Hello everybody,
I would like to know if the log stored locally on the FG is encrypted ?
I know that there's an option to encrypte logs sending to the FortiAnalyzer but how about the local logs ?
Thank you for your inputs.
Have a great day all.
None that I know of encrypt logs locally.
The logs are stored in a local file such as tlog and are simple text-fles. If you need encryption you need to export the logs and encrypt at rest but seriously for traffic/config/system/vpn logs nothing should be sensitive by nature of those logs types if basic logs are used. When you start logging details of user/filename/usernames/dpi etc....maybe a small case could be made but that the information shadows the border line of sensitive.
I haven't read the release notes for fortios 7 but maybe a anonymizer is coming within fortios ( i hope ) . A lot of gov agency are mandating random ip/user/file details in logs that are export for analysis or support assistance.
Ken Felix
PCNSE
NSE
StrongSwan
Hi Ken,
Thanks for replying me. Any logs could be sensitive, especially web filtering log where you have the user and his/her browsing data.
I don't think the local log is encrypted either but is the hard-drive encrypted by default ? the idea is if the device or the hard-drive get lost, the thief/attacker will not able to extract any information because the drive is encrypted.
Have a good day!
No the drive is not encrypted. And yes that is why you export the logs from the device and do not log locally unless it memory and even then I rather not waste mem on log messages & surely for historical.
I would be also just equally worried if the device was stolen|lost that your configuration is on the drive.That would could give details about your accounts, psk|password, and topology.
The traffic logs with no user details is not as sensitive but we should always be thinking about Snowden and his many campaigns telling us the big biz, gov, NSO, and such are doing this at all level.
Example, google know all of your traffic and search history and even your shopping history :)
Ken Felix
PCNSE
NSE
StrongSwan
As Ken already said - no, logs are not encrypted locally. To be honest I know of no firewall/vendor that has local logs encrypted - Checkpoint, Palo Alto, Cisco ASA. So not much you can do about this except not to store logs locally but forward them away.
If you are concerned with the physical security of the Fortigate, have a look here for some recommendations: https://docs.fortinet.com/document/fortigate/6.4.0/hardening-your-fortigate/995103/building-security...
like disabling maintainer account etc.
Additionally, if it is relevant to you, Fortigate is FIPS compliant but you have to enable this mode and have custom image. Ken's blog describes this in detail: http://socpuppet.blogspot.com/2014/09/hardening-your-fortigate-firewall-by.html
Thank you guys for your inputs.
Why don't they just encrypt the hard-drive by default or at least as an option ?
Put a new feature request in thru your sales team. I do not know of any vendor that does that, maybe forcepoint now I think about it. Log files are binary to some degree and cfg details are limited. So on their NGFW you can't get too much of anything from the appliance if it was stolen or lost in shipping.
The ( fw vendors ) need a if electronic tampered with "erase my drive" or as in the classic MI movies series where the message delivery device catches on fire after Tom Cruise reads the message...aka self destructed mechanism ;)
I can't think of any military or gov agency that are worried about extracting information since they normally do not ship devices with configuration and if to be deposed off the shred or do some type of local erase.
Ken Felix
PCNSE
NSE
StrongSwan
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.