Chapter 11 – Hardening

Chapter 11 – Hardening

This document describes a series of techniques used to improve the security of administrative access to a FortiGate device.

 

The following sections are included:

  • Install the FortiGate unit in a physically secure location
  • Maintain the firmware
  • Add new administrator accounts
  • Change the admin account name and limit access to this account
  • Only allow administrative access to the external interface when needed
  • When enabling remote access, configure Trusted Hosts and Two-factor Authentication
  • Change the default administrative port to a non-standard port
  • Modify the device name Register with support services Maintain short login timeouts
  • Enable automatic clock synchronization
  • Enable Password Policy
  • Modify administrator account Lockout Duration and Threshold values
  • Disable auto installation via USB Configure auditing and logging

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.