Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Blocking Microsoft remote desktop connection via Juniper firewall

Posted on 2010-09-07
6
Medium Priority
?
1,513 Views
Last Modified: 2013-11-16
We have a windows webserver running iis behind Juniper firewall. We like to Block admins  from using Microsoft remote desktop connection to this server from outside. Is it possible to make the blocking by Juniper firewall? we only permit admins to use the remote desktop from inside the company not from outside.
thanks
0
Comment
Question by:alex-2010
6 Comments
 
LVL 1

Accepted Solution

by:
microworx earned 1000 total points
ID: 33623264
Just block port 3389 on the firewall or remove the existing rule (it's probably an added rule if access is there, normally it's blocked by default).  This will block anyone from outside, but not change access from the internal network.
0
 
LVL 2

Expert Comment

by:sibisteanu
ID: 33626878
Go to Policy - Check the rules From Untrust to Trust for Service RDP (3389). If you find it disable.

You also you are the possibility to create a deny rule:
1. Define the service RDP if it is not yet created:
Go to Policy - Policy Elements - Services - Custom
Create a new service:
RDP      TCP src port: 1024-65535, dst port: 3389-3389

2. In the Policy select From: Untrust - To: Trust and click: New
Source Address – ANY
Destination Adress – ip of the server
Service: RDP
Action: Deny
0
 

Author Comment

by:alex-2010
ID: 33672930
if i block 3389, admins can use Microsoft remote desktop connection via http can't they?
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
LVL 2

Expert Comment

by:sibisteanu
ID: 33673331
If you make a rule for the outside area this will not affect internal connection. Do not block RDP from the inside lan.
0
 
LVL 2

Expert Comment

by:sibisteanu
ID: 33673354
Juniper work with the “zone” not the “interface”. Block the traffic for the zone with the interface connected to the internet. Permit the traffic for the zone with the interface connected to local lan.
0
 
LVL 11

Expert Comment

by:DIPRAJ
ID: 33741061
you can do one thing create a host.. for the preferred ip and make a dedicated rule for the same.. if possible allow all port except netbios
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
Integration Management Part 2
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

572 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question