Help
FortiDeceptor
FortiDeceptor provides Deception-based Breach Protection to deceive, expose and eliminate external and internal threats.
mbensimon
Staff
Staff

Created on ‎08-28-2022 04:43 AM Edited on ‎08-28-2022 04:43 AM By Community Manager

Article Id 222121

Technical Tip: How to use FortiDeceptor to Detect & Mitigate the Hikvision IP Cameras vulnerability

Description

This article describes how FortiDeceptor Decoys can detect activities related to the CVE-2021-36260, a command injection vulnerability in the web server of some Hikvision products.

Due to insufficient input validation, an attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.

 

Cyber Deception Against cyber attacks that try to leverage CVE-2021-36260 vulnerability

 

1) FortiDeceptor starts by deploying network decoys across the network segments, creating a fake environment that simulates the real network and assets.

The 'CVE-2021-36260' exploit looks to attack the web server of some Hikvision product, so a Network decoy that emulates the Hikvision IP Cameras will be deployed across several network locations as Data Center/ DMZ / Cloud.
Scope

The Deception Decoys and lures against the 'CVE-2021-36260 - Hikvision IP Cameras' vulnerability attacks can be used in FortiDeceptor V.3.3 and above.
Solution

Cyber Deception Against 'CVE-2021-36260 - Hikvision IP Cameras' attacks:

 

1) Configure network segments under the 'Deployment Network' section that FortiDeceptor will use to deploy network decoys.

(Due to the nature of the attack, verify to cover the Data Center/ DMZ / Cloud segments where WEB servers are located).

 

2) Deploy network IP Camera Decoy across the Data Center/ DMZ / Cloud segments network VLANs segments that are configured under the 'Deployment Network' section.

(The current FDC decoy emulates the Hikvision IP Cameras).

 

3) Once a threat actor or malware tries to penetrate a network IP Camera decoy, Fortideceptor will trigger a real-time alert.

 

4) FortiDeceptor will leverage the Fortinet Fabric to execute a threat mitigation response to isolate the threat.

 

FortiDeceptor is Part of the Fortinet Security Fabric.

 

FortiDeceptor is natively integrated with FortiGate, FortiNAC, FortiSIEM, FortiAnalyzer, FortiSOAR, FortiEDR, and other Fabric solutions to automate the mitigation response based on attack detection.
441
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.