Security Best Practice: Domains Block List Protection - Blocking LogMeIn
| Check Point Reference: | SBP-2007-04 | |
| Date Published: | ||
| Severity: | ||
| Last Updated: | ||
| Source: | SmartDefense Research Center | |
| Protection Provided by: |
VPN-1
|
|
| Who is Vulnerable? Microsoft Windows operating systems | ||
| Vulnerability Description LogMeIn is a remote control application that provides access to any Windows PC from anywhere in the world. It only requires a computer connected to the Internet. The user can remotely access a target computer and have a full desktop view and complete control of everything on it, including: Remote access, File Transferring, Remote Printing and File Sharing. The use of LogMeIn may circumvent the organizational security policy. SmartDefense is able to detect and block LogMeIn via denying the access to its Web interface. |
||
|
Vulnerability Details SmartDefense contains a Block List for the purpose of filtering out undesirable traffic. A Block List is a group of URL addresses that have been prohibited. SmartDefense will not allow a user to access a domain address specified in the Block list. |
Protection Overview
By enabling this protection, SmartDefense will detect and block any access to the logmein.com domain. No update is required to address this issue.
To configure the defense, select your product from the list below and follow the related protection steps.
VPN-1 NGX R62
How Can I Protect My Network?
1. In the SmartDefense tab, click Application Intelligence > DNS > Domains Block List.
2. In the configuration pane, under Settings > Mode, check Active.
3. Under Drop all DNS requests for the following domains, click Select. The Select Domains Block List window opens.
4. Click New > Domain. The Domain Properties window opens.
5. In the Name field enter the following domain:
logmein.com
6. Click OK. The Select Domains Block List window reopens.
7. Under Available Domains select .logmein.com and click ADD. Click OK.
8. Install policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Invalid DNS
Attack Information: Domain found in block list
VPN-1 NGX R61, R60 & VPN-1 NG with Application Intelligence R55W
How Can I Protect My Network?
1. In the Smartdefense tree, click Application Intelligence > DNS and select Domains Block List.
2. In the Domains Block List pane, under Drop all DNS requests for the following domains, click Select. The Select Domains Block List window opens.
3. Click New > Domain. The Domain Properties window opens.
4. In the Name field enter the following domain:
logmein.com
5. Click OK. The Select Domains Block List window reopens.
6. Under Available Domains select .logmein.com and click ADD. Click OK.
7. Install security policy.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Invalid DNS
Attack Information: Domain found in block list
InterSpect NGX
How Can I Protect My Network?
1. In the lefthand menu, click Profiles > Default Protection > SmartDefense. The SmartDefense page opens.
2. In the SmartDefense tree, click Application Intelligence > DNS > Domains Block List.
3. In the Domains Block List pane, under Drop all DNS requests for the following domains, click Select. The Select Domains Block List window opens.
4. Click New > Domain. The Domain Properties window opens.
5. In the Name field enter the following domain:
logmein.com
6. Click OK. The Select Domains Block List window reopens.
7. Under Available Domains select .logmein.com and click ADD. Click OK.
8. Install security policy.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Invalid DNS
Attack Information: Domain found in block list