IDS

1. © Copyright Fortinet Inc. All rights reserved.
Inside FortiOS IDS & IPS
Versione 5.2.4 – Mar 2015
Lan & Wan Solutions – Soluzioni Informatiche per Reti Locali e Geografiche

2. 2
FortiOS Features

3. 3
FortiOS 5.2 Feature Set
ATP OSS Support AAA Central Mgmt. Integrations
Configuration Visibility Log & Report Diagnostics Management
Anti-Malware IPS
Application
Control
Web
Filtering
Email Filtering
Firewall VPN DLP
User & Device
Identity
SSL inspection Security Functions
Wireless
Controller
Switch
Controller
Endpoint
Manager
Token Server
Vulnerability
Scanner Extensions
:::::::::: Virtual Domains :::::::::: Virtual Systems
Routing NAT/CGN WAN Link / Server LB Wan Optimization
Network Functions
L2/Switching IPv6 QoS High Availability
NAT/Route Transparent Sniffer Operating Modes
LAN WiFi WAN Network Interface
Physical Appliance (+ASICS) Hypervisor Cloud Platform
* Features may varied by models

4. 4
Overview IPS
IPS Signatures
 Over 7,000+ Signatures
 Integrated FortiGuard IPS encyclopedia
 Zero-day Threat Protection & Research
 Custom Signatures
 Rate based Signatures
 Signature Filtering
 User Quarantine, Packet Logging
DOS Protection
 Rate based - set thresholds for various
types of network operations
Deployment Options
 Sniffer Mode
 Bypass Interface & FortiBridge
 Low latency, superior coverage
and cost/performance integrated
IPS
2012 NSS Security Value Map

5. 5
IPS Sensor
Regular IPS Signatures
 Protect against
» Known Vulnerability & Zero day
exploits
» Protocol abnormalities
 Details Pop-Up linked to FortiGuard
IPS encyclopedia
 Filtered by
IPS
Severity OS Protocol
Applications Target (Client/Server)

6. 6
Rate Based Signatures
 Brute force protection by blocking subsequent requests when
threshold (incident per defined sec.) is reached
» Definable block duration
» Various tracking methods
IPS Sensor IPS

7. 7
FortiGuard Service
Outstanding Detection Rate
 100% resistance to evasions, 97.9%
Detection rate (NSS Test 2011)
Vigorous Benchmark Testing
 Tested on over 4 different tools Weekly
 Determine & Improve effectiveness of a
security device to detect network
vulnerabilities
IPS

8. 8
FortiGuard Service
FortiGuard Center
 FortiGuard Encyclopedia – detailed description of known threats
 IPS Updates log (RSS Feed)
 Vulnerability Advisories
 Threat Monitor – Top attacks by geographic breakdowns
Zero-Day Research
• Reported over 153 vulnerabilities, 124 of which have been disclosed and fixed by the
appropriate vendor(s)
IPS

9. 9
Performance IPS
0 20 40 60 80 100 120 140 160
Latency (μs)
NSS IPS Latency (July 2012)
Check Point 12600 Stonesoft 1302 Juniper IDP 8000 Sourcefire 3D8120
Sourcefire 3D8260 Sourcefire 3D8250 SonicWALL SuperMassive IBM GX7800
PA 5020 HP/TippingPoint 6100N McAfee M-8000 FortiGate 3240C
FortiGate 3240C also beats all IPS
competition with Lowest Latency

10. 10
Packet Logging
Forensic Tool
 Packet Capture triggered IPS
signatures
 Can be saved as pcap file for
forensic studies
 Can be either log to disk,
FortiAnalyzer or FortiCloud
IPS

11. 11
User Quarantine
 Intelligently blocks attackers from launching further attack
» Most attacks are conducted via several steps. Eg. port scan, followed by more
targeted hacking activities
 Free up IPS resources since traffic is now stopped by firewall.
 Manually or set expiry time to remove from banned list
User Quarantine
Attackers IP Address
Antivirus IPS DLP
Duration
Endpoint Control
IPS

12. 12
Advanced Features IPS
NGIPS
 Contextual Awareness
» Correlate with related information such as users & applications
 Automation
» Automated impact assessment for quick policy tuning with FortiView
» Network behavior analysis using Threat Score

13. 13
DOS Sensors
DOS Protection
 Detects and mitigate traffic that is is part of a DoS attack
 Applied as DOS Policies prior of Firewall Policies
 Rate based: set thresholds for various types of network operations
 Sensor list can be updated only when the firmware image is upgraded on the
unit.
TCP UDP ICMP
Packet Rate to a Destination IP TCP_SYN_FLOOD UDP_FLOOD ICMP_FLOOD
Packet Rate from a Source IP TCP_PORT_SCAN UDP_SCAN ICMP_SWEEP
# of Concurrent Sessions to a
Destination IP
TCP_DST_SESS UDP_DST_SESS ICMP_DST_SESS
# of Concurrent Sessions From a
Source IP
TCP_SRC_SESS UDP_SRC_SESS ICMP_SRC_SESS
IPS

14. 14
Contattaci Gratuitamente …
Certified experts in Fortimail and email
security
Certified experts in Fortiweb and web
application firewall protection
Certified experts in FortiAp, FortiWifi
and wireless security
CONTACTS
Tel. +39 049 8843198 DIGIT (5)
contacts@lanewan.it
www.lanewan.it
In questi anni di partnership con la casa madre,
Lan & Wan Solutions ha ottenuto tutte le
specializzazioni previste nei vari iter di certifica-
zione, raggiungendo la qualifica di Partner Of
Excellence.