4.4.1 Block high risk categories on Application Control

Information

Ensure FortiGate Application Control blocks high risk applications to reduce attack surface.

High risk applications such as those in "P2P" and "Proxy" are known for spreading malware. Some of this traffic is encrypted and therefore is able to bypass network security inspection (for those without decryption implemented). Blocking these applications from running eliminates this risk.

If any application that falls under "P2P" and "Proxy" is required to be allowed based on an organization's policy, that specific application needs to be under "Monitor" mode in the "Application and Filter Override" configuration.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Review Application Control Security Profiles and validate that "P2P" and "Proxy" category is blocked.

See Also

https://workbench.cisecurity.org/benchmarks/15284

Item Details

Category: ACCESS CONTROL, MEDIA PROTECTION, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|AC-3, 800-53|AC-5, 800-53|AC-6, 800-53|MP-2, 800-53|SC-7(8), CSCv7|14.6

Plugin: FortiGate

Control ID: a4ad02b8f1a22f378590abc20a4fabc7d23aca9111882d79cead4742672d44fd