Netskope Global Technical Success (GTS)

Block Any Desk using Netskope's Cloud Firewall Module

Netskope Cloud Version - 120

Objective

The objective of this document is to describe the procedure for blocking AnyDesk using Netskope. While Anydesk is referenced for example, this procedure can be applied for similar Remote Control Applications that an IT Administrator would like to access control over, within the organization.

Prerequisite

This use case can be implemented using Netskope’s Cloud Firewall / SWG Module. This document will describe the procedure for Blocking Anydesk Applications via Cloud Firewall Module.

Context

• AnyDesk and TeamViewer are both remote desktop applications that allow users to connect to and control another computer over the internet.
• They are commonly used for remote support, remote work, and accessing files or applications on another device from a different location. While these applications are available for free, they might not be sanctioned for use within the organization which is why IT Teams might need to exercise control over them. This document describes the procedure for blocking these Applications via Netskope’s Cloud Firewall Module.

Do You Know?

• Netskope’s Cloud Firewall Module supports detection of well known apps using Deep packet inspection. 
• This means that commonly used Applications can be defined within a Cloud Firewall policy without having the need to define them separately as a Custom Firewall Application.
• Examples of these Applications include : Zoom, Teamviewer, Remote Desktop Protocol (RDP)

Lab Recreate

Blocking Anydesk using Netskope Cloud Firewall Module : 

• Anydesk is currently not available as a predefined Cloud Firewall Application. Therefore, we will define Anydesk as a Custom Application and use it in a Real Time protection policy
• Before beginning to define Any Application as a Custom Application, it is essential to understand what Ports / Protocols an application uses for communication.
• As per information available on Anydesk’s website, it uses the Ports 80,443 and 6568 for communication with protocols TCP / UDP on the domain : *.net.anydesk.com

Step 1 : Create a Custom Firewall Application 

Go to Settings - Security Cloud platform - App Definition - Cloud & Firewall Apps - New App Definition Rule 

Step 2 : Create a Real Time protection Policy under Policies - Real Time Protection - New Policy - Firewall

Lab Recreate

Go to Anydesk Application and try connecting to Any Remote computer. Note that if you have Anydesk running previously, please kill the process and relaunch it

You will see a Message prompt as shown below : 

Check the block events in Skope IT - Alerts section 

Terms and Conditions

• All documented information undergoes testing and verification to ensure accuracy.
• In the future, it is possible that the application's functionality may be altered by the vendor. If any such changes are brought to our attention, we will promptly update the documentation to reflect them.

Notes

• This article is authored by Netskope Global Technical Success (GTS).
• For any further inquiries related to this article, please contact Netskope GTS by submitting a support case with 'Case Type – How To Questions'.