The Fortinet development team, working closely with NSS Labs, released an update to the FortiGate firewall to block the split handshake attack technique on April 20. This fix permanently addresses the split handshake issue identified by NSS and enables Fortinet customers to block it using just the FortiGate firewall function.
NSS has verified the effectiveness of Patch Release 6 in blocking the split handshake issue and updated its remediation guidance:
_Update: On April 21, 2011 Fortinet provided NSS Labs FortiOS 4.0 MR2 Patch 6. NSS Labs has confirmed that with the patch applied, Fortinet provides protection against the TCP Split Handshake _
The patch applies to FortiOS 4.0 MR2 and is available for download on our FortiCare support portal; we will release an update to FortiOS 4.0 MR3 in the near future.
We continue to recommend a UTM security strategy that utilizes integrated layers of protection as the best approach for blocking both network- and content-based threats. The majority of our customers have enabled additional security technologies such as IPS and application control with their firewall and are better protected against a wider range of attacks than using just the firewall technology.
In fact, customers deploying our IPS technology have been protected against the split handshake threat since 2006, when we released an IPS signature (TCP.Stealth.Activity) that blocks the malicious activity related to the split handshake technique. We have posted a brief video on our YouTube channel Adding the TCP Handshake to FortiGate showing how to enable the TCP.Stealth.Activity IPS signature.
We are committed to validating the performance of our network security solutions using rigorous third party testing and we look forward to working with NSS on future tests.
Customers who want additional information should click on one of the links above or speak to their Fortinet reseller.