We've now reached the User layer in our Layered Security series. This article is part one of two, because there's a lot going on with this layer.
If you haven’t been following this series, you can catch up by using the link above or by checking out the PDF version, which contains all previous articles.
We’ve finally reached the user layer, which in many ways is the most important and also the most difficult. As mentioned before, 80-90% of the threats to your network can come from internal sources, aka your own users. These threats can occur by accident or, unfortunately, on purpose, but in the end the steps you should take to protect your network are the same.
Education has been a running theme throughout this series. It is particularly important now because, while there are security features at your disposal for this layer (more about them later), there are risks out there that you won’t be able to block completely.
And so you need to turn to your network users and give them the knowledge they need to protect your network. A few good areas to focus on are:
Because cyber threats are constantly evolving, cyber education is as well. You can find more resources at the end of this article to continue making users aware of the risks that are out there.
Once your users are on board with keeping the network secure, there are still a few FortiGate features you can use as added protection, in case someone tries to do something they shouldn’t.
While viruses come from external sources, they are still a risk for the user layer since users are often the ones downloading or opening the wrong files, and letting viruses loose in the network.
The beauty of AntiVirus is that once you have a subscription, you can turn it on and let the FortiGuard team do all the work. FortiGuard neutralizes an average of 14,000 malware programs per minute and adding 550,000 new and updated definitions per week, so you can rest assured that you are in good hands.
There are a few extra options available that work with AV. You can use sandboxing, either with a FortiSandbox or FortiCloud Sandboxing, to send suspicious files for inspection before allowing them on your network.
When using AntiVirus, you should be using full SSL inspection to make sure encrypted traffic is getting scanned. For more about this, check out the SysAdmin Note Why you should use SSL inspection.
Finally, if you ever want to test your AV, remember to head over to www.eicar.org, where you can find a number of anti malware testfiles that you can safely download.
Unlike AntiVirus, web filtering is a feature that requires more fine-tuning. Before you get started though, there is a key decision about how to approach web filtering: if you want to use the FortiGuard categories for web sites, or block sites on an individual basis using URL filtering (keep in mind that the two approaches can also be used together).
Categories vs URL filters
To help decide whether you should be using FortiGuard categories, where types of websites are grouped together, or URL filters, where each domain is dealt with separately, try taking this quick quiz:
ToIf you answered mostly A, considering trying out the FortiGuard Categories. If you answered mostly B, then give URL filters a try.
Once you've decided which approach to take, here's a recipe for each method to help get you started.