endpoint control. module objectives by the end of this module participants will be able to: define...
TRANSCRIPT
Endpoint Control
Module Objectives
• By the end of this module participants will be able to:• Define application detection lists to monitor
applications through FortiGate Endpoint Control
• Enforce the use of FortiClient on client computers
• Configure Endpoint Control profiles
• Define firewall policies using Endpoint Control profiles
• Configure vulnerability scanning
Endpoint Control
Category: Internet browsersVendor: MicrosoftApplication: Internet ExplorerAction: Allow
Category: OfficeVendor: MicrosoftApplication: Office 2010Action: Allow
Category: Media PlayersVendor: AppleApplication: iTunesAction: Deny
Category: EmailVendor: Mozilla Corp.Application: ThunderbirdAction: Monitor
Application Detection List
Endpoint Control
Category: Internet browsersVendor: MicrosoftApplication: Internet ExplorerAction: Allow
Category: OfficeVendor: MicrosoftApplication: Office 2010Action: Allow
Category: Media PlayersVendor: AppleApplication: iTunesAction: Deny
Category: EmailVendor: Mozilla Corp.Application: ThunderbirdAction: Monitor
Application Detection List
• Endpoint control can be used to enforce compliance of client software running on the client computer• Allow the application
• Bock the application
• Monitor the application
• Warn allow application but display warning
• Applications available for use in application detection lists are predefined on FortiGate unit
FortiClient Compliance
FortiClient installed and enabled?
FortiClient minimum version?
AV database version?
Application signature database version?
FortiClient
FortiClient Compliance
FortiClient installed and enabled?
FortiClient minimum version?
AV database version?
Application signature database version?
FortiClient
•Use of FortiClient Endpoint Control can be enforced on the network• Ensure client have most up-to-date
versions of software and signatures
FortiClient Compliance
Application Detection Entry
Condition:
InstalledRunningNot installedNot running
Action:
AllowBlockMonitorWarn
AllowBlockMonitorWarn
Application Detection Entry
Condition:
InstalledRunningNot installedNot running
Action:
• Application detection entries define the applications to be detected and the action to be taken• Endpoint Profiles can contain multiple application entries•Optionally, specify the action to be
taken on endpoints that have applications installed that are not on the detection list
Endpoint Control Profile
Endpoint Control Profile
• Endpoint operations defined through Endpoint control profiles
•Define FortiClient enforcement settings
• Specify an application detection list
Endpoint Control ProfileApplication Detection List
Firewall policy
Endpoint Control Profile: Endpoint_Profile_Example
Endpoint Control ProfileApplication Detection List: Sample_Endpoint_List
Firewall policy
Endpoint Control Profile: Sample_Endpoint_Profile• Application Detection List applied through Endpoint profile• Profile in turn applied to firewall policy• Any traffic being examined by the
policy will have the application control operations applied to it
Monitoring Endpoints
Compliant Non-Compliant
Monitoring Endpoints
Compliant Non-Compliant• Endpoint Monitor displays a list of compliant and non-compliant client and server computers• Computers remain on list until FortiGate unit is restarted• Entry updated every time client or server computer attempts to access network services through the FortiGate unit
Vulnerability Scanning
FortiGuard Vulnerability Compliance and Management Service
Vulnerability Scanning
FortiGuard Vulnerability Compliance and Management Service
• Scan for vulnerabilities on clients and servers• Determines whether client computers
are vulnerable to attack
• FortiGuard Vulnerability Compliance and Management Service provides a database of common vulnerabilities • Kept up-to-date through a subscription
service
Asset Definition
Identify individual hosts to be scanned by IP addressDiscover hosts to be scanned by identifyingan IP address range
192.168.100 - 192.168.1.254
Asset Definition
Identify individual hosts to be scanned by IP addressDiscover hosts to be scanned by identifyingan IP address range
192.168.100 - 192.168.1.254
• Administrator must identify the clients and servers to include in a vulnerability scan• Identify computers to be scanned by
specific IP address
• Discover computers to be scanned by identifying a range of IP addresses
Scan Schedule
Scan Schedule
• Any client and server computers displayed in the asset list can be scanned regularly based on the schedule settings• Scan modes:• Full
• Standard
• Quick
Student Resources
Click here to view the list of resources used in this module