port

G_W_Albrecht

Afaik most issues are with dropped RDP connections that should work 😉 I would expect whitelisting could be a solution here - only allow your usual connections / apps and block the rest.

CCSE / CCTE / CCME / CCSM Elite / SMB Specialist

the_rock

I would agree with statement that whitelisting approach might be the best.

Andy

Chris_Atkinson

As others have mentioned the approach used for construction of the policy could be relevant.

Reviewing the "Protocol Signature" option is also worth mentioning here.

CCSM R77/R80/ELITE

the_rock

Super valid point.

PhoneBoy

This is a problem that can be solved by a much more restrictive security policy.
Specifically, only allowing the ports, protocols, and applications that are actually needed and not allowing "any" service/application unless absolutely required.

Are you a member of CheckMates?

How can Checkpoint detect default applications running through different ports?