4.4.1 Block high risk categories on Application Control

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Ensure FortiGate Application Control blocks high risk applications to reduce attack surface.

Rationale:

High risk applications such as those in 'P2P' and 'Proxy' are known for spreading malware. Some of this traffic is encrypted and therefore is able to bypass network security inspection (for those without decryption implemented). Blocking these applications from running eliminates this risk.

If any application that falls under 'P2P' and 'Proxy' is required to be allowed based on an organization's policy, that specific application needs to be under 'Monitor' mode in the 'Application and Filter Override' configuration.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Review Application Control Security Profiles and validate that 'P2P' and 'Proxy' category is blocked.

Default Value:

All application category 'Action' is set as 'Monitor' by default.

See Also

https://workbench.cisecurity.org/benchmarks/12961