• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1090
  • Last Modified:

Block ports on Logmein and RealVNC

I have 100 PC's to monitor at two sites and I'd like to know if there's a way to audit users that install Logmein and RealVNC.  I'd like to block the ports (don't know them yet) but, I look at this as a short-term solution since there are several remote apps out there.  The users have local domain access as it's required for some of the apps to run.
0
checkonetwo
Asked:
checkonetwo
  • 3
  • 2
  • 2
  • +2
1 Solution
 
KGGCommented:
Hi there,

Through group policy you can block.

Regards
0
 
enriquecadalsoCommented:
Hello. If you have an active directory domain you can configure windows firewall using GPO to block the ports on all PCs.

http://technet.microsoft.com/en-us/library/bb490626.aspx
0
 
enriquecadalsoCommented:
You can also block the execution of the application in the local PCs.

http://technet.microsoft.com/en-us/library/bb457006.aspx
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
käµfm³d 👽Commented:
I don't know if you could just get by blocking the ports as RealVNC allows you to switch the port it listens on. It also has a web interface (java applet) that can be configured to run on a completely different port (also configurable). You may want to go the application route as enriquecadalso suggested.

I do not know about Logmein. I would imagine it has some configuration options as well.
0
 
TolomirAdministratorCommented:
if you have a firewall in front of the computers just block all incoming requests.
0
 
TolomirAdministratorCommented:
those services behave like a server application, if you block all incoming requests you are out of danger.
0
 
conductanceCommented:
For many services like realvnc the advice here works well, but watch for logmein and similar services.  These setup an outbound connection to a remote server on the Internet, often using http over port 80.  This means that just blocking or monitoring incoming connections will not work, and neither will attempting to block outbound connections unless the users do not need web access, or you block access to the specific remote servers by either domain name or IP address.
0
 
käµfm³d 👽Commented:
I believe certain hardware firewalls allow you to block traffic at the packet level, do they not?
0
 
TolomirAdministratorCommented:
Package inspection fails if the datastream is encrypted and masked as https traffic.
So. We are back at program installation control
0
 
conductanceCommented:
Whereas I agree that program installation control is the best option, it is sometimes difficult to achieve in certain environments (schools and ad/media companies in my experience).  There are devices that will do very clever content inspection, including inspecting inside https data streams, and allow you to block applications according to a signature in the data.  Fortinet (www.fortinet.com) are one vendor of these devices.  I use these and they are very good but require fairly complex configuration (and version 4 firmware which has some stability issues) to achieve everything you want.
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

  • 3
  • 2
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now