| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: bwatson at nettracers.com (Bryan K. Watson) Subject: Fortinet Firewalls >Subject: [Full-Disclosure] Fortinet Firewalls >Anyone had any experience with these - >they claim to be able to offer content >filtering and there by detect malicious >content embedded into HTML, as well as >the usual deliver systems. > >Sounds interesting my only concern is how you would stay on top of each new threat... ..automated hourly updates from Fortinet: http://www.fortinet.com/FortiProtectCenter/ I have been very happy with Fortinet Fortigates at my client sites. They do not slow down the traffic (just make sure you get the right capacity unit for the job) and I always configure them for ingress and egress filtering of all non-encrypted traffic (HTTP, FTP, SMTP, IMAP, POP). Additionally, you will want to set your allow policies and then a global deny so that you don't allow circumventing of your protocol scans. These are doing real-time scanning, unlike the typical AV email firewalls that do store->scan->forward. I had one new client site that called me in after being repeatedly cracked (not Windoze but Linux boxes), so I walked in with a Fortigate and the IDS/IPS helped me to track down the originating site and the AV engine showed me what rootkit was being attempted on the target linux box...(de-greetz to you Darius a.k.a. HomeBoy). I still place a snort detector and raw tcpdump passively on the wire at these type of jobs for forensic capture and detection, but I always carry out a Fortigate for use when I am ready to go un-stealth and stop the nefarious activity. I configure the update timer in the Fortigates to check with Fortinet for signature updates every hour...this helped me to have sites protected from MyDoom before the desktop AV vendors could get their sigs out to all the client stations...not much before, but Fortinet is quicker than the desktop AV vendors with AV updates - they don't have to do all that integration and regression testing on all the OS versions that McAfee, Symantec, Trend, Kaspersky, Panda, etc. have to do. You can do global file extension type blocking (exe, zip, dll, etc) so it is easy to quickly lock down all of your network when you suspect some new crack going around. The new version of FortiOS now allows you to do PERL expression matching of any content as well and has a better than rudimentary antispam engine..still testing that one out though. Hope that answers you ??'s. Cheers, -- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Bryan K. Watson - InfoSec Consultant - bwatson@...Tracers.com - www.nettracers.com
Powered by blists - more mailing lists