Fortinet opublikował aktualizację dla FortiDeceptor, oznaczoną numerem wersji 5.3.0! Nowa oprogramowanie przynosi nowe wabiki, między innymi NGINX, EV CPO. Rozszerzono również wsparcie dla własnych konfiguracji wabików dla większej ilości systemów z rodziny Linux – na przykład Ubuntu v.20.04, RedHat v.8 & v.9. Nowa wersja to również ulepszony wabik kontrolera domeny, bazujący na systemie Windows Server 2019.
Aktualnie wspierane modele:
| FortiDeceptor | FDC-100G, FDR-100G, FDC-1000G, |
| FortiDeceptor VM | FDC-VM (VMware ESXi, KVM, Hyper-V, AWS, GCP, and Azure), FDCVME (Fortideceptor Edge) |
Nowości w FortiDeceptor 5.3.0:
New IT Decoys:
- NGINX is a popular software for web serving, reverse proxying, caching, load balancing, media streaming, and more. This web server is always a target for threat actors and APT when Deception applications are a key component for detecting attacks against critical applications.
- EV CPOs (Charge Point Operator) provide the charging network infrastructure, managing the backend technologies as well as the communications between the backend system and the chargers to deliver reliable and consistent electric vehicle charging. Cyber attackers could disable Electric Vehicles (EV) Charge Point (CP) and cause a service disruption. Using Deception Decoys running EV CPO software will provide early breach detection capability with a passive footprint inside the critical infrastructure.
- We expanded the support of the Decoy customization feature with more Linux OSs like Ubuntu V.20.04 and RedHat v.8 & V.9.
- We expanded the Outbreak vulnerability and added Adobe ColdFusion Deserialization of Untrusted Data Vulnerabilities.
- We improved the custom decoy feature to support Domain Controller installation customization based on Windows Server 2019 decoy.
New Virtual Appliance:
- A new FortiDeceptor Edge virtual appliance (FDCVME) allows you to deploy a remote lightweight appliance and run decoys directly from the FortiDeceptor central manager over a propriety Layer2 tunnel. This new technology simplifies remote site deployment that does not require a massive deception deployment.
- We improved the FortiDeceptor KVM virtual appliance deployment and installation.
OT decoys:
- We improved the OT Profinet protocol to handle PROFINET DCP packets used for Discovery and basic Configuration Protocol over MultiCast packets. We added the option for users to turn the Profinet reconnaissance detection on/off.
New IoT decoys:
We expanded the IoT decoys offering by adding a MicroTik router decoy. In the last two years, the MicroTik router was a target of cyber attacks, for example, the botnet Meris, which was behind some of the biggest DDoS attacks in 2021. Using a MicroTik router decoy can provide an early breach detection to any cyber attack using known/unknown exploits.
New Deception Token:
- We improved the A/D deception token for better deployment and added more detection capabilities.
General:
- We expanded the scalability of FortiDeceptor Central Manager to support more than 200 remote appliances under a single Central Manager.
- We expanded the FortiDeceptor Central Manager deployment support, and now you can deploy FortiDeceptor Central Manager over the public cloud, supporting Azure, AWS, and GCP.
- We expanded the networking configuration and allow the end user to configure overlapping VLAN/Subnet on different physical interfaces in a standalone appliance or managed by a Central Manager.
- We increased the FDC Web-UI login „lock out” from 3 to 5 login attempts with the wrong password.
- FortiDeceptor UI migration to the Neutrino framework covers modules like incident campaign, incident table, Fabric/Quarantine, safelist, and Fabric/IOC Export.
Rozwiązane problemy:
GUI
| Bug ID | Description |
|---|---|
| 768406 | Conserve mode when disk usage above threshold. |
| 952722 | Supports five false login attempts. |
| 946523 | Allow user to configure overlapping VLAN/Subnet on different physical interfaces in standalone and CM. |
| 972483 | Manually uploading AV EXDB exceeds GUI file upload size limitation. |
CLI
| Bug ID | Description |
|---|---|
| 962479 | FDC-1000G shows wrong message on execute disk-attributes,disk-errors,disk-health,disk-info commands. |
| 956698 | Improve the CLI command dcvm-license to display more information. |
Central Management
| Bug ID | Description |
|---|---|
| 947377 | Support more than 200 regular clients in CM manager. |
Deception
| Bug ID | Description |
|---|---|
| 936961 | Anti-detection support AD lure account (cached credential). |
| 949721 | Support Ubuntu Linux decoy customization. |
| 949692 | Support EV CPO Decoy. |
| 949688 | Support NGINX server decoy. |
| 949687 | Support MikroTik Router decoy. |
| 964115 | Provide customizable group option for Profinet decoy to report less reconnaissance events for multicast traffic |
| 933775 | Support events threshold to avoid incidents and events issue if massive attack activities happen to decoys. |
| 969489 | Custom decoy cannot boot with winserver2019. |
| 973263 | win2016AD fails to initialize when Windows Firewall Service is disabled. |
Incident
| Bug ID | Description |
|---|---|
| 970927 | Time selector for PDF export does not work on Firefox. |
Fabric
| Bug ID | Description |
|---|---|
| 918317 | Re-implement Fabric/Quarantine Status with Neutrino framework and our new REST API standard. |
| 918321 | Re-implement Fabric/IOC Export with Neutrino framework. |
| 976787 | Fabric connector with FNAC F7.2 no longer working. |
System
| Bug ID | Description |
|---|---|
| 972099 | FortiDeceptor SSO with Azure not working. |
FortiDeceptor Cloud
| Bug ID | Description |
|---|---|
| 967133 | ImproveKVM installation script (fdc-kvm.sh) and installation guide. |
| 941549 | Implement new manager mode to support manager functionality on public cloud. |
Other
| Bug ID | Description |
|---|---|
| 890820 | Support high efficient file system structure for data storage. |
| 933725 | Support filter for ARP/RARP flip event in safe list. |
| 949142 | Migrate the safelist to neutrino components. |
| 945892 | Disk space is utilized very quickly. |
| 957277 | Implement diagnose logs download on GUI. |
| 956220 | CM environment Safelist mis-match. |
Znane problemy:
GUI
| Bug ID | Description |
|---|---|
| 962327 | Incident page Export to CSV does not follow customized columns. |
| 981976 | Upload license name with () returns invalid request. |
CLI
| Bug ID | Description |
|---|---|
| 976074 | CLI: Not all commands can use the Tab button to finish the CLI line. |
| 983520 | Issue with DMZ-mode -d message . |
Deception
| Bug ID | Description |
|---|---|
| 954847 | Improve the performance of the Deployment Map. |
| 971547 | Deception OS: Windows Key activation keeps retrying. |
Fabric
| Bug ID | Description |
|---|---|
| 983027 | Improve the IOC export to include the MITRE information. |
| 981671 | Central Management > Fabric > Origin: Names of Multiple appliances overlap in Firefox. |
System
| Bug ID | Description |
|---|---|
| 983265 | Improve the performance of downloading logs and searching speed in History logs. |
Log
| Bug ID | Description |
|---|---|
| 931885 | Multiple lines in syslog sometime do not display full text. |
Other
| Bug ID | Description |
|---|---|
| 879134 | Custom Windows 10/11 Image on EXSi 7.0.3 may lose mouse control and the page freezes. |
Notatki producenta: FortiDeceptor 5.3.0
Pozdrawiamy,
Zespół B&B
Bezpieczeństwo w biznesie
