Network Security Threats and Countermeasures-Firewall Features
In this topic, you will further learn about:
▪ Network Security Threats and its Countermeasures
▪ Product Overview and Introduction to FW Fundamentals
▪ Setting up FortiManager and considerations
▪ Forti Analyser Features
▪ Forti Manager Concepts
▪ Basic FW Administration
▪ Firewall Rule Set and Policies
▪ Create and configure network, host and gateway objects
▪ Verify SIC establishments
▪ Create a basic Rule Base
▪ Use Case
Malware/Ransomware
▪ There is massive increase in ransomware that was triggered by the creation of cryptocurrencies such as Bitcoin, which allowed hackers to demand ransoms anonymously
▪ These sophisticated attacks start by infecting secure database systems, encrypting data, and threatening deletion or corruption of files unless a hefty ransom is paid
▪ Countermeasures:
– Reduce Complexity and Patch
– Layer Security Controls
– Know your high value assets and data
▪ Botnets are currently considered one of the biggest threats. These powerful networks of compromised machines can be remotely controlled and used to launch massive attacks
▪ These attacks are used to overwhelm the victim and make them give in to paying the ransom and gain back control of their system
▪ Countermeasures
– Blacklisting
– Packet Filtering
– Reverse Engineering
– Port Blocking
Computer Viruses and Worms
▪ Viruses are attached to a system or host file and can lay dormant until inadvertently activated by a timer or event
▪ Worms, on the other hand, infect documents, spreadsheets, and other files, sometimes by utilizing macros
▪ As soon as a virus or worm enters your system, it will immediately go to work in replicating itself with the sole goal of infecting as many networked systems and inadequately-protected computers as possible
Computer Viruses and Worms and its Countermeasures
Countermeasures:
– Install good anti-virus software
– Do now download untrusted email attachments
– Never download software from unreliable sites
– Keep all software updated
– Never open suspicious email attachments
– Regularly back up important files
– Regularly scan the computer
– Use a firewall
Phishing Attacks
▪ Phishing attacks are a form of social engineering that is designed to steal sensitive data such as
passwords, usernames, credit card numbers
▪ These attacks impersonate reputable websites, banking institutions, and personal contacts that come in the form of instant messages or phishing emails designed to appear legitimate
Phishing Attacks and its Countermeasures
Countermeasures:
– Know what a phishing scan looks like
– Don't click on "that" link
– Get free anti-phishing add-ons
– Don't give your information to an unsecured site
– Rotate passwords regularly
– Don't ignore updates
– Install firewalls
– Don't be tempted by pop-ups
– Don't give out important information unless it is must
Distributed Denial of Service
▪ DDoS attacks can be disastrous for companies that make their money operating online
▪ It’s likely that not all of the potentially thousands of computers being used for a DDoS attack actually
belong to the attacker.
▪ Instead, it can be assumed that most of the compromised computers are added to the attacker’s
network by malware and distributed across the globe via a botnet.
Distributed Denial of Service and its Countermeasures
Countermeasures:
– Develop a Denial of Service Response Plan
– Secure the network infrastructure
– Practice Basic Network Security
– Maintain Strong Network Architecture
– Leverage the Cloud
– Understand the Warning Signs
– Consider a DDoS-as-a-Service
Cryptojacking
▪ Even before Bitcoin skyrocketed in 2017, cryptojacking has been the tool of choice for hackers looking to steal cryptocurrency from unsuspecting victims for their financial gain.
▪ These attacks are similar to worms and viruses, except that instead of corrupting sensitive data and information, the end goal of cryptojacking is to steal CPU resources.
Cryptojacking and its Countermeasures
Countermeasures:
– Train the IT Team
– Educate the employees of the organization
– Use Anti-Cryptomining Extensions
– Use Ad-Blockers
– Disable JavaScript
Advanced Persistent Threats
▪ Advanced Persistent Threats (APTs for short) are cyber-attacks that call for an unauthorized attacker to code their way into an unsuspecting system network, remaining there undetected for quite some time
▪ Instead of revealing its position, the APT siphons financial information and other critical security
information away from the victim’s network
Advanced Persistent Threats and its Countermeasures
Countermeasures:
– Install a Firewall
– Enable a Web Application Firewall
– Install an Anti-virus
– Implement Intrusion Prevention Systems
– Create a Sandboxing Environment
– Install a VPN
– Enable Email Protection
Trojan Horse
▪ A Trojan horse, or “Trojan,” is a program that appears to be legitimate, but is actually infected with a myriad of viruses.
▪ Once a Trojan horse has network access, it can be used to log keystrokes for the purpose of stealing highly sensitive personal information.
▪ Trojan horse attacks often spread via email in a similar manner as a phishing attack would exploit a network.
Trojan Horse and its Countermeasures
Countermeasures:
– Never download or install software from a source one doesn’t trust completely
– Never open an attachment or run a program sent in an email from someone one doesn’t know
– Keep all software on the computer up to date with the latest patches
– Make sure a Trojan antivirus is installed and running on the computer
Rootkits
▪ Rootkits are a collection of tools that are placed on a network by an attacker that has exploited a system security vulnerability.
▪ The attacker uses the rootkit to enable remote access to the victim’s system and gain administration level access over their network.
▪ Following the remote access connection, rootkits set out to perform malicious attacks that include (but are not limited to) key-logging, password stealing, antivirus disabling, and much more.
▪ Countermeasures for Rootkit include:
– Rootkit Scanner
– Pre-emptive blocking
SQL Injection Attack
▪ SQL injection attacks use malicious code to exploit security vulnerabilities and obtain or destroy private data
▪ These data-driven attacks are quickly becoming one of the most dangerous privacy issues for data confidentiality in the world as many e-commerce platforms still operate on SQL queries for inventory and order processing
SQL Injection Attack and its Countermeasures
Countermeasures:
– Use Stored Procedure, Not Dynamic SQL
– Use Prepared Statements
– Use Object Relational Mapping (ORM) Framework
– Least Privilege
– Input Validation
– Character Escaping
– Vulnerability Scanners
– Use Web Application Firewalls
Network Operations Challenges
Simplified Provisioning
▪ Business Drivers
Improve efficiency of Operations and leverage existing network and Operations staff
▪ Key Capabilities
• Simple Provisioning in <6 minutes (validated by NSS labs)
• SD-WAN and NGFW Templates
• Central Management Console
• DevOps Playbooks and Scripts
• Configure Backups with Revision History
Centralized Management
▪ Business Drivers
• Reduce point products by leveraging a single console across use cases
▪ Key Features
• Scale to 100k+ FortiGate devices
• Fabric Management Extensions
• SD-WAN, NGFW Templates
• Centralized Audit Logging
• Role-based Access Control
Centralized Management
▪ Business Drivers
• Reduce point products by leveraging a single console across use cases
▪ Key Features
• Scale to 100k+ FortiGate devices
• Fabric Management Extensions
• SD-WAN, NGFW Templates
• Centralized Audit Logging
• Role-based Access Control
Network Analytics
▪ Business Drivers
• Combat Advanced Threats by identifying Network and Security Risks in real-time
▪ Key Capabilities
• Network Health Visibility
• Real-time SLA Reporting
• Historic SLA Reporting
• Application Usage Reports and Dashboards
• Adaptive Response Handlers
Compliance Reporting
▪ Business Drivers
• Reduce cost and complexity of Regulatory Compliance
▪ Key Features
• PCI DSS Compliance Reports
• FSBP Security Rating and Scoring
• Customizable Regulatory Templates
• MFA for Device Consoles
• Integration with third party SEM/Analytics/Compliance Tools
Network Automation
▪ Business Drivers
• Reduce Business Process Change and integrate into existing workflows
▪ Key Features
• Connectors to SDN and Public Cloud
• ITSM Integration with ServiceNow
• REST API via fnfd.Fortinet.com
• DevOps Tools like Ansible, Terraform etc.
FortiManager Key Benefits
Three Key Enterprise Initiatives Driving Business
Consolidation Automation & Cloud
Effectively Positioning Based on Role
Simplified Management and Deployment
▪ Goal
– Broadband modernization program to provide secure internet access to 34,000 students
▪ Challenge
– Absence of Network Infrastructure to support the growing needs of K-2 sector
▪ Solution
– Security-centric SD-WAN that’s comprehensive and provides visibility into SSL traffic from schools
– Single pane of glass interface to efficiently deploy and manage devices
– FortGate, FortManager and FortAnalyzer together provided a solid foundation that helped meet the Ministry’s project objectives
▪ Goals
– Secure Network while maintaining HIPAA, HITECH, PCI Compliance
– Protection from ransomware
▪ Challenges
– Distributed network across 17 facilities
– Multiple point product solutions and centralized management
– Poor network connectivity
– Large remote user population
▪ Solution
– Unified protection across facilities
– Centralized administration and monitoring
– Removed throughput and bandwidth constraints
– Facilitated secure, remote access for VPN – SSL users
▪ Goal
– Get best-in class managed security solution protecting back office
systems, reservations and PCI transactions for all 41000 hotels
▪ Challenge
– Many point security solutions; not integrated enough to provide
best-in class security
▪ Solution
– ATT Managed Security Fabric
– Simplified management, deployment and improved operational
efficiency
– Full UTM and Log management/ Deployment? NOC SOC
management and monitoring/ Security Incident and Event
management/ PCI
Competitive Advantages
Knowledge Check
No comments:
Post a Comment