• Samba เป็น Software ที่ช่วยให้สามารถ Share File และเครื่องพิมพ์บน Linux ให้กับระบบปฏิบัติการ Windows:
      itguest.blogspot.com/2011/04/file-sharing-samba.html

    • เจาะลึก Snoc กับบริการ Cloud สำหรับป้องกัน DDoS โดยเฉพาะ ที่ทุกองค์กรควรให้ความสนใจ:
      www.techtalkthai.com/snoc-cloud-ddos-protection-service-for-enterprise-and-ecommerce-websites

    • Snoc เปิดตัว Solution Version 3.0 พร้อมให้บริการ Web Application Firewall และ DDoS Protection:
      www.techtalkthai.com/snoc-introduces-snoc-3-0

    • เผย...ตลาดมืด Online รับยิง DDoS!!:
      www.techtalkthai.com/ddos-dark-market

    • นิ่งไปสามวิ! DDoS ติดโผ Datacenter Outage:
      www.techtalkthai.com/data-center-outage-by-ponemon

    • จะรู้ได้อย่างไรว่าเรากำลังถูกโจมตีแบบ DDoS:
      www.techtalkthai.com/how-to-know-you-are-under-ddos-attack

    • Introduction, Build the DDoS response plan with Checklist, How do you know when they DDoS you!, DDoS Mitigation Technique:
      www.snoc.co.th/wp-content/uploads/2015/09/Ebook-Final-V1.pdf

    • App VS Volume รู้ยัง! ตัวไหนโดนงัดมาใช้บ่อยสุด:
      www.snoc.co.th/infographics/app-vs-volume-attack

    • Attack of the year 2014: รู้ยัง! ว่าตัวไหนน:
      www.snoc.co.th/infographics/attack-of-the-year-2014

    • X-Forwarded-For (XFF):
      www.keycdn.com/support/x-forwarded-for

    • TCP 3-Way Handshake:
      www.facebook.com/networks365/posts/1690091114560337

    • www.icez.net/blog/69510/ddos-tcp-fin-flood

    • th.wikipedia.org/wiki/อินเทอร์เน็ตบอต

    • URL vs URI:
      www.bloggang.com/viewdiary.php?id=zkaru&month=08-2009&date=08&group=3&gblog=8

    • Basic Cryptography - Digital Certificate & SSL:
      kungfusecurity.wordpress.com/2011/08/28/basic-cryptography-5-digital-certificate

    • Cache คืออะไร:
      itnews4u.com/How-to-Clear-Cache-Browser.html

    • Penetration Tester:
      • app.cybrary.it/browse/course/comptia-linux-plus
      • app.cybrary.it/browse/course/comptia-security
      • app.cybrary.it/browse/course/ethical-hacking
        www.techworm.net/2016/07/10-youtube-channels-learning-ethical-hacking-course-online.html
      • EC-Council CHFI

    • Security Operations Center (SOC) Analyst - Add below:
      • app.cybrary.it/browse/course/comptia-network-plus
      • app.cybrary.it/browse/course/comptia-casp

    • Cyber Security Engineer - Add below:
      • app.cybrary.it/browse/course/comptia-cloud-plus
      • app.cybrary.it/browse/course/cisco-ccna
      • app.cybrary.it/browse/course/comptia-cysa-2018
      • app.cybrary.it/browse/course/cissp
      • app.cybrary.it/browse/course/cism
      • app.cybrary.it/browse/course/project-management-professional
      • app.cybrary.it/browse/course/isc2-certified-cloud-security-professional-ccsp

    • www.facebook.com/longhackz

    • หลักแห่งการออกแบบระบบอย่างมั่นคงปลอดภัย (Secure Design Principles):
      medium.com/incognitolab/64a5ba0c6142

    • Example Attacks:
      • blog.endace.com/2013/08/27/ddos-attacks-on-port-0-does-it-mean-what-you-think-it-does
      • www.techtalkthai.com/blacknurse-dos-attack-server-firewalls
      • notebookspec.com/ทำความรู้จักกับ-distributed-denial-of-service-ddos/36287
      • arit.rmutsv.ac.th/th/blogs/80-sql-injection-คืออะไร-757
      • www.thaicert.or.th/downloads/presentations/20150507_Seminar_Dataone_.pdf

    Palo Alto:

    • PA-200, PA-3000, PA-5000, and PA-7000 models are the Palo Alto Networks next-generation firewall models.

    • Control and data planes are found in Palo Alto Networks single-pass platform architecture.

    • The strength of the Palo Alto Networks firewall is its Single-Pass Parallel Processing (SP3) engine.

    • PA-5280 new firewall model was introduced with PAN-OS® 8.1 with double the data-plane memory.

    • Palo Alto Networks firewall are built with a dedicated out-of-band management port that has Labeled MGT by default, Passes only management traffic for the device and cannot be configured as a standard traffic port, and Administrators use the out-of-band management port for direct connectivity to the management plane of the firewall attributes.

    • Can revert the candidate configuration to the running configuration, Clicking Save creates a copy of the current candidate configuration, and Choosing Commit updates the running configuration with the contents of the candidate configuration.

    • Firewall administrator accounts can be individualized for user needs, granting or restricting permissions as appropriate.

    • Firewall administration can be done using web interface, Panorama, command line interface, or XML API.

    • Service routes can be used to configure an in-band port to access external services.

    • Virtual routers provide support for static routing and dynamic routing using OSPF, RIPv2, and BGP protocols.

    • Layer 3, Tap, and Virtual Wire interface types are valid on a Palo Alto Networks firewall.

    • Intrazone traffic is allowed by default but interzone traffic is blocked by default.

    • A Virtual Wire (vwire) interface sometimes called a Bump in the Wire or Transparent In-Line, no support for routing or device management, and support NAT, Content-ID, and User-ID.

    • A Layer 3 interface can be configured as dual stack with both IPv4 and IPv6 addresses.

    • Source Zone, Username, URL, and Application items are possible network traffic match criteria in a Security policy on a Palo Alto Networks firewall.

    • Universal type of Security policy rules is the default rule type.

    • The intrazone-default and interzone-default rules can be modified.

    • dynamic IP, dynamic IP/Port, and static are names of valid source NAT translation types.

    • Logging on intrazone-default and interzone-default Security policy rules is disabled by default.

    • Logs can be forwarded to Email, Syslog, Panorama, or SNMP the Remote Logging Destinations.

    • A log can be exported to CSV format.

    • A Report Group must be sent as a scheduled email. It cannot be downloaded directly.

    • A SaaS application that formally approve for use on network is sanctioned of application.

    • only one firewall actively processes traffic, no increase in session capacity and throughput, and supports Virtual Wire, Layer 2, and Layer 3 deployments attributes describe an active/passive HA firewall configuration.

    • configuration synchronization, heartbeats, and hellos are types of traffic flow across the HA Control link.

    • On a firewall with dedicated HA ports, Data link describes the function of the HA2 port.

    • A Backup Control link helps prevent split-brain operation in a firewall HA cluster.

    • heartbeats and hellos, internal health checks, link and path groups are failure detection methods in a firewall HA cluster.

    • A Security policy rule displayed in italic font indicates The rule is disabled condition.

    • A Server Profile enables a firewall to locate a server with remote user accounts server type.

    • An Antivirus Security Profile specifies Actions and WildFire Actions. WildFire Actions enable to configure the firewall to perform Block traffic when a WildFire virus signature is detected operation.

    • An Interface Management Profile can be attached to Layer 3 and Loopback interface types.

    • App-ID running on a firewall identifies applications using Program heuristics, Application signature, and Known protocol decoders methods.
    B-)
  • 5 Comments sorted by
    • Finding URLs matched to the not-resolved URL category in the URL Filtering log file might indicate that should take Validate connectivity to the PAN-DB cloud action.

    • If a DNS sinkhole is configured, any sinkhole actions indicating a potentially infected host are recorded in Threat log type.

    • If there is an HA configuration mismatch between firewalls during peer negotiation, NON-FUNCTIONAL will the passive firewall enter.

    • In s Security Profile, The traffic responder is reset and For UDP sessions, the connection is dropped action does a firewall take when the profiles action is configured as Reset Server.

    • In an HA configuration, networks, objects, and policies components are synchronized between the pair of firewalls.

    • In an HA configuration, path monitoring and heartbeats failure detection methods rely on ICMP ping.

    • On a firewall that has 32 Ethernet ports and is configured with a dynamic IP and port (DIPP) NAT oversubscription rate of 2x, 128K is the maximum number of concurrent sessions supported by each available IP address (2x64K layer 4 protocol ports).

    • SSL Inbound Inspection requires that the firewall be configured with server's digital certificate and private key components.

    • The User-ID feature is enabled per firewall security zone.

    • The WildFire Portal website supports upload files to WildFire for analysis, report incorrect verdicts, and view WildFire verdicts operations.

    • dataplane and control/management plane are the separate planes that make up the PAN-OS architecture.

    • Pre-Logon, User-Logon, and On-demand are connection methods for the GlobalProtect agent.

    • untrusted and expired certificate checking are benefits of attaching a Decryption Profile to a Decryption policy no-decrypt rule.

    • When SSL traffic passes through the firewall, Security policy component is evaluated first.

    • GlobalProtect Portal does a GlobalProtect client connect to first when trying to connect to the network.

    • Continue action in a File Blocking Security Profile results in the user being prompted to verify a file transfer.

    • Continue, Block, Override, and Alert actions can be applied to traffic matching a URL Filtering Security Profile.

    • Tab, Layer 2, and Layer 3 interface types require configuration changes to adjacent network devices.

    • It determines which firewall services are accessible from external devices describes a function provided by an Interface Management Profile.

    • There is a single, per-firewall password is a URL Filtering Profile override password.

    • file traversing the firewall, email attachments, and URL links found in email components can be sent to WildFire for analysis.

    • Virtual Wire, Layer 2, and Layer 3 interface types can control or shape network traffic.

    • Default gateway, Netmask, and IP address MGT port configuration settings are required in order to access the WebUI from a remote subnet.

    • .dll and .exe file types can be sent to WildFire for analysis if a firewall has only a standard subscription service.

    • dynamic update antivirus, WildFire antivirus, and dynamic update threat signatures are type of content update have to be scheduled for download on the firewall.

    • GlobalProtect user mapping method is recommended for a highly mobile user base.

    • GlobalProtect clientless VPN provides secure remote access to web applications that use HTML5, JavaScript, and HTML technologies.

    • URL Filtering, Threat Prevention, and WildFire® subscription services are included as part of the GlobalProtect cloud service.


    • 20 is the maximum number of WildFire® appliances that can be grouped in to a WildFire®
      appliance cluster.

    • The decryption broker feature is supported by PA-7000, 3200, and 5200 Palo Alto Networks firewall series.

    • Dropbox, Google, and YouTube HTTP header insertion types are predefined.

    • VM-50 Lite VM-Series model was introduced with the release of PAN-OS® 8.1.


    • docs.paloaltonetworks.com/pan-os/7-1/pan-os-admin/policy/use-case-pbf-for-outbound-access-with-dual-isps

    What should be considered when buying a firewall?:
    1. Interface Port: 1G/10G, UTP/SFP
    2. Throughput: Firewall, SSL-VPN
    www.fortinet.com/products/next-generation-firewall.html#models-specs

    •  ทำความรู้จักกับ Palo Alto Networks NGFW:
      running-config.blogspot.com/2014/09/palo-alto-networks-ngfw.html

    • คู่มือการใช้งาน FortiGate:
      www.facebook.com/fortinetthai/posts/1838753912813029
      www.facebook.com/youanyway/posts/2361502337406214

    Fortinet:

    • Attacking systems by exploiting otherwise unknown and unpatched vulnerabilities is also known as Zero-day exploits.

    • Political, social, or moral disagreements are the primary motivations of the "Hacktivist".

    • Command & Control (C&C) Server is central component necessary to form a botnet.

    • Phishing is it called when a fraudulent email masquerades as a legitimate communication in an attempt to get a user to reveal sensitive information.

    • Intimidation through disruption and damage is the goal of the "Cyber Terrorist".

    • Notoriety is the motivation of the bad actor known as the "Explorer".

    • Ideology is the motivation of the "Cyber Terrorist".

    • Money is the motive of the "Cyber Criminal".

    • Ransomware is the name of the malware that takes over a computer system and holds hostage the disk drives or other data.

    • The political interest of their country's government is the primary motivation of the "Cyber Warrior".

    • More complicated and more expensive does implementing multiple security point products from multiple vendors affect managing an environment.

    • Internally to the CIO's company, Productivity is reduced is the overall impact when a cyber attack causes extended downtime, and employees' time is diverted to post-attack activities.

    • On average, CIOs have the shortest tenures among C-level executives.

    • Regulatory fines related to serious breaches can be characterized in They can be enormous and seriously impact the bottom line way.

    • Implementing cyber security is becoming a regular topic between CIOs, the other C-level executives, and the board of directors.

    • Controlling the Information Technology (IT) resources of a company is the primary responsibility of a CIO.

    • Analyze and design the IT infrastructure so that it aligns with those business goals a CIO will do once they understand the company's business goals and priorities.

    • When investments are made in IT infrastructure, Show how these investments deliver measurable results should a CIO do next.

    • When the general public learns of a serious breach, An erosion of trust leading to a decline in business with the breached company is their likely reaction.

    • A CIO must work closely with the other C-level executives To understand the company's business goals and priorities.
    B-)
    • The role of CISO is relatively new present.

    • In many of the breaches, tens of millions of credit cards become compromised, and personally identifiable information for millions of individuals are stolen. Class-action lawsuits is one result.

    • Thought leadership, partnership development, and customer engagement are ways CISOs often expected to represent the company.

    • Originally, the role of CISO was mostly concerned with Compliance topic.

    • It must be secured and protected just the same can be said for a company's data that resides outside their buildings.

    • A concrete assessment of information risk and value do the other C-level executives want from a CISO.

    • Huge fines is the result of these breaches becoming the targets of government regulators.

    • Shadow IT is the term for when departments or individuals go outside the corporate policies and spin up their own applications, utilize unapproved or uncoordinated SaaS services, or otherwise allow what may be key information assets to be stored out of our control.

    • The loss of customer trust and lasting damage to brand reputation results from the loss of control of customers' personally identifiable information.

    • Scattered all over the place are the information assets in a typical company today.

    • A CFO's responsibility is to manage financial risk, and that covers All the information and data in the company.

    • Being trustworthy with customer data is now a part of Building brand loyalty outcome.

    • A CFO treat intangible assets such as intellectual property, trade secrets, manufacturing methods, and the information about customers does Just as responsible for the financial risks to those information assets as any others.

    • Looking into the past, a CFO will create Reporting on the prior financial performance of the company.

    • Since it uses information from every corner of the business, Accurate and trustworthy information does a company's Enterprise Resource Planning (ERP) system require to help the CFO understand what's happening now, and plan for the future.

    • From having to re-state the data, to being found in violation of financial regulations are the consequences if a CFO's reports are not accurate.

    • Access to good information does a CFO rely on to create forecasts of what will happen to the company in the future.

    • To manage the finances and the financial risks of the company is the primary responsibility of a CFO.

    • Cyber threats poses one of the greatest risks to the financial value of a company's information assets.

    • Analyzes the financial impact role does a CFO play in new business initiatives, product launches and/or new service offerings.

    • Launch a browser or app manually, then log into their website to investigate the issue should do if get an unsolicited email from an otherwise trusted source that says to click a link.

    • Two-factor authentication uses the combination of "something know" with "Something have" elements.

    • Many cyber attacks exploit unpatched vulnerabilities is the risky to keep using old, unsupported / no longer supported/updated operating systems.

    • Set up regular backups action can be taken in advance to help protect data from corruption from malware.

    • Use different passwords for each system or website is the recommendation for passwords on all the systems and websites that use.

    • A password manager tool can use to help "remember" all passwords.

    • To prevent spammers from learning that have seen one of their emails, Set email client to not automatically download the images in email messages.

    • When receive an unsolicited email, Don't open the attachment should do if it has an attachment.

    • If the bad guys break into one of the password, they have password for all of them is a security problem if use the same password for all the systems and websites.

    • On a regular basis should change passwords.

    • SaaS mean Software as a Service.

    • Cloud computing is The practice of using a network of remote servers hosted on the internet to store, manage, and process data, rather than a local server or a personal computer.

    • Google Cloud, Azure, and AWS are the cloud service vendors with the Fortinet Security Fabric integrates.

    • The reason that drove organizations from the traditional network architecture to the cloud was The cost savings that are realized when moving from owning expensive hardware that is only partially utilized to renting only when needed.

    • Virtualization was the technology that made cloud computing possible.

    • When a customer's data and services are moved to the cloud, ultimately The customer has the responsibility for security.

    • Basic cloud security can be achieved by native cloud security tools. Customers are sometimes not aware of the limitations of native cloud security tools is a potential problem should customers rely solely.

    • The attributes identified with an MPLS network:
      • Data packets are assigned a label and each label is associated with a pre-determined path through the network.
      • The data-center is the only conduit to the internet.

    • The weaknesses of SD-WAN:
      • Multiple access points to the internet exposes the network to more points of attack.
      • There is no built-in defense against advanced cyber-attacks.

    • The traditional network that supported multiple geographic locations used dedicated high-speed lines to send data between HQ and its branches. An attribute of this type of network is The data line was not shared with other organizations.

    • Scalability was a major weakness of the traditional network that MPLS solved.

    • FortiGate is the name of the Fortinet product that provides both SD-WAN and NGFW security.

    • The principal architectural difference between MPLS and SD-WAN as it affects latency is In an MPLS network only the data-center has direct internet access, while in an SD-WAN network there are multiple access points.

    • With the rise of the Internet, The rate increased tremendously that new malware variants appear.

    • Anti-virus software were the early forms of endpoint security products known as.

    • An endpoint devices are Smartphone, Laptop, and IoT device.

    • Go beyond simple signature comparisons must modern endpoint solutions do to be effective today.

    • Modern endpoint solutions must identify existing, known and Unknown threats.

    • Compare the signature of the file with a list of known virus signatures method did the early antivirus products use to detect malware.

    • Reasons why should care about the security of endpoint devices:
      • The endpoints hold valuable data.
      • The endpoints can be a way to access other important data and devices on the network.

    • FortiGuard Labs is the name of Fortinet's threat intelligence service.

    • Sand-boxing security technology was created to detect the unknown threats that, for example, don't appear in lists of known malware signatures.

    • Beyond sand-boxing, Artificial Intelligence (AI) and Machine Learning technologies are being developed by the vendors' threat intelligence services.

    • The one-to-one malware signature matching method no longer worked security challenge was created when the malware authors began to make malware that morphs into different forms.
    B-)
  • Lab:

    Palo Alto 1:
    image
    1. Management (MGMT):
      WAN:
      Network > Interfaces > Ethernet > ethernet1/1-2 >
       - Interface Type: Layer3
       - Virtual Router: default
       - IPv4 > Static > x.223.40.139/24
       - Advanced > Management Profile > Add > Name: mgmt, Tick HTTPS, Ping, SSH

      Delete Virtual Wires

      Zones > Add >
       - Name: WAN
       - Type: layer3
       - Interface: ethernet1/1-2

      Commit

    2. Default Route:
      Virtual Router > default > Static Routes > Add
       - Name: WAN1
       - Destination: 0.0.0.0/0
       - Interface: ethernet1/1
       - Next Hop: IP Address: x.223.40.254
       - Metric: like router cost prefer lower

      SSH2:
      > ping source x.223.40.139 host 8.8.8.8
      > ping source x.246.236.100 host 8.8.8.8

      Change password:
      Device > Administrators

    3. Sub-interface:
      LAN:
      Network > Interfaces > Ethernet > ethernet1/3 >
       - Interface Type: Layer3
       - Virtual Router: default

      Network Profiles > Interface Mgmt > Add >
       - Name: Lan
       - Tick: Ping, HTTPS

      Choose ethernet1/3 > Add Subinterface >
       - Interface Name ethernet1/3.40
       - Tag: 40
       - Virtual Router: default
       - IPv4 > Static > 192.168.4.254
       - Advanced > Management Profile: Lan

      Zones > Add >
       - Name: EN
       - Type: Layer3
       - Add: Interface ethernet1/3.40

      DHCP > Add >
       - Interface: ethernet1/3.40
       - Mode: auto
       - Add: 192.168.4.100-192.168.4.200 > Options >
       - Gateway: 192.168.4.254
       - Subnet Mask: 255.255.255.0
       - Primary DNS: 8.8.8.8
       - Secondary DNS: 8.8.4.4

    4. Route back:
      Virtual Routers > Static Routes > Add >
       - Name: 4
       - Destination: 192.168.4.0/24
       - Interface: ethernet1/3.40
       - Next Hop: None

    5. NAT:
      Objects > Add >
       - Name: EN
       - Type: IP Netmask, 192.168.4.0/24

      Policies > NAT > Add >
       - Name: internet > Original Packet >
       - Source Zone: EN
       - Destination Zone: WAN
       - Source Address: EN > Translated Packet >
       - Translation Type: Dynamic IP & Port
       - Address Type: Interface Address
       - Interface: ethernet1/1
       - IP Address: x.223.40.139

    6. Policy Based Routing/Forwarding (PBR/PBF):
      to access internet via WAN2 & Monitor WAN Links:
      Policy Based Forwarding > Add >
       - Name: internet
    Cr: BenGy@ProEn B-)
    • The various vendors do share their threat information with other vendors Because it's not the threat information that sets vendors apart, it's what they can do with it.

    • The threat intelligence service catalogs the knowledge about existing or emerging attacks, including the specific mechanisms of the attack, the evidence that the attack has happened. This is also known by Indicators of Compromise term.

    • Along with firewalls, most networks rely on a set of network services to function properly or provide different types of network security functions. DHCP, Endpoint control, and Anti-virus are examples of these services.

    • In network security, Control the flow of network traffic is the purpose of a firewall.

    • Second generation firewalls were designed to add more functionality. They observe network connections over time and continuously examine conversations between endpoints did additional functionality they bring.

    • FortiGate is Fortinet's range of firewall devices called.

    • Provide application layer filtering as they understand different protocols is third generation firewalls do that previous generations did not.

    • FortiGuard Labs works closely with FortiGate firewall products to provide the highest level of network security.

    • Block the packet and send a message to the sender and Silently drop the packet are early packet filter firewalls do when they detected a packet that did not comply with their rules.

    • NAC stand for Network Access Control.

    • Reasons why should care about the FortiNAC solution:
      • FortiNAC solution has complete visibility into the network.
      • FortiNAC is integrated into the security framework.
      • FortiNAC can profile headless devices that are not equipped with an agent.

    • BYOD (Bring Your Own Device) is The practice of allowing the employees to use their own computers, smartphones, or other devices for work purposes.

    • BYODs and IoTs connecting to a network are some of business needs that were recently introduced in network security.

    • Some NAC under-performs in wired environments, creating a security vulnerability is one of shortcomings of NAC solutions.

    • When NAC is introduced, Profiles all connected devices is one of the first tasks it does.

    • A "zero-day attack" is Exploiting an unknown deficiency in code.

    • Business problems which FortiSandbox trying to solve are:
      • Presence of malignant code that is designed to exploit a specific weakness in an OS or application.
      • Between security and performance, business often chooses performance.

    • The purpose of the sandbox is To observe the activity of unknown code in a quarantined environment.

    • The problems that network security was experiencing before sandbox are:
      • The security products did not communicate with other security devices on the network.
      • Its inability to handle a coordinated attack using different threat vectors and methods.

    • Reasons why the sandbox solution was added to network security:
      • Unknown threats needed to be quarantined.
      • Firewalls and AVs were helpless against unknown threats.

    • The sandbox characteristics:
      • If something unexpected or wanton happens, it affects only the sandbox.
      • Sandbox confines the actions of code to the sandbox device and in isolation to the rest of the network.

    • The code could be expunged happens to the code if the sandbox detects that it has malicious intent.

    • Data Leak Prevention (DLP) feature can be added to Secure Email Gateway.

    • Reasons why the Sender Policy Framework (SPF) needs to be deployed:
      • SPF is an email authentication method that detects bogus sender addresses and emails.
      • SPF secures the network by strengthening the authentication method.

    • Spam filters identify certain words or patterns in the headers or bodies of the messages in order to validate the email content.

    • Phishing is Practice of tricking unsuspecting people to reveal sensitive information or to extract money.

    • The characteristics of FortiMail:
      • FortiMail integrates with firewalls and sandboxing solutions.
      • FortiMail is a Secure Email Gateway (SEG).

    • The benefits of FortiMail integration are FortiMail can be integrated with edge and segmentation firewalls.

    • The benefits of FortiMail are:
      • FortiMail deploys anti-virus scanners.
      • FortiMail integrates with firewalls and sandboxing solutions.
      • FortiMail adds threat emulation and sandboxing.

    • SIEM is Security Information and Event Management.

    • The Fortinet's SIEM product is FortiSIEM.

    • SIEM evolved from an information platform to a threat intelligence center to a fully integrated and automated center for security and network operations.

    • Tasks technology needs to do to satisfy compliance requirements:
      • Monitor, correlate, and notify events in real-time.
      • Aggregate logs from many network sources.
      • Store log data for a length of time to satisfy auditing requirements.

    • The problems that SIEM solves:
      • Cyber-attacks have become more sophisticated and stealthy.
      • Security teams fail to discover breaches until months after it had occurred.
      • The technology was complex and difficult to tune; it was difficult to identify attacks; and it demanded a high-level of skill on the part of the professional.

    • The requirements that SIEM grew out of:
      • To measure and prove compliance to various legislation.
      • To contend with the flood of alerts issued from IPSs and IDSs.

    • PCI, HIPAA, and GDPR Regulatory standards and acts businesses, hospitals, and other organizations must comply with.

    • FortiSandbox and FortiGate can be integrated with FortiWeb.

    • An application white list is A list of legitimate web applications.

    • A Web Application Firewall does monitors and blocks HTTP traffic to and from a web application.

    • The precursor to the Web Application Firewall was Application Firewall.

    • How does machine learning help to make modern Web Application Firewalls more effective:
      • They can adapt to the ever-changing attributes of the threat.
      • Behaviour analysis can be done at machine speeds.

    • Web Application Firewalls do that traditional edge firewalls do not:
      • Maintain a blacklist of dangerous web applications.
      • Create whitelist of applications over time.

    • Signature-based detection alone can generate many false positives is the signature-based approach of defense obsolete when considering Web Application Firewalls.

    • To protect children from accessing inappropriate content was the initial motivation for Web Filtering.

    • FortiClient, FortiAP, and FortiGate products has Fortinet integrated Web Filters into.

    • Web Filters consult a URL database that lists websites and domains that are known to host harmful tools is a typical method used by them to block web sites.

    • Web Filters use a set of rules to determine which web sites are blocked. The company or individual installing the application sets the rules in place.

    • Prevent users from accessing websites that contain malware and objectionable content do why customers need Web Filters.
    B-)
    • A Web Filter do:
      • Examines incoming web pages to determine if some or all of the content should be blocked.
      • Makes decisions based on rules set in place by the company.

    • Wi-Fi is Technology for radio wireless local area networking.

    • We need wireless security To prevent eavesdropping by bad actors.

    • WPA stand for Wi-Fi Protected Access.

    • Connection to a Wireless Access Point is required to enable a Wi-Fi connection from an end-user's device.

    • IEEE 802.11 standard is Wi-Fi based on.

    • In 1988 year did we see the rise of the first Wireless Local Access Network.

    • EMS is used to deploy, automatically provision, and manage FortiClient endpoint product.

    • Endpoint Protection, Advanced Threat Protection, Secure Remote Access, and Fabric Agent are the four elements of FortiClient's security stack.

    • Endpoint Telemetry & Compliance additional license is required to gain endpoint visibility and enforce compliance on the network.

    • Endpoints remain the targets of attacks should be drawn when 44% of companies admit to having their endpoints compromised, 30% of those breaches included the installation of malware, and 16% were ransomware.

    • FortiClient includes SSL/IPsec VPN client with built-in support for two-factor authentication and single sign-on.

    • FortiClient integrates with The Fortinet Security Fabric security platform to increase visibility and compliance control.

    • FortiClient is a strong competitor due to these factors:
      • Automatic remediation
      • Integration with the Security Fabric
      • Built-in VPN with two-factor authentication and single sign-on

    • FortiClient product is a unified security endpoint that is integrated with the Security Fabric and automates remediation.

    • FortiClient supports Windows, Mac OS, Linux, iOS, and Android platforms and is managed by Enterprise Management Server (EMS) product.

    • In addition to quarantining malicious files, submitting objects to FortiSandbox for analysis, and applying patches, Quarantining entire suspicious or compromised endpoints function can FortiClient automate by integrating with the Security Fabric.

    • Industry analyst groups have identified main endpoint security gaps:
      • Attacks are moving faster then ever.
      • There is a lack of visibility to the endpoints that are connecting to the network.
      • Unpatched vulnerabilities are an issue.

    • Software Inventory FortiClient feature gives an administrator visibility into which software is installed on the endpoint.

    • The word Modular best describes the overall architecture of FortiClient.

    • With the endpoint telemetry and compliance licenses applied, FortiClient can register with FortiGate and FortiAnalyzer types of devices to enforce compliance and share telemetry data with the Security Fabric.

    • FortiGate 5000 and 7000 series are chassis-based.

    • Fortinet vendor has, by far, the highest number of third-party validations and certifications.

    • Modularity, Future growth, High throughput, and Reliability are reasons why customer choose chassis firewalls.

    • Six different hardware configuration combinations are available for the FortiGate 7040E.

    • The FortiGate 5144C chassis firewall is ideally suited for carrier environments as well as Large enterprise networks environment.
    B-)