To increase security in FortiADC, the following features have been added since the v5.3.0 release:
Cross-site request forgery (CSRF) is an attack that exploits the trust that a site has in a user’s browser to transmit unauthorized commands.
Input validation can prevent suspicious HTTP requests, which include parameter validation, hidden fields, and file security.
Brute force attack detection
A brute-force attack is an attempt to discover a password by systematically trying every possible combination of letters, numbers, and symbols until the attacker discover the correct combination.
The anti-defacement features monitors your web sites for defacement attacks. If it detects a change, it can automatically reverse the damage. The anti-defacement feature examines a website’s files for changes at specified time intervals. If it detects a change that could indicate a defacement attack, the FortiADC appliance can notify you and quickly react by automatically restoring the website contents to the previous backup.
A cookie security policy allows you to configure FortiADC features that prevent cookie-based attacks and to apply them in a protection profile. For example, a policy can enable cookie poisoning detection, encrypt the cookies issued by a back-end server, and add security attributes to cookies.
Data leak prevention
The FortiADC data leak prevention (DLP) system allows you to prevent sensitive data from leaving your network. When you define sensitive data patterns, data matching these patterns will be blocked, or logged and allowed, when passing through the FortiADC unit.