|
The FortiGate alone is not sufficient to prevent ransomware attacks. The following information discusses few remediation steps that can help to get protected from ransomware:
1) It is possible to configure antivirus in the extreme database and IPS in all policies which connect to the internet. Also, configure a web filter to block access to malicious sites can be efficient. Enable botnet scanning in FortiGate. Consider content filtering, Sandbox, Malware protection, etc.
2) Use a High-Security IPS profile for inbound traffic to servers.
3) Use deep inspection in the Firewall Policies so that the firewall can inspect encrypted traffic.
4) Consider control of End Points via FortiClient or EMS which require additional licensing for security modules in End Point computers.
5) Verify published services and ports in firewall policies.
6) Do testing of Penetration and validations of vulnerabilities in your servers.
7) Keep the equipment updated with the most recent versions and security patches and keep firewalls updated with the latest firmware versions. Refer to Release notes for known and resolved issues.
8) Log analysis, vulnerability reports, and its mitigation of the results obtained.
9) Create policies to deny traffic through the IP Reputation Database.
10) The Ransomware issue can only be prevented by mitigating all the weak points on all the computers. The Firewall is just one of the many security factors that must be analyzed.
Related documents:
http://docs.fortinet.com/document/fortigate/6.4.3/administration-guide/668865/botnet-c-c-ip-blocking
https://community.fortinet.com/t5/FortiGate/Technical-Note-FortiOS-4-0MR2-Antivirus-database-support...
https://www.fortinet.com/solutions/small-business/stop-ransomware-phishing
- Antivirus and Sandbox techniques:
https://help.fortinet.com/fos60hlp/60/Content/FortiOS/fortigate-security-profiles/Antivirus/antiviru...
https://www.fortinet.com/products/sandbox/fortisandbox
- Deep packet Inspection and web filtering:
https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-security-profiles-54/Web_Filter/Web%...
https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/122078/deep-inspection
- IPS Best Practices:
https://docs.fortinet.com/document/fortigate/6.0.0/handbook/48143/intrusion-prevention-system-ips
- Other documents related to ransomware:
https://www.fortinet.com/solutions/small-business/stop-ransomware-phishing
https://www.fortinet.com/resources/cyberglossary/ransomware
https://www.fortinet.com/blog/industry-trends/fifteen-steps-to-protect-your-organization-from-ransom...
https://docs.fortinet.com/document/fortigate/7.2.3/administration-guide/836396/antivirus
https://www.fortinet.com/resources/cyberglossary/types-of-cyber-attacks
https://www.fortinet.com/resources/cyberglossary/how-to-prevent-ransomware
https://www.fortinet.com/blog/industry-trends/10-steps-for-protecting-yourself-from-ransomware
https://www.fortinet.com/corporate/about-us/contact-us/experienced-a-breach
- Related KB Article:
https://community.fortinet.com/t5/FortiGate/Detecting-and-Protecting-against-CryptoLocker-Botnet-and...
|
