Cybersecurity Skills Shortage Is Not Just About Having the Right Products and Technology

Leave a reply

Fortinet posted a pretty good blog entry today on the Cyber Security Skills Shortage and relationship between it not just being about having the right technology but also the right people. You can see an excerpt of the article below and read the rest by clinking the link underneath.

It’s evident that demand for trained and experienced cybersecurity professionals far exceeds supply. With 46% of organizations now claiming that they have a problematic shortage of cybersecurity skills, significantly up from last year at just 28%, its apparent that the growing cybersecurity talent shortage is starting to represent a global security risk. [i]

Lacking a comprehensive cybersecurity education and training strategy, large organizations are going to continue to battle highly sophisticated and well-organized cyber-adversaries with their own skeleton crew. Click Here To Continue Reading

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

SSL Inspection – Office 365

1 Reply

I saw this post over on the Fortinet Support forums and wanted to cross post it here in case no one has experienced this issue. Always check the web filter and make sure domains are rated properly! Some situations it makes sense to allow websites if they are unrated or if a rating failure occurs. Especially in environments where down time hurts. Granted, I like to keep my environment more secure than that so it just makes sense for me to be quick with the troubleshooting.

Question: Hi all,

I am trying to get Office 365 to work on site behind a Fortigate 50E. Unfortunately I’m having a lot of trouble.

I found this document: http://cookbook.fortinet.com/exempting-google-ssl-inspection/

I was able to translate that into 5.4 and create the addresses that should be used by Office 365, but it still isn’t working. When I look at the IP4 policy, it appears to just be doing SSL Certificate Inspection. Do the exceptions I put into the Deep Inspection apply to SSL Certificate Inspection as well? Because that is very not clear. And if not, how do I exempt sites from SSL Certificate Inspection?

Thanks!

Correct Answer: This was actually being blocked in Webfiltering because the autodiscover.domain.com was unrated, which was set to block by default. I created an exception for it and changed the category from unrated to business IT use, and it now works.

Thanks!

Fortinet Kicking Ass On NSS Labs NGFW Security Value Report

Leave a reply

I don’t know if you guys have seen the report of not but Fortinet has whooped some serious ass on the NGFW Security Value Report from NSS Labs. In case you don’t know, NSS Labs is a truly unbiased hardware research firm. You may be thinking to yourself, “But Mike, what about Gartner?” Well, everyone knows that the Gartner reports are all about how much money you throw to line their pockets with. Cough, I mean, Cough how well you “sell” your product to them.

NSS Labs has been providing quality third party reviews and ratings of devices for a while now and according to the NGFW Security Value Report the FortiGate 3200D placed ahead of all NGFW competitors (cough Palo, Cough Check Point) in terms of NGFW (Next Generation Firewall) effectiveness.

It’s cool though. I’m sure a lot of businesses out there will keep falling for the marketing gimmicks and flashy ads for Palo Alto and Cisco. Let them waste their money while you get better value and total cost of ownership by flying under the Fortinet flag. I swear if Fortinet would listen to some of my feature requests (mostly items listed on the “Where Fortinet is Messing Up” page of this site, and get some sexy advertising going to wow the idiots out there they would squash the competition. Oh well…

NSS Labs NGFW Security Value Report

FortiGate 92D Tweaks Incoming

3 Replies

Going to be overhauling my policy set and UTM Sensors on the 92D at the house. Pretty excited. Gotta lock security down even further because I want to host some services off my business line with static IP. Pretty stoked and will go through the process with you all in hopes that it provides clarity on something Fortinet related to you that you didn’t get before.

AV Throughput Removed From DataSheets

1 Reply

So, I am sure some of you have been running around a little bit like chickens with your heads cut off about that fact that the data sheets no longer list the AV throughput. Don’t worry, this is by design. They are switching to NGFW values for these to compete with Palo Alto and the likes in the NGFW market. Don’t worry, AV throughput is about to be useless anyways as 5.4 comes more mainstream. the 5.4 code is SO MUCH better on speed and reliability that even if they kept the AV numbers they would have to retest the hardware to get new numbers.

Official Fortinet Response:

“The Proxy AV specification will no longer be presented and removed from all existing FortiGate data sheet starting from 15th January 2016. An archive of old data sheets will be available. We’ll be replacing these specifics with more widely used NGFW values. The new data sheet should be out 28th January and Product Matrix updated in February Edition.”

A Closer Look at Locky Ransomware

Leave a reply

A new ransomware named “Locky” is currently circulating in the wild and making the headlines. There are some good reports regarding Locky ransomware already available over the Internet. This blog intends to focus on some technical areas that (we believe) have not been covered yet, namely, its domain generation algorithm, command and control communication, and file encryption.

For reference, the following is a screenshot of Locky’s Decrypter page (cropped to save space): Click Here To Read The Rest Of The Article

Zones Will Save Your Sanity

10 Replies

FortiGates are interface driven firewalls. Policy is relatively straight forward. Port 1 to Wan 1 Allow HTTP NAT you get my drift. In more complex environments though where you can easily have 5-10 interfaces (even more if you bring in VLAN’s) you will most certainly want to use Zones.

What is a zone? A zone is a created “Interface” that you assign other interfaces to. For instance, my common deployment has 2 main zones, INSIDE and OUTSIDE. This keeps policy extremely simple.

The train of thought with this ZONE setup is traffic is either coming in or out. From there you just create the policy and work accordingly. This makes deployments for my clients super easy.

The setup at my house is utilized this way as well (I have a FortiGate 92D at home). My setup is slightly more advanced though thanks to having dual internet connections, SSL VPN, and other capabilities kicked on. But as you can see in the policy set below I have an INSIDE zone. That zone has my work network, my personal home network, and my DMZ wireless network (for when I am cleaning peoples deranged and abused machines). I have each one assigned to the INSIDE zone so that I can apply the same policy for traffic that is traveling from inside sources to the internet. This greatly reduces policy count and helps keep things uniform.

Disclaimer: Make sure to click the “Block Intra-Zone Traffic” check box when creating a zone that includes a set of networks that you don’t want to communicate without policy. For instance, my INSIDE zone has my work network which I need to make sure only my work laptop can see, My personal network which sees everything on the personal net, and a DMZ network that I absolutely don’t want ANY of my other networks to receive traffic from or send traffic to. So I check the “block intra-zone traffic” box when I create my zone (can be edited after the zone is created as well) and then manually allow it via policy (work network is able to access printer on personal net etc). Remember, the more granular you are the better your security will be. Also, the only traffiic that should be able to flow is the traffic you explicitly allow.

Zone Setup FortiGate FortiOS 5.4

10 Simple Ways to Mitigate DNS Based DDoS Attacks

Leave a reply

UDP floods are used frequently for larger bandwidth DDoS attacks because they are connectionless and it is easy to generate UDP packets using scripts.

DNS uses UDP primarily and under some circumstances uses TCP. Because, the usage of UDP/DNS protocol is extremely popular as a DDoS tool.

Since DNS is a critically important protocol upon which the Internet is based, its availability is of utmost importance. To deny the availability, a malicious attacker sends spoofed requests to open DNS resolvers that allow recursion. There are millions of open DNS resolvers on the Internet including many home gateways. The open DNS resolver processes these requests as valid and then returns the DNS replies to the spoofed recipient (i.e., the victim). When the number of requests is large, the resolvers could potentially generate a large flood of DNS replies. This is known as an amplification attack because this method takes advantage of misconfigured DNS resolvers to turn a small DNS query into a much larger payload directed at the target. In yet another type of attacks, unsolicted or anomalous queries may be sent to the DNS servers. Click Here To Continue Reading