Protecting a web server

Facebooktwittergoogle_plusredditpinterestlinkedinFacebooktwittergoogle_plusredditpinterestlinkedin

In this example, you will protect a web server using an Intrusion Prevention System (IPS) profile and a Denial of Service (DoS) policy. This will prevent a variety of attacks from reaching the server.

1. Enabling Intrusion Protection

Go to System > Config > Features and ensure that Intrusion Protection is turned ON. Apply your changes if necessary.  

2. Configuring the default IPS profile to block common attacks

Go to Security Profiles > Intrusion Protection and edit the default profile. In the Pattern Based Signatures and Filters list, highlight the default entry and select Edit.  
Select Severity to view all signatures in the database.  
Scroll down and set the Action to Block All.  
Enable all the listed Rate Based Signatures.  

3. Adding the IPS sensor to the server access security policy

Go to Policy & Objects > Policy > IPv4 and edit the security policy allowing traffic to the web server from the Internet.

Enable IPS under Security Profiles and set it to use the default profile.

Enabling IPS will automatically enable SSL Inspection. In order to inspect encrypted traffic, the deep-inspection profile must be used.

 

4. Creating a DoS policy

Go to Policy & Objects > Policy > DoS and create a new policy.

Set Incoming Interface to your Internet-facing interface.

In the Anomalies list, enable Status and Logging and set the Action to Block for all types.

 

5. Results

Warning: DoS attacks are illegal, unless you own the server under attack. Before performing an attack, ensure that you have the correct server IP.

Launch a DoS attack on your web server’s IP address.

Go to System > FortiView > Threats and select the 5 Minutes view.

You will see that a DoS attack has been detected and blocked.

 

For further reading, check out Intrustion Protection in the FortiOS 5.2 Handbook.

Victoria Martin

Victoria Martin

Technical Writer & Head Cookbook Chef at Fortinet
Victoria Martin works in Ottawa as part of the FortiOS technical documentation team. She graduated with a Bachelor's degree from Mount Allison University, after which she attended Humber College's book publishing program, followed by the more practical technical writing program at Algonquin College. She does need glasses but also likes wearing them, since glasses make you look smarter.
Victoria Martin

Latest posts by Victoria Martin (see all)

  • Was this helpful?
  • Yes   No
Using the deep-inspection profile may cause certificate errors. For information about avoiding this, see Preventing security certificate warnings when using SSL full inspection.