Dear Experts,
Can you please point me towards some technical explanations what are the protections/signatures provided by each type of FortiWeb FortiGard subscriptions.
Am I right that out of the box FortiWeb will cover standard OWASP 20, plus:
[ul]If there is a WAF device with NONE of the subscriptions – how much security can be delivered for Web Apps? Are there any "FortiGuard Security Service" come inside the firmware update with each new firmware version?
Here is example screenshot:
Regards,
Sergej
#### References ####
The definition from the Administrator guide is quite vague - https://docs.fortinet.com...702/fortiguard-updates
FortiGuard updates
One of the most important things you can do is to ensure that your FortiWeb is receiving regular updates from the FortiGuard FortiWeb Web Security service and FortiGuard Antivirus service.
Without these updates, your FortiWeb cannot detect the newest threats.
Event logs record FortiGuard update attempts. In addition to scheduling polls for automatic updates, you can also manually update the service packages or initiate an connectivity test to the FDN at any time. For details, see Connecting to FortiGuard services.
Blocking known attacks & data leaks
Many attacks and data leaks can be detected by FortiWeb using signatures. Enable signatures to defend against many attacks in the OWASP Top 10 (https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project), including many more:
[ul]Cross-site scripting (XSS)SQL injection and many other code injection stylesRemote file inclusion (RFI)Local file inclusion (LFI)OS commandsTrojans/virusesExploitsSensitive server information disclosurePersonally identifiable information leaks[/ul]To defend against known attacks, FortiWeb scans:
[ul]Parameters in the URL of HTTP GET requestsParameters in the body of HTTP POST requestsXML in the body of HTTP POST requests (if Enable XML Protocol Detection is enabled. See To configure an inline protection profile.)CookiesHeadersJSON Protocol DetectionUploaded filename(MULTIPART_FORM_DATA_FILENAME)[/ul]In addition to scanning standard requests, FortiWeb can also scan XML And Action Message Format 3.0 (AMF3) serialized binary inputs used by Adobe Flash clients to communicate with server-side software. For details, see Enable AMF3 Protocol Detection and Configuring a protection profile for inline topologies (for inline protection profiles) or Enable AMF3 Protocol Detection (for Offline Protection profiles).
Updating signatures
Known attack signatures can be updated. For information on uploading a new set of attack definitions, see Uploading signature & geography-to-IP updates and Connecting to FortiGuard services. You can also create your own; for details, see Defining custom data leak & attack signatures.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1696 | |
1091 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.