Who rated this post

cancel
Showing results for 
Search instead for 
Did you mean: 
Lesley
Leader Leader
Leader

Hello,

Make a packet capture while running on encrypted on port 389. You will see everything. This makes it vulnerable for men in the middle attacks. Attackers could steal or change data in the AD. I would strongly recommend to use 636 with fingerprint Check Point. The only downside for 636 in combination with Check Point is the random fingerprint changes. Please refer to this SK to get better understanding: 

 

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

https://community.checkpoint.com/t5/Security-Gateways/Check-Point-LDAPS-connection-breaks-everytime-...

 

-------
If you like this post please give a thumbs up(kudo)! 🙂

View solution in original post

(1)
Who rated this post