What is FortiWeb?
FortiWeb is a Firewall provider powered by means of the internet application (WAF) which offers protection to any applications hosted on the web from threats which target these web servers. Using multi-layered and correlated detection technique; FortiWeb secures applications from known vulnerabilities. FortiWeb hardware and virtual machine platforms are available for small & medium scale, large enterprises, as well as service providers.
How FortiWeb protects the server from threats?
FortiWeb’s HTTP firewall and denial-of-service (DoS) attack prevention technologies secure our web applications from attack. It makes use of complicated methodologies to provide bidirectional security against complex risks similar to SQL injection, throughout the web site scripting (XSS) attacks; FortiWeb additionally defends against threats like identification theft, financial fraud, and corporate espionage. FortiWeb provides the tools wanted to monitor and implement regulations, enterprise quality practices, and internal security policies, which include firewalling and patching requirements.
Where FortiWeb fit in the Architecture layout?
FortiWeb is deployed as a one-arm tofitpology however is more normally placed in line to intercept all incoming client connections and redistribute them to servers. FortiWeb has TCP and HTTP precise firewalling capabilities. Since FortiWeb is no longer designed to furnish security to non HTTP/HTTPS internet applications, it can be deployed behind a firewall such as FortiGate that focuses on security for different protocols, along with FTP and SSH. Once FortiWeb is used, it can configure from a net browser or terminal emulator on the central computer.
What is HPKP in FortiWeb?
Enabling HTTP Public Key Pinning (HPKP), FortiWeb inserts a header into the server’s response header field when handling client requests. The inserted header specifies an exclusive cryptographic public key, with which the client accesses the server. Specifying public key for accessing the web server lessens the chances of the MITM risks with fake certificates and compromised CAs.
What is OCSP Stapling?
FortiWeb helps OCSP (Online Certificate Status Protocol) stapling, an alternative technique to OCSP in which the certificates holder from time to time requests the revocation popularity of certificates of servers from OCSP servers and attaches the time stamped response to the preliminary SSL/TLS handshake between clients and servers. This relocates the resource load of checking the revocation status of certificates from the client to the presenter of the certificates and reduces the complete number of queries to OCSP servers.
Does FortiWeb protect against Credential Stuffing?
FortiWeb now protects towards credential stuffing attacks. Enabling Credential Stuffing Defense, username, and password credentials in a internet server login try are processed in the database to confirm whether it is a spilled username/password pair or not. Using this function requires FortiGuard.
What is Active-Active High Availability?
Up to eight FortiWebs can be deployed as an Active-Active HA cluster in Reverse Proxy or True Transparent Proxy modes. The master unit in the cluster distributes all incoming traffic to different cluster members, consisting of itself in accordance to the distinct load-balancing algorithm: packet source IP, least number of processing connections or round-robin.
What is GEO IP?
Geo IP database is a dedicated database, brought to enhance FortiWeb’s GEO IP for figuring out actual locations of IPv6 addresses. It is no longer required to periodically, upload the GEO IP database. FortiWeb automatically updates the database from the FortiGuard Distribution Servers. The interface of manually uploading of the database is, stored for these deployments that do no longer have an Internet connection.
What is user tracking?
The new user-tracking characteristic approves us to track sessions by using a user, capture a username to reference in traffic, and attack log messages. We can use this characteristic to prevent a session fixation attack and set a time-period at some stage in which FortiWeb blocks requests with a session ID from a timed-out session.
What are Advanced SSL settings for server pool members?
When the operation mode is in reverse proxy, we can select the versions of SSL and TLS and which cipher suites are supported for connections between FortiWeb and an individual server pool member. For actual transparent proxy and WCCP modes, these apply to connections between FortiWeb and the server pool member as well as SSL/TLS offloading.
What is threat scoring?
The threat-scoring feature permits us to configure the policies of signature in any organisation to take punitive measures primarily based on a variety of signature violations on any client, instead of a single signature violation. When any client violates a signature in the threat-scoring category, it contributes to a combined threat score. When the combined threat score exceeds maximum value that is specified, FortiWeb takes action. We can specify the combined threat scores; the calculation is based, on HTTP transactions or sessions, or TCP sessions.
What is a Period block?
When the operation mode is obvious in inspection or offline safety and Period Block is the action, FortiWeb takes in opposition to traffic that violates a policy. FortiWeb tries to block a client that has violated the policy for the length of time, specific by using Block Period.
What is reverse proxy mode?
When the FortiWeb operates as Reverse Proxy manner, it affords a start-to-end HTTP/2 security that wants both the clients & HTTP/2 servers running at the back-end. Moreover, when the web servers at the back end do no longer assist HTTP/2, FortiWeb gives the HTTP/2 protection with information exchange protocols between the HTTP/2 clients & the HTTP/1.1 servers at the back-end. This allows the user to experience HTTP/2 advantages besides having to improve their back web servers.
What is the difference between True transparent proxy mode and transparent inspection mode?
Proxies known as True transparent & transparent inspection are comparable to any topology aspect. Due to the differentiation in the mode of information interception, both have only some behavioural differences:
True transparent – Transparent proxies in the traffic attaining on any network port belonging to a Layer two bridge, relates the first suitable policy and lets in the traffic to pass. FortiWeb logs obstruct, or even modify the violations as per the policy for its security profile. This mode allows user authentication via HTTP as a substitute of HTTPS.
Transparent inspection – Any FortiWeb gadgets asynchronously monitors the traffic accomplishing on its network port, which belongs to the Second Layer Bridge, and applies the device’s first policy, & approves the protected passage of the traffic. FortiWeb obstructs the traffic relating to the matching policy and security profile, however never modifies it.
What is the Topology for offline protection mode?
“Out-of-band” is a suitable description for this mode. Minimal changes are required, as it does not introduce any latency. FortiWeb monitors traffic obtained on the statistics capture port’s network interface and applies the first policy. Because it is not in line with the destination, it does no longer enable the accepted traffic. FortiWeb logs in and blocks violations in accordance to the matching policy and its safety profile. If FortiWeb detects a malicious request, it sends a TCP RST packet via the blockading port to the internet server and client in an attempt to terminate the connection. It does not alter traffic.
Can we delete the admin account?
Admin is the default administrator account and has no password initially. The admin administrator account exists with the aid of default and can’t be deleted. The admin administrator account is similar to any root administrator account. This administrator account constantly has the all the permission to see and modify the preferences for configuration in FortiWeb devices, consisting of the viewing and enhancing all different admin accounts. Usernames and permissions are not possible to be modified.
What is Active – passive style?
FortiWeb is known for active-passive style, i.e., if one system is specified as the active device, where the policies are being utilized for all the connections, the second one turns into the passive standby, which initiates the function of an active system and begins processing the assigned duties only if the active system fails. Both active and the standby devices experience breakdown by using communicating by way of the heartbeat link, which connects the two devices in HA pair. Failures are detected when active devices quit responding to heartbeat from standby devices for a particular time, configured as Heartbeat timeout = Interval in Detection x Threshold in Heartbeat Loss
Can we replicate the external HA configuration except any FortiWebHA?Configuration synchronization presents the potential to replicate the FortiWeb’s configuration from any other system besides requiring the high availability (HA). The arrangement is a unilateral push and not a bilateral arrangement. It adds lacking items, overwrites objects whose names match, however never put off unique objects on FortiWeb, nor pull the objects from target to initiate the FortiWeb device.
How FortiWeb recognizes data types?
FortiWeb recognizes the data types of parameters by matching them with regular expressions. Regular expressions are categorized as:
Predefined — Regular expressions set included within the firmware. These match common data types and cannot be modified except via FortiGuard, but can be copied and used as the basis for a custom data type. It can be used by both auto-learning profiles and input rules.
Custom — Regular expression, that has been configured to detect any data patterns which cannot be recognized by the predefined set. It can be modified and used by input rules, but cannot be used by auto-learning profiles.
What are Predefined data types?
After installation, FortiWeb already has some information type regular expressions that are predefined like default signatures for common facts types so that we do no longer want to write them again. Initial ones are included within the FortiWeb firmware. If FortiWeb is linked to FortiGuard Security Service updates, it can in many instances download updates to its predefined information types. This gives new and enhanced information types besides any effort. Only we have to use the unique signatures in parts of the configuration where they are used in accordance to the organization.
How to adapt auto-learning to dynamic URLs & unusual parameters?
Protection settings can be configured with the help of auto-learning. Auto-learning teaches lots of the threats in web assets face. It additionally helps to apprehend the web applications’ structures and how end-users use them. Most importantly, though, auto-learning helps tailor FortiWeb’s configuration to suit net applications. Auto-learning detects the URLs with its different behaviors of HTTPS or HTTP sessions by means of observing the traffic passing to the servers. To examine whether the request is legitimate or a potential attack attempt, it performs the following tasks:
1. Evaluate the request to attack signatures
2. Monitors inputs such as cookies and URL parameters
3. Tracks web servers’ response to each request, such as 401 Unauthorized or five hundred Internal Server Error
4. Captures the rate of requests for documents through IP address and content type
