IDS: RE: Fortinet IDS

From: David Puckett <dpuckett_at_cityoforange.org>
Date: Thu, 21 Oct 2004 10:15:50 -0700

Will this also prevent spyware/malware/crapware?

Thanks,
David

-----Original Message-----
From: Ryan Whalen [mailto:whalenryan_at_hotmail.com]
Sent: Tuesday, October 19, 2004 1:28 PM
To: Jason; Ian Gallagher
Cc: Don Draper; focus-ids_at_securityfocus.com
Subject: Re: Fortinet IDS

I am using a Fortigate firewall. It inspects all traffic transparently for
IDS/Virus events.

I believe they used Snort for their IDS. Fortinet provides signature
updates for the IDS system several times a week. We are very happy with
this solution.

Ryan
----- Original Message -----
From: "Jason" <security_at_brvenik.com>
To: "Ian Gallagher" <cdine.org_at_gmail.com>
Cc: "Don Draper" <don_at_draperconsulting.com>; <focus-ids_at_securityfocus.com>
Sent: Monday, October 18, 2004 6:59 PM
Subject: Re: Fortinet IDS

>I am not sure how fortinet does it however I know snort-inline now has a
>clamav preprocessor that will scan for viruses in the traffic and block it
>if discovered. There is no proxy involved and all traffic is scanned based
>on a configuration you define. It is a recent development and sure to
>require beefy hardware but might be worth exploring for the edge points
>that require virus scanning. X-posting to snort-inline if they want to
>chime in.
>
> https://sourceforge.net/tracker/index.php?func=detail&aid=1012679&group_id=78497&atid=553469
>
>
>
> Ian Gallagher wrote:
>
>> I'm almost certain that their products scan transparently.
>>
>>
>> On 14 Oct 2004 13:30:38 -0000, Don Draper <don_at_draperconsulting.com>
>> wrote:
>>
>>> In-Reply-To: <200407270109.i6R19ZZr041277_at_mx-out.daemonmail.net>
>>>
>>> Does anyone know if Fortinet on-board virus scanning uses an SMTP
>>> proxy server? Or is it able to accomplish this transparently by
>>> simply inspecting the packets as most the IDS/IPS do.
>>>
>>> We just purchased a new Proventia M10 from ISS and have discovered
>>> that we cannot use it for Anti-Virus (email) or Anti-Spam due the
>>> ffact that it uses an on-board SMTP proxy server that does not
>>> support SMTP authentication among other issues. The IPS module does
>>> not need the proxy and works fine. Having on-board virus scanning
>>> at the network edge would be very helpful and Fortinet docs would
>>> make you think it is ALL done with packet inspection and without
>>> any nasty proxies in the middle. Does anyone know how this works?
>>>
>>> TIA,
>>>
>>> Don
>>>
>>> --------------------------------------------------------------------------
>>> Test Your IDS
>>>
>>> Is your IDS deployed correctly? Find out quickly and easily by
>>> testing it with real-world attacks from CORE IMPACT. Go to
>>> http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
>>> to learn
>>> more. --------------------------------------------------------------------------
>>>
>>>
>>>
>>
>>
>>
>
>
> --------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it with real-world attacks from
> CORE IMPACT.
> Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
> to learn more.
> --------------------------------------------------------------------------
>
>

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------

--------------------------------------------------------------------------
Test Your IDS