- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
03-11-2013 03:20 PM
Does anyone else feel that the application dependencies for MSRPC are incorrect?
PA currently lists MSRPC as dependent on MS-DS-SMB and NETBIOS-SS. However, those protocols are not actually necessary for MSRPC to work. They are distinct protocols with different purposes. To my mind, including those dependencies encourages administrators to include unnecessary access in security policy. For example, if I'm writing a rule to allow access to an Exchange server I don't normally want to give users the ability to map drives - Yet, this is what the dependencies are telling me I should do.
While I am quite comfortable with ignoring the warnings generated at commit time, I still feel it is a mistake to have these dependencies. I'm very interested in hearing other people's opinions.
03-11-2013 04:16 PM
Actually, the dependencies are still there. All that has happened is PAN devices will now implicitly add the 'needed' applications to a rule where an explicit application has dependencies. This actually increases my worry that more access would be granted than intended.
03-11-2013 04:22 PM
As I understand thats not entirely true.
The dependencies are only open for the amount of packets needed in order to detect the main application.
For example where you previously was forced to have both appx and web-browsing open forever you now only add appx and the web-browsing will only be allowed for the amount of packets needed to detect appx, if appx is not detected after this amount then the web-browsing session is denied.
03-12-2013 02:20 AM
Yes, but only for the first few packets needed to determine the underlying application.
03-12-2013 08:40 AM
I stand corrected on the behavior under 5.0+. Thanks. I feel a little better about the security of the devices now.
That still doesn't address my original question though. All of the documentation I've been able to find on the Internet indicates that MSRPC/DCM is a completely separate protocol. Is there truly a dependency between the MSRPC/DCOM and NETBIOS protocols? Is SMB really necessary for MSRPC to work?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!