Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
PCNSE
NSE
StrongSwan
Thanks Emnoc for the suggestions..have any idea for an open source VA and security audit tools also?
The IT head also ask if we could have configuration security audit like what "Nipper" does. Which I think the Free version is only working for cisco, or Any Device Hardening Document for Fortinet we could check
Thanks guys!..
None that I know of and nipper is not avulnerability tool imho. As far as BCP use the fortunate latest BCP on proper or recommended practices.
allowacces ( no telnet, or http UNLESS you have to and you never should have a need for this )
snmp access restrict
audit any fwpolicies with "any" in it
fwpolicy ordering ( seq )
strike all weak ciphers from any VPN-ipse ( des or 3des no-no, use SHA1 or better over md5, dhgrp 14 or better but no less than 5,etc.....)
disable weak SSL protocol ( management interfaces, sslvpn portal )
dropped all factory_fortinet certificate for internet facing
audit access profile for local users better yet deploy a remote-auth solution ( ldap free radius tacacs are all free and open source )
enable logging off appliance
following rel-notes and upgrade as required
etc...
Ken
PCNSE
NSE
StrongSwan
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1713 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.