This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
MarcuzShinz
Collaborator
Collaborator
‎2024-09-09 03:26 AM

How can Checkpoint detect default applications running through different ports?

The detailed description of the case is as follows:
- We needs to block remote desktop tcp/3389, however, when the administrator changes the rdp service to a port other than 3389, the written RDP blocking policy cannot block it.

- Therefore, the we needs to find a way to use Checkpoint to block Microsoft's RDP application even when RDP runs on a custom port (not 3389). Not only RDP, there needs to be a radical solution to block other protocols/apps such as ssh, telnet nonstandard port

0 Kudos
5 Replies
G_W_Albrecht
MVP Silver
MVP Silver
‎2024-09-09 07:09 AM

Afaik most issues are with dropped RDP connections that should work 😉 I would expect whitelisting could be a solution here - only allow your usual connections / apps and block the rest.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2024-09-09 07:19 AM

I would agree with statement that whitelisting approach might be the best.

Andy

Best,
Andy
0 Kudos
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2024-09-09 08:06 AM

As others have mentioned the approach used for construction of the policy could be relevant.

Reviewing the "Protocol Signature" option is also worth mentioning here.

CCSM R77/R80/ELITE
the_rock
MVP Platinum
MVP Platinum
‎2024-09-09 08:18 AM
In response to Chris_Atkinson

Super valid point.

Best,
Andy
0 Kudos
PhoneBoy
Admin
Admin
‎2024-09-09 01:04 PM

This is a problem that can be solved by a much more restrictive security policy.
Specifically, only allowing the ports, protocols, and applications that are actually needed and not allowing "any" service/application unless absolutely required.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events