FortiNAC

2023: Identifying vulnerabilities in 6 versions

Angara Security Security has identified a vulnerability in 6 versions of the FortiNAC line for user authentication using the 802.1X protocol. The company announced this on June 22, 2023.

As a result of the code analysis, experts found out that malicious code can be added to the license key, which will run with superuser rights on the FortiNAC management server located in the owner's infrastructure. To do this, an attacker just needs to intercept and infect the license key or create a malicious key generator that will form "infected" license keys to compromise the company's network infrastructure.

The most at risk are the Russian FortiNET clients, which the vendor refused to renew licenses due sanctions to and who decide to use keygens published on third-party resources.

FortiNET has confirmed the vulnerability of 6 versions of FortiNAC. These include: FortiNAC-F (version 7.2.0), FortiNAC (versions 9.4.0 - 9.4.2.), All versions of FortiNAC software 9.2, 9.1, 8.8, 8.7. According to the vendor's recommendation, to eliminate the vulnerability, you need to update the software to more current versions.

Due to political risks, updating FortiNAC versions is not available for all Russian customers. Therefore, we recommend installing the domestic EFROS ACS software, which has full functionality for delimiting network access. The Russian vendor regularly analyzes vulnerabilities and promptly releases patches to eliminate risks on the users' side, "said Roman Sychev, head of network technologies at Angara Security.

The expert also recommends that companies that use FortiNAC receive patches from the vendor, check the software update on the test bench and update the product system.

2018: FortiNAC Presentation

On September 13, 2018, the company Fortinet announced the FortiNAC product line, designed to control network access, which provides network segmentation and automated response for IoT-.safety

• In the context of the mass appearance of unsafe IoT devices without their own controls, including industrial and medical IoT devices, special protections are required.
• Fortinet's FortiNAC product line provides network access control to protect the IoT environment and provides advanced visibility, monitoring, and automatic response capabilities.
• FortiNAC performs detailed profiling of each device in the network, providing detailed network segmentation and automated response to device state or behavior changes. This allows each device to access only approved items on the network.

The use of insecure IoT devices leads to vulnerability of organizations

The use of IoT devices is growing at a tremendous rate as organizations use digital transformations to improve workflow efficiency. According to Gartner, the number of IoT endpoints will grow by 32% from 2016 to 2021, reaching a customer base of 25.1 billion units.1 A huge number of devices, including corporate, IoT, and BYOD devices that search for wired and wireless network access, exponentially increase the attack vector and costs of providing internal resources, management, and compliance. The responsibility for connecting and providing secure access has moved from a category of network problems to a category of security problems that create difficulties for organizations: security managers must ensure the security of each individual device every time, while cybercriminals need only one open port, one vulnerable or unknown device, or one uncontrolled threat to bypass all network security measures taken.

FortiNAC protects networks available to insecure devices

Fortinet's FortiNAC Network Access Controller reduces security risks associated with unsecured network access devices by giving organizations full visibility into endpoints, users, trusted and untrusted devices and applications. By providing visibility, FortiNAC establishes dynamic controls that ensure that all devices, regardless of connection type, are authenticated or authorized and subject to context-sensitive policies that specify the type of authorized device, network, location, and connection time. This ensures that only the appropriate users and devices can connect and access the appropriate applications, infrastructure, and resources. In addition, FortiNAC can apply company policies on device firmware patches and versions. FortiNAC also includes powerful network orchestration capabilities to provide automated response to identified threats and is capable of containing threats in seconds, when it can take several days or weeks to perform similar actions in manual mode.

In networks, devices are continuously connected and disconnected. Network management by controlling the access of any device that has connectivity is a key part of ensuring network integrity. This approach, where unknown devices cannot access the corporate infrastructure, allowed devices are automatically segmented based on policies and roles, and connected devices that violate profiles are immediately quarantined offline, becomes the basis for end-to-end security. In addition, the FortiNAC network access control solution is cost-effective and easily scalable, allowing you to expand visibility and protection of an unlimited number of devices and eliminating the need to deploy large organizations to each site.

NAC and IoT Security Solutions Strengthen Fortinet's Security Framework

Fortinet strengthens Fortinet Security Fabric and enhances the use of non-Fortinet network devices integration in a broader multi-vendor environment, including firewalls third-party, switchboards wireless access points, and endpoints. FortiNAC is also able to integrate with the firewall, FortiGate FortiSwitch solution, FortiWLC wireless controllers FortiSIEM , and FortiAP to minimize the risk and impact of cyber threats and provide greater visibility and security for complex networks.