Need to block WINSCP application but want to allow ssh

MohammedAsik — Fri, 17 Apr 2020 06:32:20 GMT

Hi Team

In sec policy I have allowed for some users only RDP and SSH application. But these users are able to use WINSCP application because WINSCP application also using port 22. I want to block winscp application but allow ssh application. How can we achieve this ?

Please help us.

Regards

Mohammed Asik

Re: Need to block WINSCP application but want to allow ssh

BruceBennett — Fri, 17 Apr 2020 14:28:47 GMT

If you see it as an application in your traffic monitoring, then you should be able to create a rule, specifically blocking that application before your allow rule. I had to do the same thing with Webdav and Sharepoint in a recent implementation. If the traffic is only showing up as SSL traffic, then I do not think you can specifically block a program/application. Also, since it is SSL type traffic, you will need to do SSL decryption for that traffic before it would be identified as an application other than SSL.

Not to go too far on this response, but if it is not a standard application and you are doing SSL decryption, you may be able to create your own custom application that is specific to that WINSCP traffic and block the traffic as described above. Sorry, I do not know much about WINSCP.

topic Need to block WINSCP application but want to allow ssh in General Topics

Need to block WINSCP application but want to allow ssh

Re: Need to block WINSCP application but want to allow ssh