We've now reached the User layer in our Layered Security series. This article is part one of two, because there's a lot going on with this layer.
If you haven’t been following this series, you can catch up by using the link above or by checking out the PDF version, which contains all previous articles.
The User Layer (Part 1)
We’ve finally reached the user layer, which in many ways is the most important and also the most difficult. As mentioned before, 80-90% of the threats to your network can come from internal sources, aka your own users. These threats can occur by accident or, unfortunately, on purpose, but in the end the steps you should take to protect your network are the same.
Education has been a running theme throughout this series. It is particularly important now because, while there are security features at your disposal for this layer (more about them later), there are risks out there that you won’t be able to block completely.
And so you need to turn to your network users and give them the knowledge they need to protect your network. A few good areas to focus on are:
- How to use passwords. The best way to increase users’ knowledge about passwords is to have everyone use a password manager, such as LastPass or 1Password. If this is not practical, there are other things you can do, such as raise awareness about the risks of reusing passwords or writing them down (where they can be seen by anyone).
- Recognizing dangerous emails. We’ve all heard about the risks of phishing and probably received an email or two with a suspicious-looking attachment. But how good are your users at determining if an email is legitimate or not? To brush up on these skills, you can take Fortinet’s Trick or Treat - a Phishing Quiz.
- Being careful about downloading/installing. While AntiVirus (which we’ll be talking about next) can stop a lot of the dangerous files out there, it’s not completely foolproof. Users should think about any files they download and avoid installing unapproved applications.
- If you aren’t using Bluetooth, turn it off. While Bluetooth is convenient, it can also be used as a gateway into your network, so don’t have it turned on if you don't need it.
- Include your computer in your spring cleaning. Users should regularly go through the apps that are on their computers/tablets/smart phones and consider deleting anything that isn’t used.
- Protect computers used to work remotely. Everything that applies to a computer at work also applies to any devices used to work remotely. Users should also be mindful of their surroundings if they are working in a public place and avoid connecting to unsecured WiFi, or letting anyone near by “shoulder surf.”
Because cyber threats are constantly evolving, cyber education is as well. You can find more resources at the end of this article to continue making users aware of the risks that are out there.
Once your users are on board with keeping the network secure, there are still a few FortiGate features you can use as added protection, in case someone tries to do something they shouldn’t.
AntiVirus - the simplest security feature
While viruses come from external sources, they are still a risk for the user layer since users are often the ones downloading or opening the wrong files, and letting viruses loose in the network.
The beauty of AntiVirus is that once you have a subscription, you can turn it on and let the FortiGuard team do all the work. FortiGuard neutralizes an average of 14,000 malware programs per minute and adding 550,000 new and updated definitions per week, so you can rest assured that you are in good hands.
There are a few extra options available that work with AV. You can use sandboxing, either with a FortiSandbox or FortiCloud Sandboxing, to send suspicious files for inspection before allowing them on your network.
When using AntiVirus, you should be using full SSL inspection to make sure encrypted traffic is getting scanned. For more about this, check out the SysAdmin Note Why you should use SSL inspection.
Finally, if you ever want to test your AV, remember to head over to www.eicar.org, where you can find a number of anti malware testfiles that you can safely download.
Unlike AntiVirus, web filtering is a feature that requires more fine-tuning. Before you get started though, there is a key decision about how to approach web filtering: if you want to use the FortiGuard categories for web sites, or block sites on an individual basis using URL filtering (keep in mind that the two approaches can also be used together).
Categories vs URL filters
To help decide whether you should be using FortiGuard categories, where types of websites are grouped together, or URL filters, where each domain is dealt with separately, try taking this quick quiz:
- How many sites do you wish to block/monitor?
- 20 or less
- What types of websites do you wish to block?
- I want to block a specific type(s) of sites (e.g. social media)
- Instead of blocking a type of sites, I want to block specific, individual sites
- How do you connect to the FortiGate?
- Using the GUI/web-based manager
- Using the CLI
ToIf you answered mostly A, considering trying out the FortiGuard Categories. If you answered mostly B, then give URL filters a try.
Once you've decided which approach to take, here's a recipe for each method to help get you started.
- FortiGate Security Profiles Handbook 5.2 | 5.0
- How Can I Protect Against Social Engineering Hacks?
- Social Engineering: Concepts and Solutions