Beruflich Dokumente
Kultur Dokumente
Fortinet, FortiGate, and FortiGuard are registered trademarks of Fortinet, Inc. in the U.S. and other
jurisdictions, and other Fortinet names herein may also be trademarks, registered or otherwise, of
Fortinet. All other product or company names may be trademarks of their respective owners. Copyright
2002 - 2016 Fortinet, Inc. All rights reserved. Contents and terms are subject to change by Fortinet
without prior notice. No part of this publication may be reproduced in any form or by any means or
used to make any derivative such as translation, transformation, or adaptation without permission from
Fortinet, Inc., as stipulated by the United States Copyright Act of 1976.
Table of Contents
MANAGEMENT AND ANALYTICS.....................................................................4
Security Management .............................................................................................................4
Managing the Security Console....................................................................................................................6
Summary .................................................................................................................................11
Security Management
Simply stated, security management exists at the region where the
scope of IT security and IT operations meet.
As organizational structures grow in size and complexity, the
tendency is for more network resourcesmachines, servers, routers,
etc.to be deployed. As the network grows, so also does the scope
of potential threats to the secure and efficient operation of the network to meet organizational goals. With
the global nature of modern business and e-commerce, the sheer number of branch and remote
locationsand managed devicesmake a consolidated network security management essential for
effective IT administration. To this end, the primary goal of security management is to reduce security
risks by ensuring that systems are properly configuredor hardenedto meet internal, regulatory, and/or
compliance standards. Security management is a software-based solution that integrates three primary
elements:
Vulnerability Assessment. Network security analysis designed to identify critical IT security weaknesses
that a cyber-attacker could exploit.
Automated Remediation. Allows automated correction of faults or deficienciesvulnerabilities
identified in the assessment process. Provides reports and tools to track vulnerabilities that must be
remediated manually.
Configuration Management. Evaluates the security of a networks critical servers, operating systems,
application-level security issues, administrative and technical controls, and identifies potential and actual
weaknesses, with recommended countermeasures.
IT managers are faced with challenges that range from simple codes to threats hidden in secure packets
designed to target cloud-based applications. Modern and emerging future threats present dynamic and
potentially complex challenges to network security demanding comprehensive, complex security
solutions. Unfortunately, studies have shown that the more complex administrative functions become,
the less likely that network administrators will spend the requisite amount of attention to the various
apparatus and displays. For this reason, consolidating security management into a single console
enabling monitoring and management of network security was developed. Through this integrated
monitoring and control solution, IT managers may address the following issues:
Device Configuration. Manages the configuration of each device on the network and maintains the
system-level configuration required to manage the network environment. This includes monitoring
device firmware to ensure it is kept up to date.
Firewall Policy. Provides viewing and modification of firewall configurationsaccess rules and
inspection rulesin the context of the interfaces whose traffic is filtered.
SM
Console
SM
Database
SM Monitored Devices
Missing the impact of corporate policy changes that may impact particular rules
Creation of policies that are too specific at the time of implementation and may need to be
broadened to be effective
Determining what/when policies should be implemented by a policy pushthat is, applying the
new policies to individual security devices
In order to facilitate inputs to the firewall policy development and review process, a firewall policy
workflow process should be established by which policy change recommendations are submitted,
approved, and implemented by IT staff, and then the document retained for archival purposes for later
analytic review. As these processes become institutionalized, the end result becomes not only more
effective firewall rules management, but efficiency that leads to rules reduction, or a decrease in firewall
rules via periodic reviews or automation.
Security Change Management is the industry term for the product or feature that seeks to reduce or
optimize the number of firewall rules. It provides IT staff and network auditors with a clear picture of how
changes were implemented. With more complex firewalls incorporating more featuressuch as the Next
Generation Firewall (NGFW)simplification of the user interfaces that represent complex security
processes increases the likelihood that comprehensive security measures will be engaged, monitored,
and updated as necessary to keep up with emerging threats. This process will also minimize the number
of times that temporary firewall rule changes used to test new options, software, or hardware are
forgotten and left to clutter up the configuration.
Auditing has important advantages in the security management environment. Because auditing is a
mechanism that records actions that occur on a system, the associated audit log(s) contain information
detailing the events (such as login, logout, file access, upload, download, etc.), who performed the action,
when it was attempted, and whether the action was successful. Some important events that should be
logged include:
Supervisor/administrator login
and function
Ensures that the organization maintains compliance with programs such as HIPAA and PCI
DSS
Analytics
Analytic reporting is designed to provide end-to-end analysis of system and network performance. In the
context of security management, this analysis includes factors concerning potential impacts on
performance due to attempted or successful attacks, actions taken by preventative policies and apparatus
that detected and prevented intrusion, forensic records of user data for system and network functions,
and so forth.
Of course, without applying analytics to future decisions, they cease to serve a vital function to
administrators. The most important function of analytics is to ensure security effectiveness and
improvement while enabling optimum system and network performance.
Reporting is designed to be a cyclical processnot linear; that is, the data analyzed is used to inform
decisions regarding whether policies, programming, or apparatus need to be updated or may remain as
currently constituted. If updates are necessary, analytics inform decision-makerssuch as corporate
compliance groupsin determining what updates or reconfigurations are the right ones to accomplish.
5) Error
2) Information
6) Critical
3) Notification
7) Alert
4) Warning
8) Emergency
Network Visibility
Network Visibility refers to the ability for administrators to know what type of traffic is crossing their
network, including Web, applications, email, etc. It allows optimization of bandwidth for business critical
applications. Because modern and emerging threats are able to take advantage of different traffic types in
different ways, network visibility is a key capability in the administrators arsenal, providing the opportunity
to achieve:
10
Summary
Security management provides vulnerability assessment, automated remediation, and configuration
assessment in and environment providing complex protection with simplified administration. The goal of
security management is to reduce security risks through proper configuration and compliance.
Across all sizes and types of networks, security management provides customization and automation to
assist network security administrators through administrative domains to segment users, firewall & global
policy packages enabling reduction and optimization of rules, and auditing that provides oversight of
compliance, workflow, approvals, and forensic tracing.
Security Information and Event Management (SIEM) provides a wide range of administrator services in
managing logged events and analysis to correlate and determine the most appropriate security
measures, policy updates, and reactions to network incidents.
Network visibility provides administrators with the necessary end-to-end monitoring, troubleshooting,
profiling, and analysis tools to plan and address modern and emerging threats to the network. Adept
management, using the right analytics to inform decisions and actions, are key to establishing and
maintaining an efficient and secure network environment.
11
Key Acronyms
Key Acronyms
ADOM Administrative Domain
SaaS
Software as a Service
API
SDN
Software-Defined Network
APT
SEG
ATP
SIEM
AV/AM Antivirus/Antimalware
Management
FTP
SLA
FW
Firewall
SM
Security Management
GUI
SMB
SSL
SYN
IaaS
Infrastructure as a Service
IDS
IP
Internet Protocol
TCP
IPS
IT
Information Technology
J2EE
TLS
LAN
MSP
Message Logging
NSS
NSS Labs
PaaS
Platform as a Service
PC
Personal Computer
Layer Authentication
UDP
UTM
Virtual Machine
WAN
XSS
Cross-site Scripting
12
References
References
1.
Tam, K., et al., UTM Security with Fortinet: Mastering FortiOS. 2013, Waltham, MA: Elsevier.
2.
13