FortiGate-50B FIPS 140-2 Security Policy
20
01-00000-0388-20070221
NIPS Attack Protection
Downloading updated IPS signatures or an updated IPS engine makes no
changes to the configuration or basic operation of the module. Verification of the
IPS download package is done using RSA. The IPS package is signed with the
FortiGuard server's private key and verified by the FortiGuard module using the
FortiGuard server's private key.
User defined attack signatures are also supported.
NIPS Attack Protection
The FortiGate NIPS can also protect the module itself from direct attacks, such as
TCP, ICMP, UDP, and IP attacks. Access is denied or packets are dropped when
an attack is detected. Attack parameters can be modified by the operator to
ensure that normal network traffic is not considered an attack.
Antivirus Protection
FortiGate antivirus protection scans for infected files in the protocols for which
antivirus protection as been enabled. Supported protocols include HTTP, FTP,
SMTP, POP3, IMAP, and IM. Each file is tested to determine the file type and to
determine the most effective method of scanning the file for viruses. For example,
binary files are scanned using binary virus scanning and Microsoft Office files
containing macros are scanned for macro viruses. If a file is found to contain a
virus it is removed from the content stream and replaced with a replacement
message.
FortiGate antivirus protection can also be configured to quarantine blocked or
infected files. The quarantined files are stored on the module's hard disk. An
operator can delete quarantined files from the hard disk or download them.
Downloaded quarantine files can be submitted to the FortiGuard Center as a virus
sample. FortiGate antivirus protection is transparent to the end user.
Downloading updated AV signatures or an updated AV engine makes no changes
to the configuration or basic operation of the module. Verification of the AV
download package is done using RSA. The AV package is signed with the
FortiGuard server's private key and verified by the FortiGuard module using the
FortiGuard server's private key.
FortiGate antivirus protection also detects and removes grayware such as
adware, spyware, etc.
Antispam Protection
FortiGuard antispam protection can detect spam in SMTP, POP3 or IMAP traffic.
Spam email is tagged or discarded. Spam detection methods include banned
words, black/white lists, return email DNS check and the FortiGuard antispam
service. The FortiGuard Antispam Service provides IP checking, URI address
checking and email checksum analysis.
To prevent unintentional tagging of email from legitimate senders, an operator can
add sender address patterns to an exempt list that overrides the email block and
banned word lists.