Fortinet black logo

Administration Guide

Home FortiDeceptor 2.1.0 Administration Guide
2.1.0
5.3.0
5.2.0
5.1.0
5.0.0
4.3.0
4.2.0
4.1.1
4.1.0
4.0.2
4.0.1
4.0.0
3.3.3
3.3.2
3.3.1
3.3.0
3.2.2
3.2.1
3.2.0
3.1.1
3.1.0
3.0.2
3.0.1
3.0.0
2.1.0
2.0.0
1.1.0
1.0.1

Deploy Decoy VMs with the Deployment Wizard

Deploy Decoy VMs with the Deployment Wizard

The Deployment Wizard allows you to create and deploy Decoy VMs on your network. These Decoy VMs appear as real endpoints to the hacker and can collect valuable information about attacks.

To deploy Decoys on the network:
  1. Go to Deception > Deployment Wizard.
  2. Click + to add a Decoy VM.
  3. Configure the following:

    Name

    Specify the name of the deployment profile in 1-15 characters. A-Z, a-z, 0-9, dash or underscore allowed. Cannot be duplicate of the existing profile name.

    Available Deception OSes

    Select a Deception OS. Windows, Ubuntu VM or SCADA are available.

    Selected Services

    The selected services are shown. This field is not editable.

  4. Set SSH or SAMBA to ON for an Ubuntu VM. Set RDP or SMB to ON for Windows. Set HTTP, FTP, TFTP, SNMP, MODBUS, S7COMM, BACNET, IPMI, TRICONEX, GUARDIAN-AST or IEC104 to ON for SCADA.
  5. Click + Add Lure for the respective service and configure the following:

    Username

    Specify the username for the decoy in 1-19 characters. A-Z, a-z, or 0-9, allowed.

    The user name of the lures should not be the existing user name in the decoy, such as administrator for RDP/SMB services on Windows, or root for SSH/SAMBA services on Linux.

    Password

    Specify the password for the decoy in 1-14 non-unicode characters.

    Sharename

    Specify a Sharename in 3-63 characters. A-Z, a-z, or 0-9, allowed. This option is only available for SAMBA (Ubuntu) or SMB (Windows).

    Update or Cancel

    Click Update to save the username and password. Click Cancel to discard the username and password. Click Delete to delete an existing lure.
  6. Repeat step 5 to add more decoys.
  7. Switch Launch Immediately to ON to launch the Decoy VMs.

  8. Switch Reset Decoy to ON to reset the decoy VM once incidents are detected.

  9. Input the Reset interval value in seconds.

  10. Click Next.
  11. Specify the Hostname in 1-15 characters.The hostname can start with English characters/digits, and must not end with a hyphen. It may contain only the ASCII letters a through z (in a case-insensitive manner), the digits 0 through 9, and the hyphen ('-'). No other symbols, punctuation characters, or white space are permitted. Hostname cannot conflict with existing Decoy names.
  12. Click Add Interface.
  13. In the Add Interface for Decoy screen, use the drop down menu to select the Deploy Interface. This should be set to the VLAN or Subnet added in Set up the Deployment Network
  14. Configure the following settings in the Add Interface for Decoy VM screen:
    Addressing Mode Select Static or DHCP. Selecting Static will allow you to configure the IP address for all the decoys. Selecting DHCP will enable the decoys to receive IP address from the DHCP server.
    Network Mask The network mask is shown automatically.
    Gateway Specify the gateway.
    IP Count Specify the number of IP address to be assigned. The maximum per Decoy VM is 16 IPs. IP count will automatically switch to 1 if the addressing mode is DHCP.
    Min The minimum IP address in the IP range.
    Max The maximum IP address in the IP range.
    IP Ranges Specify the IP range between Min and Max.
  15. Click Done.
  16. Click Template to save as a template. The template is visible with the Profile Name in Deception > Deploy Wizard.
  17. Click Deploy to deploy the decoys on the network.
Previous
Next

Deploy Decoy VMs with the Deployment Wizard

The Deployment Wizard allows you to create and deploy Decoy VMs on your network. These Decoy VMs appear as real endpoints to the hacker and can collect valuable information about attacks.

To deploy Decoys on the network:
  1. Go to Deception > Deployment Wizard.
  2. Click + to add a Decoy VM.
  3. Configure the following:

    Name

    Specify the name of the deployment profile in 1-15 characters. A-Z, a-z, 0-9, dash or underscore allowed. Cannot be duplicate of the existing profile name.

    Available Deception OSes

    Select a Deception OS. Windows, Ubuntu VM or SCADA are available.

    Selected Services

    The selected services are shown. This field is not editable.

  4. Set SSH or SAMBA to ON for an Ubuntu VM. Set RDP or SMB to ON for Windows. Set HTTP, FTP, TFTP, SNMP, MODBUS, S7COMM, BACNET, IPMI, TRICONEX, GUARDIAN-AST or IEC104 to ON for SCADA.
  5. Click + Add Lure for the respective service and configure the following:

    Username

    Specify the username for the decoy in 1-19 characters. A-Z, a-z, or 0-9, allowed.

    The user name of the lures should not be the existing user name in the decoy, such as administrator for RDP/SMB services on Windows, or root for SSH/SAMBA services on Linux.

    Password

    Specify the password for the decoy in 1-14 non-unicode characters.

    Sharename

    Specify a Sharename in 3-63 characters. A-Z, a-z, or 0-9, allowed. This option is only available for SAMBA (Ubuntu) or SMB (Windows).

    Update or Cancel

    Click Update to save the username and password. Click Cancel to discard the username and password. Click Delete to delete an existing lure.
  6. Repeat step 5 to add more decoys.
  7. Switch Launch Immediately to ON to launch the Decoy VMs.

  8. Switch Reset Decoy to ON to reset the decoy VM once incidents are detected.

  9. Input the Reset interval value in seconds.

  10. Click Next.
  11. Specify the Hostname in 1-15 characters.The hostname can start with English characters/digits, and must not end with a hyphen. It may contain only the ASCII letters a through z (in a case-insensitive manner), the digits 0 through 9, and the hyphen ('-'). No other symbols, punctuation characters, or white space are permitted. Hostname cannot conflict with existing Decoy names.
  12. Click Add Interface.
  13. In the Add Interface for Decoy screen, use the drop down menu to select the Deploy Interface. This should be set to the VLAN or Subnet added in Set up the Deployment Network
  14. Configure the following settings in the Add Interface for Decoy VM screen:
    Addressing Mode Select Static or DHCP. Selecting Static will allow you to configure the IP address for all the decoys. Selecting DHCP will enable the decoys to receive IP address from the DHCP server.
    Network Mask The network mask is shown automatically.
    Gateway Specify the gateway.
    IP Count Specify the number of IP address to be assigned. The maximum per Decoy VM is 16 IPs. IP count will automatically switch to 1 if the addressing mode is DHCP.
    Min The minimum IP address in the IP range.
    Max The maximum IP address in the IP range.
    IP Ranges Specify the IP range between Min and Max.
  15. Click Done.
  16. Click Template to save as a template. The template is visible with the Profile Name in Deception > Deploy Wizard.
  17. Click Deploy to deploy the decoys on the network.
Previous
Next