Developers: | Fortinet |
Last Release Date: | 2021/06/22 |
Technology: | IB - Firewalls |
Content |
Main article: Firewall
Dedicated web server security appliance. Designed specifically to combat attacks aimed at web applications, and in this aspect is significantly superior to universal multifunctional security devices or ITU.
In addition to protection, it allows you to significantly reduce the load on the web server by assuming part of its functions - traffic encryption, as well as intelligent (taking into account the content of web requests) load balancing between servers in the cluster.
2021
Eliminate the vulnerability to gain full control of the firewall server
Fortinet fixed the vulnerability in its FortiWeb firewall, designed to protect web applications from web attacks, which was discovered by Positive Technologies expert Andrei Medov. This was reported by PT on June 22, 2021.
The error received ID CVE-2021-22123 and a rating of 7.4 on the CVSSv3 scale, which corresponds to a high level of danger.
The vulnerability of implementing commands in the FortiWeb management interface can allow a remote attacker who has been authenticated to execute arbitrary commands in the system through the SAML server configuration page, "explains Andrei Medov. - Execution of commands with maximum privileges will result in attackers gaining full control over the server. If, as a result of the incorrect configuration, the firewall administration interface is available on the Internet, and the product itself is not updated to the latest versions, then the combination of CVE-2021-22123 and the CVE-2020-29015 error we discovered earlier can allow the attacker to penetrate the internal network. |
To eliminate the vulnerability, update FortiWeb 6.3.7 (and below), 6.2.3 (and below), 6.1.x, 6.0.x, 5.9.x to versions 6.3.8 or 6.2.4 (depending on the product revision used).
In February 2021, Fortinet closed four vulnerabilities in the FortiWeb identified by Andrei Honey.
Eliminate Denial of Service Vulnerability
Fortinet eliminated critical vulnerabilities in FortiWeb, FortiGate, and FortiDeceptor. This became known on January 7, 2021.
Detected vulnerabilities allow an attacker to access sensitive data, cause a denial of service, or compromise a vulnerable device.
Fortinet has published 6 safety bulletins for its FortiWeb, FortiGate, and FortiDeceptor products.
Particular attention should be paid to vulnerabilities in FortiWeb. The vulnerability of CVE-2020-29016 allows a remote unauthorized user to overwrite the contents of the stack and potentially execute arbitrary code by sending a specially generated request with a long certificate name.
The CVE-2020-29018 format string vulnerability allows an authorized user to read memory content and obtain sensitive data using the redir parameter and execute arbitrary code on a remote server.
Buffer overflow in the CVE-2020-29019 FortiWeb allows a remote unauthorized user to httpd cause a daemon to fail by sending a request with a specially generated cookie header.
A blind SQL injection in the FortiWeb CVE-2020-29015 user interface allows an unauthorized user to perform arbitrary SQL queries and, due to excessive privileges, reveal sensitive data, including the administrator password hash.
All vulnerabilities in the FortiWeb were discovered by Andrei Honey from Positive Technologies.
To address vulnerabilities, an update from the manufacturer's website must be installed [1]
2015: FortiWeb 4000E and 3000E firewalls
On October 13, 2015, Fortinet announced the release of the new Web Application Protection Firewalls FortiWeb 4000E and 3000E.
Devices are designed to prevent theft of personal data, fraud and denial of service using a special layered application protection system.
FortiWeb 3000Е (2015)
The FortiWeb 4000E firewall provides 20 Gb/s bandwidth. This is the first firewall solution in the market to feature advanced anti-malware features built in, complemented by advanced Acunetix vulnerability scanning.
The FortiWeb Series Firewall Protection System includes FortiSandbox and advanced threat protection infrastructure, which provides comprehensive security for corporate networks from the most sophisticated cyber threats. FortiWeb enhancements provide advanced, tiered protection for applications across midsize and large organizations, application service providers, and SaaS providers that require the most efficient firewalls.
Real-time FortiWeb solutions receive updates from the FortiGuard Labs team, Fortinet Innovation and Threat Research. The device consists of three services:
- FortiWeb Security provides up-to-date, up-to-date protection against network vulnerabilities and suspicious URLs, and supports application-level security.
- IP Address Reputation Service is designed to protect against botnet attacks.
- Anti-malware and intrusion services proactively prevent malware infection.
All services operate in real time with support for a global network Fortinet of more than 2 million security tools. With these sensors Fortinet , the FortiGuard Labs team globally monitors the status of new, active threats and works to ensure that FortiWeb tools provide the highest level of protection in their field.
Availability
FortiWeb 4000E and 3000E are available for ordering.
2013: FortiWeb 5 OS
The new FortiWeb 5 OS system provides enhanced protection against growing threats and is compatible with all devices of the FortiWeb family, the development company said Fortinet on May 27, 2013. The product presents advanced features, including the ability to determine with a high degree of accuracy the origin of traffic, establish permissible and suspicious sources.
Using FortiWeb, you can recognize legitimate and known queries to search engines and distinguish them from scanners, bots and other threats. This enhances the analysis and detection of bots recently provided by the FortiGuard IP Reputation service, which monitors compromised IP addresses or IP addresses with abnormal activity.
Benefits of the new version
In their composition:
- Determining the source of inbound traffic: Given that 30% of traffic at the web application level comes from well-known search engines such as Google, Bing, Yahoo, etc., as well as due to the increase in the number of automated attacks, botnets, zombies and DDoS attacks, the need to correctly determine the sources of traffic is critical. FortiWeb 5 provides such an opportunity that organizations can protect and optimize their web applications.
- The new dashboard provides system administrators with an online visual view of incoming traffic at the web application level, enabling them to quickly determine whether bots are known search engines or malicious scanners.
- Faster browser responsiveness: FortiWeb 5 improves application-level protection against DoS attacks by improving browser responsiveness to better handle requests, determine user legitimacy, and protect against DoS attacks.
"FortiWeb 5 and new firewalls for web applications are designed specifically for the most demanding customers: large enterprises and service providers," said John Maddison, vice president of marketing at Fortinet. - These products not only provide better protection against vulnerabilities in the top 10 OWASP (Open Web Application Security Project), but also include an application-level load balancing tool that allows you to distribute traffic to multiple web servers. The FortiWeb product line combines industry-leading application-level security with optimal performance. "
2012
FortiWeb-4000C
The high FortiWeb-4000C performance required by large data centers supports up to 70,000 operations per second and has 2 Gb/s bandwidth. These key indicators are significantly higher than competing systems of the same class. The main feature of the FortiWeb-4000C is hardware acceleration, which also allows you to ensure real-time operation of the system to prevent leakage of credit card data and personal information. According to DLP policies, it is necessary to check both all outgoing data and information received from users, which requires significant processor resources. With special feature acceleration, DLP FortiWeb-4000C delivers record-breaking performance, freeing up core resources processor for other tasks.
FortiWeb-3000C FSX
FortiWeb-3000C FSX has the same set of features and benefits as FortiWeb-3000C, but also has an optical bypass module that meets the requirements of large data centers. Like the previous model, FortiWeb-3000C FSX offers customers flexible deployment options with intelligent seven-tier load balancing, while hardware and software acceleration improves application stability and optimizes resource utilization while reducing server response time.
FortiWeb 4.0 MP3
On all devices of family of the FortiWeb products the operating room sistemaFortiWeb 4.0 MP3 with advanced functions of registration of events and formations of the reporting improved by safety and the simplified procedures of a configuration is established.
FortiWeb 4.0 MP3 provides transparent integration with FortiAnalyzer, offering convenient means of centralized management of all logs and reports, which, unlike many competitors, allows you to abandon the collection and analysis of information by third-party devices. Real-time data processing is greatly simplified with the new FortiWeb interface, allowing you to analyze the use of web server resources and flexibly redistribute the load. In addition, security administrators can monitor events based on the geographic location of traffic sources and recipients, making it much easier to analyze and identify potential threats.
FortiWeb 4.0 MP3 has a new protection against denial of service (DoS) attacks. Using new algorithms, the family of FortiWeb products analyzes requests received from users, screening out illegitimate ones, and also provides the opportunity to block for a certain period of time, not only a specific connection, but also individual users. Implemented data compression support enables more efficient use of channel bandwidth and reduced response time. In addition, new enhancements to load balancing mechanisms allow traffic to be distributed based on checks and alerts in the event of server failures.
A new user interface was added to the updated operating system FortiWeb 4.0 MP3, which has quick settings and an intuitive interface similar to those used in the entire line of FortiGate.
"The need for web security is a priority now, as the number of web transactions is constantly growing, compliance is becoming more stringent, and more businesses and service providers are relying on web applications in their business," said Patrick Badwell, vice president of product marketing at Fortinet. "That's why we continue to develop innovative new web protection solutions that enable our customers to confidently move most of their services to. With the Internet advent of our new firewall FortiWeb, we will help customers protect what is now one of the top business priorities."
2010: Key features of FortiWeb
Key benefits of the August 2010 FortiWeb:
- Protects web applications and databases by blocking threats such as cross-site scripting, SQL injections, buffer overflow, including malicious files (file inclusion), denial of service, cookie poisoning, etc.
- It meets the requirements of PCI DSS 6.5 and 6.6, as it protects against the 10 most dangerous vulnerabilities announced by OWASP.
- Facilitates the deployment and administration of Web applications-Using FortiWeb keeps your Web application secure even when you make periodic changes and additions.