Security Profiles Flashcards

1
Q

Secure Method Versions

A

TLS 1.2 is recommended for broad compatibility
TLS 1.3 is for improved security and faster connections times.

SSL 2.0/3.0 and TLS 1.0/1.1 are all deprecated and should not be used.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Command to change supported SSL versions

A

config system global
set admin-https-ssl-versions <version> Ex. tlsv1 tlsv1-3</version>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Command to display all TLS commands

A

show full | grep -f tls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Security in TCP Packet Analysis

A

TCP Header - Transport layer, contains essential fields for data transmission, such as dst port, src port, window size, etc. Control the connection, flow, and integrity of the data.
TLS Header - Payload opens in the security layer
HTTP Header - Encrypted information and opens in application layer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

TCP to TLS Handshakes

A

the TCP three-way handshake (SYN,SYN-ACK, ACK) is completed before the TLS handshake begins.

Once the TCP connection is established between client and server, the TLS handshake follows this sequence and creates the security layer:
Client Hello -> Server
Server Hello -> Client
Server Certificate -> Client
Server Hello Done -> Client
Client Key Exchange -> Server
Change Sipher spec -> Server
Finished -> Server
Finished -> Client

Cipher suite TLS 1.2:
TLS_ECDHE_RSA_WITH_AES_128GCM_SHA256
Protocol_Key Exchange Algorithm_Authentication Algorithm
Encryption Algorithm_Hash Algorithm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

TLS with HTTP/3

A

Protocol Layering evolution
Faster Connection setup

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Certificate VS Full Inspection

A

Certificate limitations:
Does not do Traffic Decryption, Encrypted Payload Inspection, SSL Proxying, URL Extraction from Certificate (only if SNI is not present), and has limited Protection from HTTPS-based attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

SNI Check Feature

A

Server Name Indication, enables a server to offer multiple certificates on a single IP address, allowing various secure websites or services to share the address without needing a common certificate. Useful for Cloud computing environments

Within TLS Handshake:
Client Hello includes SNI and sent to the server
Server received and replies with Server Hello which may initially include empty info in the SNI response
Server send authentication details required by the SNI request
Server sends server hello done

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

SAN in secure Connections

A

Subject Alternative Name

An extension of SSL/TLS
During SSL/TLS Handshake
Single certificate, multiple domains
SAN cuts complexity
Supports wildcards

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Protocol Port Mapping

A

Standard Service on Alternative Port
Deep Inspection
Enabled with Outbound policy

Security Profiles > SSL/SSH Inspection > Create New
Increases system resource usage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Blocking Unsupported TSL versions

A

In outbound policy:
config https
set unsupported-ssl-version block
set min-allowed-ssl-version tls-1.2
end

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Security Profile: Web Filter

A

Domains and URLs
Flow and Proxy Based
Internet Policies
Limit access to specific website URLs
FortiGuard Dependency - Query FDS for rating lookups on-demand

conf webfilter profile

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Security Profile: Application Control

A

Layer 7 OSI
Flow-Based
Internet Policies
Traffic Shaping Policy
LimitAccess to non-URL software handling
FortiGuard Dependency - diagnose autoupdate versions (Application Definitions)

conf application list

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Policy & object: ISDB

A

Layer 3 and 4 OSI
No Inspection
Internet Policies
SD WAN rules
FortiGuard Dependencies - diagnose autoupdate versions (Internet-service Standard Database)

conf firewall internet-service-name

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Ethical Attack Simulation

A

Comprehensive Security Auditing Software
Open-source

hping3 network tool examples

Ping using TCP SYN packets:
hping3 -S -p 80 -c 5 www.example.com

Run a traceroute using UDP packets:
hping3 –traceroute -V -l -p 33434 www.example.com

Perform Firewall testing(checking for open ports)
hping3 -S -p 22 -c 1 www.example.com

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Protect Server and Client Targets

A

IPS Profile
Type: Filter
Action: Block
Target: Server and Client
All severity levels, protocols, and OS are blocked
Risk of False Positives
Know network protocols and workflows

17
Q

Handling False Positives

A

Normal event is identified as malicious
Type: Signature
Action: Monitor

18
Q

PHP Code Injection in HTTP

A

Type: Filter
Action: Monitor
Detect before Blocking
Certificate-inspection mode
FortiGuard Encyclopedia

Simulate an attack and then use its signature to add an Block entry

19
Q

PHP Code Injection in HTTPS

A

Sufficient for HTTPS? Not unless you Enable Protecting SSL Server
Normal log traffic, no IPS logs until you enable it.
FGT self-signed certificate

20
Q

DNS Exfiltration

A

Steal Information
UDP

FGT has a signature for this to detect and prevent it. Must enable SSL/SSH Inspection with multiple clients connecting to multiple servers and using full inspection.

DNS over TLS

21
Q

UTM Profiles

A

UTMs are deployed in NGFW
ISFW and DCFW may serve as NGFW
DEFW does not need NGFW under native function
UTM profiles are based on operational needs.