Fortinet

FortiGate-3950B Performance Validation Report With BreakingPoint Systems

Tue, 01 Nov 2011 00:00:00 +0000

Throughput, or a firewall's ability to inspect network traffic without dropping packets or degrading the user experience, is one of the most important metrics to consider when selecting an enterprise-class firewall. The FortiGate-3950B from Fortinet delivers 120 Gbps of firewall throughput for packets of any size, ensuring fast network performance and accurate policy enforcement for large corporations and service providers. Unique FortiASIC™ architecture enables near wire-speed performance by 'hard-coding' resource-intensive tasks into a dedicated chip, freeing critical CPU cycles for other tasks.To validate firewall throughput in different deployment scenarios, Fortinet conducted rigorous performance testing of the FortiGate-3950B using multiple BreakingPoint Elite chassis and blades in different configurations. Download the report to find out how Fortinet's custom FortiASIC architecture makes the 3950B a leader in the security appliance market.

Download Report:

FortiGate3950B-Validation-Report.pdf

FortiClient Lite v2.00 (Beta) – For Android!

Fri, 28 Oct 2011 23:29:25 +0000

We are pleased to announce Android support for FortiClient Lite. Our beta version is now officially available on the Android Marketplace and features SSL VPN functionality. The FortiClient Android SSL VPN application works with your organization’s FortiGate security appliance to establish a secure sockets layer VPN connection. With this application, you can work remotely and securely with your organization’s digital assets anywhere and everywhere you have an Internet connection.

Key Benefits

Flexible, easy and secure access to your organization’s resources
Simple set up and configuration
Uses Fortinet’s award-winning technology
Keeps you connected and productive on-the-go
Supports Bookmarks that you define through the FortiGate’s SSL VPN Service Portal

Android 2.2 and 2.3 is currently supported. FortiClient Lite is also available for the Windows operating system – please visit FortiClient.com for more information. FortiClient Lite for Windows features antivirus and parental controls in addition to SSL and IPSEC VPN.

FortiClient Lite is based off of Fortinet’s award winning FortiClient, which has achieved more than 20 VB100 awards and is capable of detecting threats on both a reactive and proactive basis. Proactive detection is based on detecting zero-day malware that has never been seen before in the wild.

FSM-064

xmlrpc — Wed, 26 Oct 2011 23:28:12 +0000

Version:

4.3

specfamily:

FortiGateModule

hwfsmslots:

hwinterfacemgmt:

hwsizehdd:

64 GB SSD

hwinterfaceacc10g:

hwasmslots:

hwinterface:

64GB SSD Storage Module

hwfmcslots:

hwinterfaceaccrj45:

hwinterfacewlan:

modulecompatibility:

FGT-200B, FGT-200B-POE, FGT-311B, FGT-621B, FGT-1240B, FGT-1240B-DC, FGT-3951B

specstatus:

Active

speclevel:

Low-end

hwformfactor:

Fortinet Storage Module (FSM)

hwcompliance:

FCC Part 15 Class A, C-Tick, VCCI, CE, CB

hwadmslots:

hwusbs:

hwusbc:

specdescription:

Fortinet Storage Module is a 64 GB solid state disk (SSD)

Clarifying Android DroidKungFu variants

Wed, 26 Oct 2011 15:27:00 +0000

Much like Ninja Turtles, DroidKungFu now comes in different flavours (5 so far), discovered by Pr. Xuxian Jiang (and research team) and Lookout. If, like me, you are having difficulties keeping track of those variants, this post is for you :)

The similarities and differences between all 5 variants are depicted below. The various blocks represent each variant, and their intersection shows how many methods they share exactly*.

All variants share the same malicious commands (CMD box). They can download and install new package, start a program (called activity), open a given URL in the browser or delete a package**. To do so, they contact the same 3 remote web servers (URLs box), apart from variant A which uses a single one.

As for differences, mainly, they rely on whether the sample uses exploits or not (yellow and red knife), whether the malicious functionalities are implemented natively or not (brown circle or green box) and whether some payload is encrypted with AES or not (hatched rectangle) and the key it uses. Note that variant E has the particularity of encrypting a few strings to obfuscate its code (/system/bin/chmod 4755, WebView.db.init etc).

A few other similarities are not mentioned on the picture, such as the re-use of filenames and signing certificates. For instance, native code is typically in a file named WebView.db.init, and for certificates, variant A, B and C are signed by the same self-signed Google certificate, whereas variant D and E use a custom certificate.

References:

Fortinet’s detailed virus descriptions, including details of native part inside version B.
Lookout’s teardown on LeNa (aka DroidKungFu)

– the Crypto Girl

* Computed using androsim.py from Androguard.

** Actually, variant A features a fifth command, execHomepage, but implements it as “not supported”.

VB2011 talks, Part 3 (and end)

Tue, 25 Oct 2011 14:30:58 +0000

This concludes my overview of VB2011, with the final notes for the last tasks I attended.

Enhancing filtering proactivity with reverse IP and reverse whois queries – Claudiu Musat (presenting) and Alin Octavian Damian

The most typical methods to filter spam is by URLs they contain or domain names. The main problem of those methods is the delay the filter becomes active: somebody has to decide that this URL or domain is malicious, and before that decision is made, the spam is not blocked. There are other methods, which seem more proactive: reverse IP and reverse Whois.

With reverse Whois methods for instance, the idea is to use Internet domain registrant data, and block other domain names with the same data. In particular, one can build a database of registrant emails, and block all domain names with the same registrant email.
The study shows that combining both methods helps regarding proactivity, i.e that we are able to detect spam URLs earlier than before.

Cell Phone Money Laundering – Denis Maslennikov

How do cybercriminals make money out of mobile malware in Russia? This is what this talk was about.
In Russia, most people have pre-paid SIM cards, with only a few dollars on it (not much, but enough for cybercriminals). SIM cards are extremely easy to buy, at the corner of any street, and no credential is required to acquire one. Larger sets of SIM cards can be bought from hacking websites. The price is around 0.15 USD per unit.
Then, there are several easy ways to make money and have people send a SMS to a given phone number: ransomware, scams (“mum, unexpected problem: can you replenish my account please?”) etc. Indeed, accounts may be replenished by sending an SMS to the special number 3116 (same scenario as SymbOS/Flocker). Some malware, such as Java/Smmer, use this facility to have the mobile phone automatically send some money to
the cybercriminal’s pre-paid card. Of course, mobile operators have implemented a few security measures so that if all of a sudden a given account is being replenished more than 10 or 20 times, it gets blocked. So, cybercriminals have to use several different numbers.

So, after a while, cybercriminals have money “on” their SIM cards. They now need to get it out – and launder it. There are several ways for that:

transfer SIM card money to a bank credit card. Of course, the cybercriminals then need to acquire a carded credit card from underground networks.
transfer to a bank account or via Unistream: possible, but not anonymous.
call another short number whose revenue goes in part to the cybercriminals. Some hackers’ forums actually provide this as a service: a (illegal!) third party offers to launder the money against a commission (~30%). The price depends on volumes, speed, clean cash or not etc.

IEEE Software Taggant System – Mark Kennedy, Igor Muttik

Many malware use packers to harden reverse engineering of their executable. The goal of the Taggant system is to make packers useless for malware authors, so that, ultimately, they are forced not to use them any longer.

The Taggant system consists in marking the output of all (legitimate) packers to be able to tell the difference between legitimate use of packers and malicious use. The packed output is automatically tagged by the packer, including license. The taggant relies on PKI and crypto: a hash of vital parts, a default hash of the whole file.

I would need to have a closer look at the design before making up my mind. I certainly have two questions in mind:

if the packed output is hashed twice, once vital parts then another time completely, isn’t that redundant? By the way, there are patents on partially signing parts of executables (not sure if they apply to this particular case, but it exists – it’s not new).
I find it strange that IEEE’s public key will be licensed to (legitimate) participants. For me, a key is either fully public or private, but not in between. Unless this is a misunderstanding and the speakers meant a private key… still, licensing a private key also seems strange to me…

– the Crypto Girl

FortiScan Virtual Appliances

Gleb — Mon, 24 Oct 2011 23:02:58 +0000

( PDF )

Fortinet Reports Record Financial Results

Holly — Mon, 24 Oct 2011 19:35:56 +0000

http://www.fortinet.com/doc/fortinet_Q311_earnings.pdf

About Fortinet (www.fortinet.com)

Fortinet (NASDAQ: FTNT) is a worldwide provider of network security appliances and the market leader in unified threat management (UTM). Our products and subscription services provide broad, integrated and high-performance protection against dynamic security threats while simplifying the IT security infrastructure. Our customers include enterprises, service providers and government entities worldwide, including the majority of the 2009 Fortune Global 100. Fortinet's flagship FortiGate product delivers ASIC-accelerated performance and integrates multiple layers of security designed to help protect against application and network threats. Fortinet's broad product line goes beyond UTM to help secure the extended enterprise - from endpoints, to the perimeter and the core, including databases and applications. Fortinet is headquartered in Sunnyvale, Calif., with offices around the world.

Copyright © 2011 Fortinet, Inc. All rights reserved. The symbols ® and ™ denote respectively federally registered trademarks and unregistered trademarks of Fortinet, Inc., its subsidiaries and affiliates. Fortinet's trademarks include, but are not limited to, the following: Fortinet, FortiGate, FortiGuard, FortiManager, FortiMail, FortiClient, FortiCare, FortiAnalyzer, FortiReporter, FortiOS, FortiASIC, FortiWiFi, FortiSwitch, FortiVoIP, FortiBIOS, FortiLog, FortiResponse, FortiCarrier, FortiScan, FortiDB and FortiWeb. Other trademarks belong to their respective owners. Fortinet has not independently verified statements or certifications herein attributed to third parties and Fortinet does not independently endorse such statements. Nothing in the news release constitutes a warranty, guaranty, or contractually binding commitment. This news release may contain forward-looking statements that involve uncertainties and assumptions. If the uncertainties materialize or the assumptions prove incorrect, results may differ materially from those expressed or implied by such forward-looking statements and assumptions. All statements other than statements of historical fact are statements that could be deemed forward-looking statements, including but not limited to, any statements related to expected trends in cybercriminal activity. These trends are difficult to predict and any stated expectations regarding these trends may not ultimately be correct. Fortinet assumes no obligation to update any forward-looking statements, and does not intend to update these forward-looking statements.

Fortinet Wins Three Computerworld Readers' Choice Awards in the Categories of Unified Threat Management and Intrusion Detection/Prevention Systems

Holly — Mon, 24 Oct 2011 07:50:30 +0000

Customers in Singapore and Malaysia Pick the FortiGate family of Integrated Multi-Threat Security Appliances as their Favorite Product

SUNNYVALE, Calif., – October 24, 2011 − Fortinet® (NASDAQ: FTNT) − a leading network security provider and worldwide leader of unified threat management (UTM) solutions − today announced that its flagship FortiGate® integrated multi-threat security appliance family has won three Readers’ Choice awards from Computerworld Singapore and Computerworld Malaysia. In Singapore, Fortinet clinched the 16th annual Readers' Choice Award in the category of UTM security, and in Malaysia, the company won the 10th annual Readers' Choice Award in the categories of UTM and Intrusion Detection/Prevention Systems.

This is the third consecutive year that Fortinet has claimed the Readers' Choice Award for UTM in Singapore and the first time the company has won in Malaysia since its last win in 2008.

Computerworld's Readers' Choice awards are presented to vendors that garner the most votes from end-users that pick their favorite products in a number of predetermined categories. The awards represent a strong endorsement by the Singapore and Malaysia markets. This year’s award ceremonies were held at Singapore's Raffles Hotel and Kuala Lumpur's Mandarin Oriental Hotel on Oct 21 and Oct 11, respectively.

“Fortinet is a well-established brand in the UTM market, and this comes across clearly in the number of votes picked up by the company,” said Computerworld Singapore editor Jack Loo. “Functionality, performance and reliability are typical criteria used by our voters so Fortinet must have fared well in these areas, too."

"It's no mean feat to pick up two major awards at one go,” said Computerworld Malaysia editor Avanti Kumar. “That Fortinet managed to do so speaks well of its technology, as well as the reputation and mindshare it has in the Malaysian market."

FortiGate consolidated security platforms deliver unmatched performance and protection while simplifying your network. Fortinet offers models to satisfy any deployment requirement from the FortiGate-20 series for small offices to the FortiGate-5000 series for very large enterprises, service providers and carriers. FortiGate platforms combine the FortiOS™ security operating system with FortiASIC processors and latest-generation CPUs to other hardware to provide a comprehensive, high-performance security solution to meet most business needs.

“We are honored to have won three Computerworld awards,” said George Chang, Fortinet's regional director for Southeast Asia and Hong Kong. “This is as much an endorsement of our service level as our products. We will continue our strategy to closely engage with our customers and strengthen our partners’ ability to service them."

About Fortinet (www.fortinet.com)

Fortinet (NASDAQ: FTNT) is a worldwide provider of network security appliances and the market leader in unified threat management (UTM). Our products and subscription services provide broad, integrated and high-performance protection against dynamic security threats while simplifying the IT security infrastructure. Our customers include enterprises, service providers and government entities worldwide, including the majority of the 2011 Fortune Global 100. Fortinet's flagship FortiGate product delivers ASIC-accelerated performance and integrates multiple layers of security designed to help protect against application and network threats. Fortinet's broad product line goes beyond UTM to help secure the extended enterprise - from endpoints, to the perimeter and the core, including databases and applications. Fortinet is headquartered in Sunnyvale, Calif., with offices around the world.

Copyright © 2011 Fortinet, Inc. All rights reserved. The symbols ® and ™ denote respectively federally registered trademarks and unregistered trademarks of Fortinet, Inc., its subsidiaries and affiliates. Fortinet's trademarks include, but are not limited to, the following: Fortinet, FortiGate, FortiGuard, FortiManager, FortiMail, FortiClient, FortiCare, FortiAnalyzer, FortiReporter, FortiOS, FortiASIC, FortiWiFi, FortiSwitch, FortiVoIP, FortiBIOS, FortiLog, FortiResponse, FortiCarrier, FortiScan, FortiDB and FortiWeb. Other trademarks belong to their respective owners. Fortinet has not independently verified statements or certifications herein attributed to third parties, such as Computerworld Singapore and Computerworld Malaysia and their representatives, and Fortinet does not independently endorse such statements. Nothing in the news release constitutes a warranty, guaranty, or contractually binding commitment. This news release may contain forward-looking statements that involve uncertainties and assumptions. If the uncertainties materialize or the assumptions prove incorrect, results may differ materially from those expressed or implied by such forward-looking statements and assumptions. All statements other than statements of historical fact are statements that could be deemed forward-looking statements, including but not limited to, any statements related to expected trends in cybercriminal activity. These trends are difficult to predict and any stated expectations regarding these trends may not ultimately be correct. Fortinet assumes no obligation to update any forward-looking statements, and does not intend to update these forward-looking statements.

[FortiChallenge 2k11] Hint #1

Fri, 21 Oct 2011 09:44:31 +0000

Stuck on our FortiChallenge 2k11? Here’s a first hint!

Translations:

La fin est encore loin surtout quand on est sur le mauvais chemin !
Wrong track, go back!

La fin est proche, l’anneau est inclus.
Dawn is close, search for the ring.

Mon precieux
My precious

Hint:

-6D01BAE018694CDB446DC7EADBA08BE497A8CBE78BCFE91478AB120B4400E357
-ad23ebc59b720eac0979ead3176de3331ddaa1356466ecc8e8c9fb82f62a6dca
-BCA85F09D8D174844C5D5B80095E6EF595181AAB0CABA9144324418B9F291645
-3EE90318AA2881118B8C09A777D52129E61760CCAE1EF679C744A25E9EB50789
-5868049FE51A60811D2C75C3B8896B956EE42114C568DE47531E436CEA2E0F77

– the Reverse naM

Kerry County Council

Holly — Fri, 21 Oct 2011 00:20:53 +0000

File:

KerryCountyCouncil-CS.pdf

Industry Tags:

Government

Customer Tags:

Mid-Enterprise