2. INTRODUCTION
In the enterprise environment is usual to have one or more public servers offering web
services and more.
This servers are internally placed in DMZs (discussed in a previous post), but the DMZs
alone don’t provide all security features to keep servers protected by external attacks.
Attacks to these servers usually exploit known software vulnerabilities and use common
tricks, so a system able to detect and block them could be a valid countermeasure to
this kind of attacks.
A system that can monitor and detect network attack is called Intrusion Detection
System (IDS), a system able to block them is called Intrusion Prevention System (IPS).
In the following slides we will show you how to enable the IPS features onto the
FortiGate firewall.
3. CONFIGURING IPS
As other UTM functionalities, the IPS bases itself on Security Profiles and sensors.
Go to Security Profiles > Intrusion Protection > IPS Sensors and click the plus icon in the
upper right corner of the window to create a new sensor.
Give it a name and click onto the
OK button.
Now we have to crate a new IPS filter, choosing which vulnerabilities to monitor and block.
Because we are protecting a server, we could restrict the list of recognized vulnerabilities using
the Target and OS check boxes.
See next slide to see a picture of the IPS filter configuration.
4. CONFIGURING IPS - CONTINUED
Because we aim to block attacks instead only
monitoring them, we must select “Block All” at
the end of the page.
As seen in the previous post, every security
profile needs to be applied in a security police.
Go to Policy > Policy > Policy and edit your
policy that permits the DMZ to be reached from
the Internet, then add the just created IPS
security profile.
5. CONFIGURING DOS PROTECTION
DOS attacks tend to overwhelm server resources with a huge amount of
connections. To avoid this kind of attack a DOS policy is required.
Before creating the DOS policy, make sure your
FortiGate Firewall has the Vulnerability Scan
feature enabled. To enable it go to System >
Config > Feature and click the ON button.
Finally go to Policy > Policy > DoS Policy and create a
new policy with incoming interface your Internet
facing port; then set source IP, destination IP and
service to “All” in order to intercept any attack on that
port.
Finally, in the Anomaly List you could set attack types
you want to detect and block. Make sure to select the
Block action.
6. MORE NEEDS?
See hints on www.ipmax.it
Or email us your questions to info_ipmax@ipmax.it
7. IPMAX
IPMAX is a Fortinet Partner in Italy.
IPMAX is the ideal partner for companies seeking quality in products and
services. IPMAX guarantees method and professionalism to support its
customers in selecting technologies with the best quality / price ratio, in the
design, installation, commissioning and operation.
IPMAX srl
Via Ponchielli, 4
20063 Cernusco sul Naviglio (MI) – Italy
+39 02 9290 9171