Fortinet 5.0 Patch 6 - page 28

Fortinet 28 FortiWeb 5.0 Patch 6 Administration Guide

Tabl e 2 : Web-related threats

Attack

Technique

Description Protection FortiWeb Solution

Adobe Flash

binary

(AMF)

protocol

attacks

Attackers attempt XSS, SQL

injection or other common

exploits through an Adobe Flash

client.

Decode and scan Flash

action message format

(AMF) binary data for

matches with attack

signatures.

Enable AMF3

Protocol Detection

Botnet Utilizes zombies previously

exploited or infected (or willingly

participating), distributed usually

globally, to simultaneously

overwhelm the target when

directed by the command and

control server(s).

Decode and scan Flash

action message format

(AMF) binary data for

matches with attack

signatures.

IP Reputation

Browser

Exploit

Against

SSL/TLS

(BEAST)

A man-in-the-middle attack

where an eavesdropper exploits

reused initialization vectors in

older TLS 1.0 implementations of

CBC-based encryption ciphers

such as AES and 3DES.

• Use TLS 1.1 or

greater, or

• Use ciphers that do

not involve CBC,

such as stream

ciphers, or

• Use CBC only with

correct initialization

vector (IV)

implementations

Prioritize RC4

Cipher Suite

Brute force

login attack

An attacker attempts to gain

authorization by repeatedly trying

ID and password combinations

until one works.

Require strong

passwords for users,

and throttle login

attempts.

Brute Force Login

Clickjacking Code such as <IFRAME> HTML

tags superimposes buttons or

other DOM/inputs of the

attacker’s choice over a normal

form, causing the victim to

unwittingly provide data such as

bank or login credentials to the

attacker’s server instead of the

legitimate web server when the

victim clicks to submit the form.

Scan for illegal inputs to

prevent the initial

injection, then apply

rewrites to scrub any

web pages that have

already been affected.

•Signatures

•Parameter

Validation

•Hidden Fields

Protection

•URL Rewriting

Cookie

tampering

Attackers alter cookies originally

established by the server to inject

overflows, shell code, and other

attacks, or to commit identity

fraud, hijacking the HTTP

sessions of other clients.

Validate cookies

returned by the client to

ensure that they have

not been altered from

the previous response

from the web server for

that HTTP session.

Cookie Poisoning

Detection