Inspection mode feature comparison on Fortigates
I came across this nifty doc describing the capabilities of flow-based vs proxy-based inspection modes for Fortigates. Very cool stuff.
Obvious (but notable) takeaway: certain features only work with proxy-based inspection mode.
- Video Filter
- Inline CASB
- ICAP
- Web Application Firewall
- Data . . .
OWASP Cheat Sheet Series
Fortinet FCP Study Resources
A new month, a new certification endeavor! This time, I'm starting to focus on the Fortinet Certified Professional track. What follows is a breakdown of the various study resources I'm using. Time permitting, I'll update it with additional resources I come across along the way.
Miscellaneous
Security Certification Roadmap
Microsoft Storm-0558 Attack Analysis
I meant to post this earlier but got distracted by a few other things. Yay for busy life, right?
Earlier this month Microsoft concluded their investigation of the recent Storm-0558 email compromise/attack and the results are... fascinating. I highly recommend checking out the blog post when you get a chance. It's available here. . . .
[SC-100] Conditional access "what if" tool
More security controls in the market need a feature like this.
I'm digging the "What If" tool in Azure Conditional Access component. The idea is simple: as you're building policies, you can throw various scenarios at the policy engine to understand what the heck it'll do.
This gives admins the opportunity to observe effects and perhaps test variations of authentication use . . .
[SC-100] Sensitive Operations Report Workbook
Just a friendly reminder that the Microsoft sensitive operations report workbook exists and can be super helpful.
For those unfamiliar, it's an Azure Monitor workbook designed to capture activities/events that could be critical or impactful for Azure AD. Examples include:
- Modified application and service . . .