Scribd
Upload
67 views

Protecting A Web Server

1. This document discusses how to protect a web server from external attacks using an Intrusion Prevention System (IPS) profile and Denial of Service (DoS) policy on a FortiGate firewall. 2. It provides steps to enable intrusion protection, configure the default IPS profile to block common attacks, add the IPS sensor to the server access security policy, and create a DoS policy. 3. The results demonstrate that a DoS attack launched on the web server is detected and blocked, as shown in the FortiView threats display.

Uploaded by

Andrew Webb
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
67 views

Protecting A Web Server

1. This document discusses how to protect a web server from external attacks using an Intrusion Prevention System (IPS) profile and Denial of Service (DoS) policy on a FortiGate firewall. 2. It provides steps to enable intrusion protection, configure the default IPS profile to block common attacks, add the IPS sensor to the server access security policy, and create a DoS policy. 3. The results demonstrate that a DoS attack launched on the web server is detected and blocked, as shown in the FortiView threats display.

Uploaded by

Andrew Webb
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

Protecting a web server from common external

attacks
In this example, you will protect a web server using an Intrusion Prevention System (IPS)
profile and a Denial of Service (DoS) policy. This will prevent a variety of different attacks
from reaching the server.

1. Enabling Intrusion Protection


2. Configuring the default IPS profile to block common attacks
3. Adding the IPS sensor to the server access security policy
4. Creating a DoS policy
5. Results

External Attacks

FortiGate
Web Server
1. Enabling Intrusion Protection
Go to System > Config >
Features and ensure that Intrusion
Protection is turned ON. Apply your
changes if necessary.

2. Configuring the default IPS profile to block common attacks


Go to Security Profiles > Intrusion
Protection and edit the default
profile. In the Pattern Based
Signatures and Filters list, highlight
the default entry and select Edit.

Select Severity to view all signatures


in the database.

Scroll down and set the Action to


Block All.
Enable all the listed Rate Based
Signatures.

3. Adding the IPS sensor to the server access security policy


Go to Policy & Objects > Policy >
IPv4 and edit the security policy
allowing traffic to the web server from
the Internet.
Enable IPS under Security Profiles
and set it to use the default profile.
Enabling IPS automatically enables
SSL Inspection. Set this feature
to use the certificate-inspection
profile.
4. Creating a DoS policy
Go to Policy & Objects > Policy >
DoS and create a new policy.
Set Incoming Interface to your
Internet-facing interface.
In the Anomalies list, enable Status
and Logging and set the Action to
Block for all types.

5. Results
DoS attacks are illegal, unless

!
you own the server under attack.
Before performing an attack,
ensure that you have the correct
server IP.
Launch a DoS attack on your web
servers IP address.
Go to System > FortiView >
Threats and select the 5 Minutes
view.
You will see that a DoS attack has
been detected and blocked.

You might also like