Embed Size (px)
Citation preview
© Copyright Fortinet Inc. All rights reserved.
Inside FortiOS IDS & IPSVersione 5.2.4 – Mar 2015Lan & Wan Solutions – Soluzioni Informatiche per Reti Locali e Geografiche
2
FortiOS Features
3
FortiOS 5.2 Feature Set
ATP OSS Support AAA Central Mgmt. Integrations
Configuration Visibility Log & Report Diagnostics Management
Anti-Malware IPS Application Control
WebFiltering Email Filtering
Firewall VPN DLP User & Device Identity SSL inspection Security Functions
Wireless Controller
Switch Controller
Endpoint Manager Token Server Vulnerability
Scanner Extensions
:::::::::: Virtual Domains :::::::::: Virtual SystemsRouting NAT/CGN WAN Link / Server LB Wan Optimization
Network FunctionsL2/Switching IPv6 QoS High Availability
NAT/Route Transparent Sniffer Operating Modes
LAN WiFi WAN Network Interface
Physical Appliance (+ASICS) Hypervisor Cloud Platform
* Features may varied by models
4
Overview IPS
IPS Signatures Over 7,000+ Signatures Integrated FortiGuard IPS encyclopedia Zero-day Threat Protection & Research Custom Signatures Rate based Signatures Signature Filtering User Quarantine, Packet Logging
DOS Protection Rate based - set thresholds for various
types of network operations
Deployment Options Sniffer Mode Bypass Interface & FortiBridge Low latency, superior coverage
and cost/performance integrated IPS
2012 NSS Security Value Map
V5.2
5
IPS Sensor
Regular IPS Signatures Protect against
» Known Vulnerability & Zero day exploits
» Protocol abnormalities
Details Pop-Up linked to FortiGuard IPS encyclopedia
Filtered by
IPS
Severity OSProtocol Applicatio
ns
Target (Client/Server)
V5.2
6
Rate Based Signatures Brute force protection by blocking subsequent requests when
threshold (incident per defined sec.) is reached» Definable block duration» Various tracking methods
IPS Sensor IPS
V5.2
7
FortiGuard Service
Outstanding Detection Rate 100% resistance to evasions, 97.9%
Detection rate (NSS Test 2011)
Vigorous Benchmark Testing Tested on over 4 different tools Weekly Determine & Improve effectiveness of a
security device to detect network vulnerabilities
IPS
8
FortiGuard Service
FortiGuard Center FortiGuard Encyclopedia – detailed description of known threats IPS Updates log (RSS Feed) Vulnerability Advisories Threat Monitor – Top attacks by geographic breakdowns
Zero-Day Research• Reported over 153 vulnerabilities, 124 of which have been disclosed and fixed by the
appropriate vendor(s)
IPS
9
Performance IPS
Latency (μs)
0 20 40 60 80 100 120 140 160
NSS IPS Latency (July 2012)
Check Point 12600 Stonesoft 1302 Juniper IDP 8000 Sourcefire 3D8120 Sourcefire 3D8260 Sourcefire 3D8250
SonicWALL SuperMassive IBM GX7800 PA 5020 HP/TippingPoint 6100N McAfee M-8000 FortiGate 3240C
FortiGate 3240C also beats all IPS competition with Lowest Latency
10
Packet Logging
Forensic Tool Packet Capture triggered IPS
signatures Can be saved as pcap file for
forensic studies Can be either log to disk,
FortiAnalyzer or FortiCloud
IPS
11
User Quarantine
Intelligently blocks attackers from launching further attack» Most attacks are conducted via several steps. Eg. port scan, followed by more
targeted hacking activities
Free up IPS resources since traffic is now stopped by firewall. Manually or set expiry time to remove from banned list
User Quarantine
Attackers IP Address
Antivirus IPS DLP
Duration
Endpoint Control
IPS
V5.2
12
Advanced Features IPS
V5.2
NGIPS Contextual Awareness
» Correlate with related information such as users & applications
Automation» Automated impact assessment for quick policy tuning with FortiView» Network behavior analysis using Threat Score
13
DOS Sensors
DOS Protection Detects and mitigate traffic that is is part of a DoS attack Applied as DOS Policies prior of Firewall Policies Rate based: set thresholds for various types of network operations Sensor list can be updated only when the firmware image is upgraded on the
unit.
TCP UDP ICMP
Packet Rate to a Destination IP TCP_SYN_FLOOD UDP_FLOOD ICMP_FLOOD
Packet Rate from a Source IP TCP_PORT_SCAN UDP_SCAN ICMP_SWEEP
# of Concurrent Sessions to a Destination IP TCP_DST_SESS UDP_DST_SESS ICMP_DST_SESS
# of Concurrent Sessions From a Source IP TCP_SRC_SESS UDP_SRC_SESS ICMP_SRC_SESS
IPS
14
Contattaci Gratuitamente …
Certified experts in Fortimail and email security
Certified experts in Fortiweb and web application firewall protection
Certified experts in FortiAp, FortiWifi and wireless security
CONTACTSTel. +39 049 8843198 DIGIT (5)[email protected]
www.lanewan.it
In questi anni di partnership con la casa madre, Lan & Wan Solutions ha ottenuto tutte le specializzazioni previste nei vari iter di certifica-zione, raggiungendo la qualifica di Partner Of Excellence.
