Support User Manuals

Fortinet 5.0 Patch 6 Microscope & Magnifier User Manual

Open as PDF

of 705

Fortinet 28 FortiWeb 5.0 Patch 6 Administration Guide

Table 2: Web-related threats

Attack

Technique

Description Protection FortiWeb Solution

Adobe Flash

binar

y

(AMF)

protocol

attacks

Attackers attempt XSS, SQL

injection

or other common

exploits through an Adobe Flash

client.

Decode and scan Flash

ac

tion message format

(AMF) binary data for

matches with attack

signatures.

Enable AMF3

Protocol Detection

Botnet Utilizes zombies previously

exploited or infected (or

willingly

participating), distributed usually

glo

bally, to simultaneously

overwhelm the target when

directed by the command and

control server(s).

Decode and scan Flash

ac

tion message format

(AMF) binary data for

matches with attack

signatures.

IP Reputation

Browser

Explo

it

Against

SSL/TLS

(BEAST)

A ma

n-in-the-middle attack

wh

ere an eavesdropper exploits

reused initialization vectors in

older TLS 1.0 implementations of

CBC-based encryption ciphers

such as AES and 3DES.

• Use TLS 1.1 or

g

reater, or

• Use ciphers that do

not involve CBC,

such as stream

ciphers, or

• Use CBC only with

correct initialization

vector (IV)

implementations

Prioritize RC4

Cipher Suite

Brute force

log

in

attack

An attacker attempts to gain

authorization by repeatedly trying

ID and password combinations

until one works.

Require strong

pass

words for users,

and throttle login

attempts.

Brute Force Login

Clickjacking Code such as <IFRAME> HT

ML

tags

superimposes buttons or

other DOM/inputs of the

attacker’s choice over a normal

form, causing the victim to

unwittingly provide data such as

bank or login credentials to the

attacker’s server instead of the

legitimate web server when the

victim clicks to submit the form.

Scan for illegal inputs to

pr

event the initial

injection, then apply

rewrites to scrub any

web pages that have

already been affected.

• Sig

natures

• Parameter

Validation

• Hidden Fields

Protection

• URL Rewriting

Cookie

ta

mper

ing

Attackers alter cookies originally

established by the server to inject

overflows, shell code, and other

attacks, or to commit identity

fraud, hijacking the HTTP

sessions of other clients.

Validate cookies

r

eturned by the client to

ensure that they have

not been altered from

the previous response

from the web server for

that HTTP session.

Cookie Poisoning

Detection

previous next