Chapter 11 – Hardening

Disable auto installation via USB

An attacker with a physical access to the device could load a new configuration or firmware on the FortiGate using the USB port, reinitializing the device through a power cut. To avoid this, execute the following CLI commands:

config system auto-install

set auto-install-config disable set auto-install-image disable

end

 

Configure auditing and logging

Audit web facing administration interfaces. By default, FortiGate logs all deny actions. You can check these actions by going to Log & Report > System Events. This default behavior should not be changed. Also secure log files in a central location such as FortiCloud and configure alert email which provides an efficient and direct method of notifying an administrator of events. You can configure log settings by going to Log & Report > Log Settings.

An auditing schedule should be established to routinely inspect logs for signs of intrusion and probing.

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.