Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
MarcuzShinz
Contributor

How can Checkpoint detect default applications running through different ports?

The detailed description of the case is as follows:
- We needs to block remote desktop tcp/3389, however, when the administrator changes the rdp service to a port other than 3389, the written RDP blocking policy cannot block it.

- Therefore, the we needs to find a way to use Checkpoint to block Microsoft's RDP application even when RDP runs on a custom port (not 3389). Not only RDP, there needs to be a radical solution to block other protocols/apps such as ssh, telnet nonstandard port

0 Kudos
5 Replies
G_W_Albrecht
Legend Legend
Legend

Afaik most issues are with dropped RDP connections that should work 😉 I would expect whitelisting could be a solution here - only allow your usual connections / apps and block the rest.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
the_rock
Legend
Legend

I would agree with statement that whitelisting approach might be the best.

Andy

0 Kudos
Chris_Atkinson
Employee Employee
Employee

As others have mentioned the approach used for construction of the policy could be relevant.

Reviewing the "Protocol Signature" option is also worth mentioning here.

CCSM R77/R80/ELITE
the_rock
Legend
Legend

Super valid point.

0 Kudos
PhoneBoy
Admin
Admin

This is a problem that can be solved by a much more restrictive security policy.
Specifically, only allowing the ports, protocols, and applications that are actually needed and not allowing "any" service/application unless absolutely required.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events