Fortinet NSE3 Certification | Course Notes



The product lessons and use cases in this course are organized into the following Fortinet Security Fabric pillars:

  • Security-Driven Networking
  • Zero Trust Access
  • Adaptive Cloud Security
  • Security Operations
To complete the course, you must successfully complete the Security Fabric Overview lesson, all lessons, and quizzes in the Security-Driven Networking module, plus at least one additional module of your choice.

Module 1: Security Fabric Overview 

Module Objectives

  • Be conversant on the products that comprise the Fortinet Security Fabric, and understand the problems they solve 
  • Recommend appropriate products to solve organizational network security problems

Why is this course important

This course will help you solve network security problems by understanding the characteristics of the Security Fabric, the capabilities of the products that comprise it, and how they interlock to provide a superior defense against today's most sophisticated cyberattacks.

Organizational Problems and Pain Points

  • Lack of coordinated threat detection and policy enforcement
  • Siloed networking and security
  • Security gaps, complexity, and reduced visibility

Trends comes with technology development

  • Increasing attack surface
  • Rising losses due to sophisticated breaches
  • Too many add on products
  • More encrypted traffic

Definition

The Fortinet Security Fabric is a platform powered by FortIOS provide a rich open ecosystem to protect device, data, and application

Key attributes

  • Broad: manages the entire digital attack surface (edges, cloud, endpoints, and users)
  • Integrated: seals security gaps and decreases complexity providing complete visibility, it also strengthens security in all form factors (Hardware appliances, VMs, Cloud, SaaS)
  • Automated: provide faster time to prevention and response using cloud-scale and advanced AI

Security Fabric Pillars:

  • Security-Driven Networking
  • Zero Trust Acces (ZTA)
  • Adaptive Cloud
  • Security Operations/Fabric Management Center
Security Fabric Pillars
   
Security Fabric Pillars

Security Fabric Management

  • Centralized management
  • Network automation and orchestration
  • Analytics

Module 2: Security-Driven Networking 

Lesson 1: Security-Driven Networking Overview

definition

Security-Driven Networking delivers enterprise protection and user experience at any edge providing secure high-quality performance connectivity between users, applications, and devices;

within an on-premise network and into the cloud, it helps organizations manage internal and external risks using internal segmentation, automated threat protection, and policy enforcement

Security-Driven Networking Overview

Digital transformation

Definition

The process of using digital technologies to create new or to modify existing organizational processes, cultures, and customer experiences to meet changing requirements

Benefits

  • Enhance the collection of data by improving customer experience
  • Uses resources more efficiently thus increasing profits, organizational agility, and productivity

Problems:

  • Digital transformation creates many network edges (the area where the device or local network interfaces with the internet): mobile devices, IoTs, cloud; which means that the trusted zone as we used to call it is no more trusted
  • The security against digital transformation evolved as the situation did, adding new products for each new edge resulting in an inconsistent and complex to manage security

Solution:

Fortinet products across security pillars (like the Security-Driven Networking pillar) work as a team rather than making each pillar work isolated from others thus reducing complexity

Ex: FortiManager is a product that falls under the Fabric Management Center pillar but it contributes to the Security-Driven Networking pillar

Security-Driven Networking product

Lesson 2: FortiGate

Definition

  • FortiGate is Fortinet's NGFW that protect network assets at the edge, in the core, and at the segments of the network
  • Powered by FortiOS
  • The first FortiGate installed is configured as the root and it is typically located on the network edge

Security-Driven Networking product

  • SD-WAN is built into FortiGate and can be enabled free of charge

 

Form Factors

FortiGate is available on the following form factors:

  • Physical appliance
  • VM (private/public cloud): VMware, Hyper-V, AWS, Azure, KVM, and more

FortiGate scales

FortiGate scales

Manage FortiGate

you can manage FortiGate using FortiManager as a physical appliance or VM or accessed as a SaaS, which allows you to:

  • Centrally manages Security Fabric devices, such as FortiGate, FortiSwitch
  • Simplifies device network management
  • Provides centralized policy enforcement and provisioning (compliances, legislations, regulations, best practices)

FortiGuard

FortiGate relies on FortiGuard for some security services and threat intelligence (web filtering, security analytics, AI/ML); it ingests and analyzes an average of 100 billion events per day


FortiGuard

Lesson 3: FortiAP

Definition

FortiAP is a secure point device, designed and produced by Fortinet, that allows users to access the network using WI-FI technologies

LAN Edge

The FortiAP is part of Fortinet's LAN Edge solution along with FortiGate and FortiSwitch

Fortinet's LAN Edge solution

FortiLink

FortiLink is what enables Fortinet capabilities for a secure infrastructure by allowing FortiGate to manage Fortinet LAN Edge solutions

Fortinet's LAN Edge solution

FortiLink also powers Fortinet's strategic use case for FortiAP: "Fortinet Secure SD-Branch" which is built upon Fortinet SD-WAN solution
Fortinet's LAN Edge solution

Management options

from a management perspective, FortiAP has several options for customers as you can see below


FortiWLM

FortiWLM Wireless Management solution offers RF visibility and advanced troubleshooting tools to aid in managing large scale wireless deployment

FortiWLM

FortiDeploy

FortiDeploy

you can also manage while on the go with FortiExplorer for iOS

FortiExplorer for iOS

Lesson 4: FortiManager

Definition

FortiManager is a device either physical or virtual, that provides a single console to administer and gain visibility to your Fortinet devices like FortiGate, FortiSwitch, FortiAP

The complexity of network management and operations brings a lot of misconfiguration risk for enterprises, this can be avoided using FortiManager capabilities

Fabric Management Center:

Enables unified network management for all your devices, used by 25k+ clients all over the world, with multiple deployment choices

FortiManager

Fabric Management Center use cases:

  • Simplified provisioning: easy deployment, SD-WAN, and NGFW templates, central management console, DevOps playbooks and scripts, config backups with revision history
  • Centralized management: Scale to 100k+ FortiGate devices, centralized audit logging, role-based access control
  • Network Analytics: network health visibility, real-time SLA reporting, historic SLA reporting, application usage reports and dashboards, an adaptive response handler

Fabric Management Center

  • Compliance reporting: PCI DSS compliance reports, FSBP security rating & scoring, customizable regulatory templates, MFA for device consoles, integration with 3rd party SIEM & compliance tools
  • Network automation: connectors to SDN and public cloud, ITSM integration with ServiceNow, REST API via fndn.fortinet.com, DevOps tools like Ansible, Puppet, Terraform 

Lesson 4: FortiSwitch

Definition

FortiSwitch is a secure switch designed and produced by Fortinet

Deployment options

Either using FortiLink or as a standalone switch

FortiSwitch

Fortinet secure Ethernet through FortiLink

FortiLink

FortiSwitch use cases

FortiSwitch

FortiSwitch product offerings

FortiSwitch product offerings

Cloud management options for FortiSwitch

Cloud management options for FortiSwitch

Lesson5: Security-Driven Networking use cases

Use case 1: Fortinet Secure SD-WAN

Fortinet Secure SD-WAN

Use case 2: Campus deployment Model through mid-range devices

Campus deployment Model

Use case 3: FortiExtender

FortiExtender

Use case 4: FortiExtender Cloud

FortiExtender Cloud

Use case 5: Hyperscale

Hyperscale is the ability of a technology architecture to improve and scale in response to increasing demand on a system, and FortiGate meets those requirements using their SPUs

Fortinet's SPU

Module 3: Zero-Trust Access

Lesson 1: ZTA overview

Definition

The Zero-Trust Access (ZTA) solution enables organizations to see and control everyone and everything on the network, whether on-premises or off-premises, it ensures consistent security policy use across the network cloud and off the network

Trends and challenges in network access

Remote access, IOTs, and BYOD are new edges to the organization with the internet which present a big concern to the companies' security

What problems does ZTA solve?

Inconsistent user experience caused by whether the client's access to resources from in or outside the office:

  • Access from in or out of the office is identical
  • Automatic secure tunnels to applications
  • SSO supported

Application exposed to bad actors 
  • Hides the applications' locations

ZTA principles

  • Authenticate and verify on an ongoing basis
  • Give minimal access: 
    • Segment the network to create zones of control
    • Control access to applications, data, resources
    • Grant the least privilege access based on need or role
  • Assume that the network is already compromised

Reducing the attack surface

  • Authenticate user identity per connection
  • Supporting strong authentication (MFA and SSO)
  • Verifying device identity per session
  • verifying device posture per session
  • Restricting user access to resources based on need-to-know
  • Hiding network applications from the internet (access proxy)

Fortinet ZTA and ZTNA in context

Accessing resources using ZTNA

FortiClient EMS (Enterprise Management Server), it produces Zero Trust tagging rules based on the endpoint properties and sends the rules to the endpoints (used by FortiClient)

If an alteration occurred in an endpoint, EMS sends the update to FortiGate to update its policy

ZTA solution products



Lesson 2: FortiAuthenticator

Definition

FortiAuthenticator is an identity management product for the enterprise, providing strong authentication and authorization to the connected network


Key features overview

key Feature: Enable access for wired/wireless authentication

  • centralized WIFI authentication
  • Authenticate users and machines
  • Certficate based device authorization for BYOD environments
  • 802.1X authentication

key Feature: Enable access for guest management

  • User self-registration
  • Social authentication (Facebook, Google ...)
  • Collection of user details
  • Options to SMS login details (proof of identity)
  • Time-limited accounts
  • Delete expired accounts

key Feature: Secure access by 2 Factor Authentication

  • Integration with existing LDAP/Active Directory databases
  • Self-service password reset
  • Lost token workflow

key Feature: Identity management with SSO

  • Defining who can access what and when:
    • Collects user identity information
    • Granular control of network and application access
    • Allows FortiGate, FortiClient, FortiMail, and FortiCache to apply appropriate policy based on user identity and role
  • use integrations to capture user identity information:

Lesson 3: FortiClient

Definition

FortiClient is an integrated endpoint agent with a modular design (3 modules > 3 use cases)

What problems does it solve

  • Lack of visibility
  • Vulnerable endpoints
  • unsuspecting users

Fabric-Integrated endpoint security

FortiClient connects endpoints with the Security Fabric via FAbric Agent, it delivers:
  • Endpoint visibility: endpoint telemetry, vulnerability scanning, security posture, software inventory


  • Dynamic access control: dynamic grouping, support intent-based segmentation
  • Proactive protection: ML-based AV, Sandbox integration, Anti-exploit, automated containment, Compact Pattern Recognition Language (CPRL) -a pattern-based anti-malware engine-

Detecting malware and advanced threats


Lesson 4: FortiNAC

Definition

FortiNAC is the Fortinet network access control product, it's a security solution that identifies and enforces policy on devices that access networks to increase visibility reduce risk, providing visibility, control, and automated response.

Key platform differentiators

  • Broad device awareness: supports 2.500+ network infrastructure devices and 170+ vendors
  • Wired/wireless capabilities: not reliant on 802.1x only, consistent experience
  • Scalable architecture: centralization   


Thanks for reading

keep learning 
 













Comments

Post a Comment

Popular posts from this blog

OpenVas: Vulnerability Scanning | Installation Guide

Image
  Introduction: OpenVAS is a vulnerability scanner that analyzes endpoints and web apps to uncover and detect flaws. Corporations frequently employ it as part of their mitigation strategies to initially identify any weaknesses in their operational or testing servers and apps. This isn't an ultimate solution, but it can assist in the elimination of any common weaknesses that may have sneaked through the gaps. Installation: There are three methods to install GreenBone openVas: 1- Install from Kali/OpenVas repositories:  This way varies in difficulty because of the needed configurations, you can simply install it with apt. sudo apt-get update -y &&  sudo apt-get upgrade -y &&  sudo apt-get dist-upgrade -y sudo apt-get install openvas sudo gvm-setup sudo gvm-check-setup 2- Install from source (Manually): This way is not the best for beginners due to prerequisite installations and error handling can be challenging. github.com/greenbone/openvas-scanner 3- Run from docker:
Read more

Nmap | TryHackMe Walkthrough

Image
  An in-depth look at scanning with Nmap, a powerful network scanning tool. This room was created by DarkStar  and  MuirlandOracle , as it provides a great way to learn and start practicing nmap. I encourage you to give it a try by yourself since the hands-on practice will give you more understanding of the topic (take advantage of the manual page man nmap ). Task2: What networking constructs are used to direct traffic to the right application on a server? Ports How many of these are available on any network-enabled computer? 65535 [Research] How many of these are considered "well-known"? (These are the "standard" numbers mentioned in the task) 1024 Task3: What is the first switch listed in the help menu for a 'Syn Scan' (more on this later!)? -sS Which switch would you use for a "UDP scan"? -sU If you wanted to detect which operating system the target is running on, which switch would you use? -O Nmap provides a switch to detect the version of the
Read more

Azure Sentinel: Use Microsoft's SIEM to map global attacks

Image
 in this tutorial, we will display attacks from all over the globe on a world map using Microsoft cloud SIEM (Security Information and Event Management) this is a step-by-step guided lab so it will be a long tutorial. Project steps this project needs multiple stages to be completed, when you finish this guide you will be able to: create and configure a Virtual Machine using Azure configure a cloud network security group and create firewall rules create and configure a Logs Analytics Workspace collect data from Virtual Machines into Azure get familiar with PowerShell scripting and APIs use (KQL) Kusto Query Language (the Azure data exporter language)  Let's get started First of all, go ahead and create a free Azure account at  https://azure.microsoft.com/en-us/free/   When you're done with that go to your dashboard at  https://portal.azure.com/ Ps: Just a quick note before we begin, you will notice in Azure as in GCP or AWS that the search bar is your b
Read more