?
Solved

Block ports on Logmein and RealVNC

Posted on 2010-01-10
10
Medium Priority
?
1,074 Views
Last Modified: 2013-11-30
I have 100 PC's to monitor at two sites and I'd like to know if there's a way to audit users that install Logmein and RealVNC.  I'd like to block the ports (don't know them yet) but, I look at this as a short-term solution since there are several remote apps out there.  The users have local domain access as it's required for some of the apps to run.
0
Comment
Question by:checkonetwo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +2
10 Comments
 

Expert Comment

by:KGG
ID: 26278674
Hi there,

Through group policy you can block.

Regards
0
 
LVL 11

Expert Comment

by:enriquecadalso
ID: 26278694
Hello. If you have an active directory domain you can configure windows firewall using GPO to block the ports on all PCs.

http://technet.microsoft.com/en-us/library/bb490626.aspx
0
 
LVL 11

Expert Comment

by:enriquecadalso
ID: 26278704
You can also block the execution of the application in the local PCs.

http://technet.microsoft.com/en-us/library/bb457006.aspx
0
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

 
LVL 75

Expert Comment

by:käµfm³d 👽
ID: 26278732
I don't know if you could just get by blocking the ports as RealVNC allows you to switch the port it listens on. It also has a web interface (java applet) that can be configured to run on a completely different port (also configurable). You may want to go the application route as enriquecadalso suggested.

I do not know about Logmein. I would imagine it has some configuration options as well.
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 26278786
if you have a firewall in front of the computers just block all incoming requests.
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 26278789
those services behave like a server application, if you block all incoming requests you are out of danger.
0
 
LVL 2

Accepted Solution

by:
conductance earned 1000 total points
ID: 26283841
For many services like realvnc the advice here works well, but watch for logmein and similar services.  These setup an outbound connection to a remote server on the Internet, often using http over port 80.  This means that just blocking or monitoring incoming connections will not work, and neither will attempting to block outbound connections unless the users do not need web access, or you block access to the specific remote servers by either domain name or IP address.
0
 
LVL 75

Expert Comment

by:käµfm³d 👽
ID: 26284559
I believe certain hardware firewalls allow you to block traffic at the packet level, do they not?
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 26285374
Package inspection fails if the datastream is encrypted and masked as https traffic.
So. We are back at program installation control
0
 
LVL 2

Expert Comment

by:conductance
ID: 26286361
Whereas I agree that program installation control is the best option, it is sometimes difficult to achieve in certain environments (schools and ad/media companies in my experience).  There are devices that will do very clever content inspection, including inspecting inside https data streams, and allow you to block applications according to a signature in the data.  Fortinet (www.fortinet.com) are one vendor of these devices.  I use these and they are very good but require fairly complex configuration (and version 4 firmware which has some stability issues) to achieve everything you want.
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's recap what we learned from yesterday's Skyport Systems webinar.
Hey fellow admins! This time, I have a little fairy tale for you. As many tales do, it starts boring and then gets pretty gory. I hope you like it. TL;DR: It is about an important security matter, you should read it if you run or administer Windows …
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question