Hot!Fortigate as a 'nanny'?

Author
knowles13088
New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Joined: 2017/11/22 09:38:00
  • Status: offline
2019/04/19 04:57:34 (permalink)
0

Fortigate as a 'nanny'?

Has anyone had experience with using a Fortigate in a home environment to prevent users from getting to those websites used by scammers to take nefarious control of PC?
 
I'm aware of a situation where an elderly user keeps falling for the 'I'm from Microsoft and need to solve a problem on your PC' callers.
 
Would Web and DNS filtering prevent this user from getting to those sites?
 
Thank you in advance.
#1

3 Replies Related Threads

    TecnetRuss
    New Member
    • Total Posts : 6
    • Scores: 2
    • Reward points: 0
    • Joined: 2017/02/27 13:14:44
    • Status: offline
    Re: Fortigate as a 'nanny'? 2019/04/19 11:19:34 (permalink)
    0
    Yes, you can adapt the enterprise security features for a home environment, much like you would if you were deploying a FortiGate in a school environment.
     
    At home I have my kids' devices on their own VLAN so I can use more restrictive policies. I use DNS filtering and Web filtering to block things like Adult/Mature Content, Security Risk, and Unrated content (scammers often use pop-up sites to avoid blacklists) and also enforce features like browser Safe Search.  I also block access to botnet URLs (WAN interface setting) and botnet IPs (DNS filter).
     
    However, this isn't going to offer 100% protection against "MS" Tech Support phone scammers who direct victims to legitimate sites and legitimate remote control software.  For protection against this you'd need to go one step further and use Application Control in the Internet Access policy to block most of the 82 pre-defined Remote Access applications.  You can also block things like Tor and Tor2Web here too.
     
    Note that some of the Application Filters require Deep SSL Inspection which involves exporting/importing your FortiGate's CA cert into each device's trusted CA list (covered in several Cookbooks).  This is optional but if you want "maximum" protection you should consider Deep SSL inspection.
     
    Hope this helps,
    Russ
    #2
    knowles13088
    New Member
    • Total Posts : 2
    • Scores: 0
    • Reward points: 0
    • Joined: 2017/11/22 09:38:00
    • Status: offline
    Re: Fortigate as a 'nanny'? 2019/04/19 11:34:53 (permalink)
    0
    Thank, Russ!
     
    That all makes sense, and the additional steps you mentioned goes even further than I had been thinking through.
    #3
    emnoc
    Expert Member
    • Total Posts : 5139
    • Scores: 332
    • Reward points: 0
    • Joined: 2008/03/20 13:30:33
    • Location: AUSTIN TX AREA
    • Status: offline
    Re: Fortigate as a 'nanny'? 2019/04/19 14:12:12 (permalink)
    0
    A combination of url category and app-control would be what I would suggest. In my home parents has one profile and kids on another wit TOD policies. So at 21:00 internet is off until 07:00 and on friday to sun we open the window till 23:00. Also I have static reservation for parents components (Winlaptop, Android, MacBook,etc...)
     
    We also have a  explicit proxy off the firewall that requires authentication and wants to  goto sites NOT  allowed in my URL filter
     
    Ken 

    PCNSE,  NSE , Forcepoint ,  StrongSwan Specialist
    #4
    Jump to:
    © 2019 APG vNext Commercial Version 5.5