Fortinet black logo

Administration Guide

FortiDeceptor decoys

Copy Link
Copy Doc ID 36a93e95-602f-11eb-b9ad-00505692583a:103945
Download PDF

FortiDeceptor decoys

FortiDeceptor creates a network of decoys to lure attackers and monitor their activities on the network. When attackers attack a decoy, first, an alert is generated; second, their malicious activities are captured and analyzed in real-time to generate a mitigation and remediation response that protects the network.

The current FortiDeceptor decoys are:

  • Windows:
    • Windows 7
    • Windows 10 (can be deployed as a gold image)
    • Windows 2016 (deployed as a gold image)
    • Windows 2019 (deployed as a gold image)
  • Linux:
    • Ubuntu Desktop
  • IoT/OT:
    • SCADA version 2
    • Medical OS
    • POS OS
    • ERP OS
    • 8 OT protocols
  • VPN:
    • Fortinet SSL-VPN (FG-60E, FG-100F, FG-1500D, FG-2000E, FG-3700D)

The current FortiDeceptor monitor services are:

  • Windows:
    • RDP
    • SMB
  • Linux
    • SSH
    • SAMBA
  • IoT/OT:
    • HTTP
    • FTP
    • TFTP
    • SNMP
    • MODBUS
    • S7COMM
    • BACNET
    • IPMI
    • TRICONEX
    • ENIP
    • Kamstrup
    • PACS-WEB
    • PACS
    • DICOM server
    • Infusion Pump (TELNET)
    • Infusion Pump (FTP)
    • POS-WEB
    • ERP-WEP
    • GUARDIAN-AST
    • IEC104
  • SSL VPN:
    • HTTPS

The current FortiDeceptor IP address capacity are:

  • A single FortiDeceptor appliance (HW/VM) can host up to 16 deception VMs.
  • A single deception VM supports up to 16 IP addresses or decoys, Each IP represent a decoy.
  • A single FortiDeceptor appliance (HW/VM) can support up to 256 IP addresses.
  • With 4 decoys per segment on average, a single FortiDeceptor appliance (HW/VM) can support up to 64 segments (VLANS).

FortiDeceptor decoys

FortiDeceptor creates a network of decoys to lure attackers and monitor their activities on the network. When attackers attack a decoy, first, an alert is generated; second, their malicious activities are captured and analyzed in real-time to generate a mitigation and remediation response that protects the network.

The current FortiDeceptor decoys are:

  • Windows:
    • Windows 7
    • Windows 10 (can be deployed as a gold image)
    • Windows 2016 (deployed as a gold image)
    • Windows 2019 (deployed as a gold image)
  • Linux:
    • Ubuntu Desktop
  • IoT/OT:
    • SCADA version 2
    • Medical OS
    • POS OS
    • ERP OS
    • 8 OT protocols
  • VPN:
    • Fortinet SSL-VPN (FG-60E, FG-100F, FG-1500D, FG-2000E, FG-3700D)

The current FortiDeceptor monitor services are:

  • Windows:
    • RDP
    • SMB
  • Linux
    • SSH
    • SAMBA
  • IoT/OT:
    • HTTP
    • FTP
    • TFTP
    • SNMP
    • MODBUS
    • S7COMM
    • BACNET
    • IPMI
    • TRICONEX
    • ENIP
    • Kamstrup
    • PACS-WEB
    • PACS
    • DICOM server
    • Infusion Pump (TELNET)
    • Infusion Pump (FTP)
    • POS-WEB
    • ERP-WEP
    • GUARDIAN-AST
    • IEC104
  • SSL VPN:
    • HTTPS

The current FortiDeceptor IP address capacity are:

  • A single FortiDeceptor appliance (HW/VM) can host up to 16 deception VMs.
  • A single deception VM supports up to 16 IP addresses or decoys, Each IP represent a decoy.
  • A single FortiDeceptor appliance (HW/VM) can support up to 256 IP addresses.
  • With 4 decoys per segment on average, a single FortiDeceptor appliance (HW/VM) can support up to 64 segments (VLANS).