This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Miguel_Sanchez
Participant
‎2018-08-21 08:34 AM

Inspect SSL/TLS on Non-Common Ports

As far as we know, IPS signatures that look for SSL/TLS details like the version, do so in common SSL/TLS ports like TCP 443. We get that inspecting for SSL/TLS on every port will degrade performance, but it would be nice if the admin had the option to enable SSL/TLS inspection on IPS signatures in non-common ports.

This might be needed in scenarios where a company has to change the default port for services that use SSL/TLS and would like to keep the controls provided by the IPS signatures.

6 Replies
Vladimir
Champion
Champion
‎2018-08-21 07:40 PM

Miguel,

Actual inspection, as defined, is only for HTTPS, not other protocol that can use SSL/TLS for security. You can clone the  HTPS and define different port for it and it should still be inspected, if this is all that you are trying to accomplish:

0 Kudos
Miguel_Sanchez
Participant
‎2018-08-22 07:33 AM

I'm not talking about https inspection itself. Take for example the IPS signatures/protections that look for the SSL/TLS version. You can configure the signatures to block/prevent SSLv3.0 usage as an example. But this protection will only do that in common ports. It will block connections using SSLv3.0 on port 443, but not on a random non-common port that your organization might use like port TCP 334.

0 Kudos
_Val_
Admin
Admin
‎2018-08-24 03:56 AM

IPS is using streaming to inspect signatures. If you want to port SSL/TLS IPS protection, you need to mark your custom service as HTTPS, as already shown on the picture above. Check Point streaming engine needs to know this specific TCP port needs to be streamed too.

Have you tried doing that?

0 Kudos
Isaias_Mercado
Explorer
‎2018-11-08 11:41 AM

We need a simple method of adding a custom port, this means a port different from 443 ( https). So that the inspection could be applied to the inspection selected. So that it allows to choose the protocol different from https and the port in which they are implementing SSL over TLS for example could be implemented in a different port than 443 and the inspection it is still needed. 

0 Kudos
Miguel_Sanchez
Participant
‎2018-11-08 11:53 AM

We tried setting a custom port like in the image below. That port uses a propietary protocol based on ISO 8583 over SSL.

In our testings, the signature that prevents SSLv3 usage doest not stop connections that negotiate SSLv3 using that port, but if we use SSLv3 in a port like 443, then it works.

0 Kudos
cezar_varlan1
Collaborator
‎2020-03-31 12:05 AM
In response to Miguel_Sanchez

+1 on this one

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events