IDS mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Fortinet IDS

From: "David Puckett" <dpuckett () cityoforange org>
Date: Thu, 21 Oct 2004 10:15:50 -0700
Will this also prevent spyware/malware/crapware?

Thanks,
David

-----Original Message-----
From: Ryan Whalen [mailto:whalenryan () hotmail com]
Sent: Tuesday, October 19, 2004 1:28 PM
To: Jason; Ian Gallagher
Cc: Don Draper; focus-ids () securityfocus com
Subject: Re: Fortinet IDS


I am using a Fortigate firewall.  It inspects all traffic transparently for 
IDS/Virus events.

I believe they used Snort for their IDS.  Fortinet provides signature 
updates for the IDS system several times a week.  We are very happy with 
this solution.

Ryan
----- Original Message ----- 
From: "Jason" <security () brvenik com>
To: "Ian Gallagher" <cdine.org () gmail com>
Cc: "Don Draper" <don () draperconsulting com>; <focus-ids () securityfocus com>
Sent: Monday, October 18, 2004 6:59 PM
Subject: Re: Fortinet IDS



I am not sure how fortinet does it however I know snort-inline now has a 
clamav preprocessor that will scan for viruses in the traffic and block it 
if discovered. There is no proxy involved and all traffic is scanned based 
on a configuration you define. It is a recent development and sure to 
require beefy hardware but might be worth exploring for the edge points 
that require virus scanning. X-posting to snort-inline if they want to 
chime in.

https://sourceforge.net/tracker/index.php?func=detail&aid=1012679&group_id=78497&atid=553469



Ian Gallagher wrote:


I'm almost certain that their products scan transparently.


On 14 Oct 2004 13:30:38 -0000, Don Draper <don () draperconsulting com>
wrote:


In-Reply-To: <200407270109.i6R19ZZr041277 () mx-out daemonmail net>

Does anyone know if Fortinet on-board virus scanning uses an SMTP
proxy server? Or is it able to accomplish this transparently by
simply inspecting the packets as most the IDS/IPS do.

We just purchased a new Proventia M10 from ISS and have discovered
that we cannot use it for Anti-Virus (email) or Anti-Spam due the
ffact that it uses an on-board SMTP proxy server that does not
support SMTP authentication among other issues. The IPS module does
not need the proxy and works fine.  Having on-board virus scanning
at the network edge would be very helpful and Fortinet docs would
make you think it is ALL done with packet inspection and without
any nasty proxies in the middle. Does anyone know how this works?

TIA,

Don

--------------------------------------------------------------------------
 Test Your IDS

Is your IDS deployed correctly? Find out quickly and easily by
testing it with real-world attacks from CORE IMPACT. Go to
http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn 
more. --------------------------------------------------------------------------










--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------




--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: