![]() The FortiGate firewall must generate traffic log entries containing information to establish the outcome of the events, such as, at a minimum, the success or failure of the application of the firewall rule. Without a real-time alert (less than a second), security personnel may be unaware of an impending failure of the audit functions and system operation may be adversely impacted. If communication with the central audit server is lost, the FortiGate firewall must generate a real-time alert to, at a minimum, the SCA and ISSO. This is a common practice in "botnets", which are a collection of compromised. ![]() The FortiGate firewall must be configured to restrict it from accepting outbound packets that contain an illegitimate address in the source address field via an egress filter or by enabling Unicast Reverse Path Forwarding (uRPF).Ī compromised host in an enclave can be used by a malicious platform to launch cyberattacks on third parties. The FortiGate firewall must be configured to inspect all inbound and outbound traffic at the application layer.Īpplication inspection enables the firewall to control traffic based on different parameters that exist within the packets such as enforcing application-specific message and field length. This requirement is similar to the out-of-band management (OOBM) model, in which the production. Protect the management network with a filtering firewall configured to block unauthorized traffic. The FortiGate firewall must restrict traffic entering the VPN tunnels to the management network to only the authorized management packets based on destination address. ![]() The management network must still have its own subnet in order to enforce control and access boundaries provided by layer 3 network nodes such as routers and firewalls. When employed as a premise firewall, FortiGate must block all outbound management traffic. Additionally, unrestricted traffic may transit a. Unrestricted traffic to the trusted networks may contain malicious traffic that poses a threat to an enclave or to other connected networks. The FortiGate firewall must apply ingress filters to traffic that is inbound to the network through any active external interface. If audit data were to become compromised, forensic analysis and discovery of the true source of potentially malicious system activity would be impossible to achieve. The FortiGate firewall must protect the traffic log from unauthorized deletion of local log files and log records. Not configuring a key boundary security protection device such as the firewall against commonly known attacks is an immediate threat to the protected enclave because they are easily implemented by. The FortiGate firewall must employ filters that prevent or limit the effects of all types of commonly known denial-of-service (DoS) attacks, including flooding, packet sweeps, and unauthorized port scanning. Blocking or restricting detected harmful or suspicious. Information flow control regulates where information is allowed to travel within a network and between interconnected networks. The FortiGate firewall must use filters that use packet headers and packet attributes, including source and destination IP addresses and ports. Findings (MAC III - Administrative Sensitive) Finding ID
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |