This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
s_milidrag
Participant
‎2018-10-28 12:41 AM

Restrict Access to MS Active Directory Services

Jump to solution

Hello,

I would like to know what Service object do you prefer to use to restrict access to Active Directory services.

In Application Control Blade there is a Application signature "Active Directory"

Active Directory Object

policy rule:

policy

Or  do you prefer to place in Service & Application column all needed services:

policy2

Which one is the more secure ?

Thanks

SM
Reply
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2018-10-28 06:54 AM

Jump to solution

If an Application Control signature exists, you should use it.

In terms of the ports allowed, they are identical.

The signature does provide extra checking.

View solution in original post

Reply
3 Replies
Nick_Doropoulos
Advisor
‎2018-10-28 03:02 AM

Jump to solution

The answer would depend on how your LDAP server has been configured. If the server listens on TCP and UDP port 389, which is the default configuration, then you would have to include the following services:

ldap_udp(UDP/389)

ldap(TCP/389)

If your question is about which is the most secure protocol, then the answer would be ldap-ssl(TCP/636) as it will allow LDAP-related traffic to be encrypted. 

Once again though, the service selected will depend on your LDAP server's configuration.

Reply
s_milidrag
Participant
‎2018-10-28 05:32 AM
In response to Nick_Doropoulos

Jump to solution

Thanks Nicholas,

Thanks you for your answer,

Maybe I was not so clear.

There is Application Signature "Active Directory" which should recognized all Active Directory services (tcp/135, tcp/138, ldap_udp, ldap, Kerberos, nbname ......)

So my question is what is more secure/preferable to use in Services & Applications column:

policy3

OR

policy4

Thanks

SM
0 Kudos
Reply
PhoneBoy
Admin
Admin
‎2018-10-28 06:54 AM

Jump to solution

If an Application Control signature exists, you should use it.

In terms of the ports allowed, they are identical.

The signature does provide extra checking.

View solution in original post

Reply