Protect Server IPSDoS

Video Activity

In this video, you will protect a web server against external attacks, using a FortiGate with an Intrusion Prevention System (IPS) profile and a Denial of Service (DoS) policy. This will defend your server against a variety of attacks. Before performing any test attacks, always ensure you are targeting the correct IP. Visit Fortinet's documentation...

Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
1 hour 35 minutes
Difficulty
Beginner
CEU/CPE
2
Video Description

In this video, you will protect a web server against external attacks, using a FortiGate with an Intrusion Prevention System (IPS) profile and a Denial of Service (DoS) policy. This will defend your server against a variety of attacks. Before performing any test attacks, always ensure you are targeting the correct IP. Visit Fortinet's documentation library at http://docs.fortinet.com

Video Transcription
00:00
>> In this video, you will protect
00:00
a web server against external attacks using
00:00
a FortiGate with an intrusion prevention system or
00:00
IPS profile and a denial-of-service or DoS policy.
00:00
This will defend your server
00:00
against a variety of threats.
00:00
First, go to System, Config,
00:00
Features to ensure that
00:00
intrusion protection is turned on.
00:00
Apply the changes.
00:00
Now go to Security Profiles,
00:00
Intrusion Protection to configure the IPS profile.
00:00
Select the default pattern-based signature and edit it.
00:00
Enable Severity to see
00:00
all of the signatures in the database.
00:00
Scroll down and set the action to Block All and apply.
00:00
Then enable each of
00:00
the rate-based signatures and save the profile.
00:00
Go to Policy & Objects, Policy,
00:00
IPv4 to add IPS to
00:00
the firewall policy that allows
00:00
traffic from the server to the Internet.
00:00
Edit the policy and enable IPS under
00:00
Security Profiles and set it
00:00
>> to use the default profile.
00:00
>> Enabling IPS automatically enables SSL/SSH inspection.
00:00
Set this feature to use the deep-inspection profile.
00:00
Next, go to Policy & Objects, Policy,
00:00
DoS and create a new policy
00:00
to define your DoS protection.
00:00
Set the incoming interface to
00:00
your Internet-facing interface and
00:00
set the rest to allow all traffic.
00:00
In the Anomalies list,
00:00
enable Status and Logging
00:00
and set the action to block for every type.
00:00
Before you can perform a test DoS attack,
00:00
you must be the legal owner of the server under attack.
00:00
Make absolutely sure that
00:00
you're targeting the correct server
00:00
IP because attacking another server is illegal.
00:00
With this in mind, launch
00:00
a DoS attack on your web server.
00:00
Then open the FortiGate interface and go to System,
00:00
FortiView, Threats and select the five minutes view.
00:00
You'll see data and logs about
00:00
the DoS attack that the FortiGate has blocked.
00:00
Thank you for watching.
00:00
If you need further details,
00:00
you can visit docs.fortinet.com
00:00
to access our complete documentation library.
00:00
Also, check out our new Cookbook site at
00:00
cookbook.fortinet.com for more tutorials like this one.
Up Next