Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiDeceptor 6.0.0 Administration Guide
    6.0.0
    6.0.1
    6.0.0
    5.3.2
    5.3.1
    5.3.0
    5.2.0
    5.1.0
    5.0.0
    4.3.0
    4.2.0
    4.1.1
    4.1.0
    4.0.2
    4.0.1
    4.0.0
    3.3.3
    3.3.2
    3.3.1
    3.3.0
    3.2.2
    3.2.1
    3.2.0
    3.1.1
    3.1.0
    3.0.2
    3.0.1
    3.0.0
    2.1.0
    2.0.0
    1.1.0
    1.0.1

    Deployment best practices checklist

    Deployment best practices checklist

    This checklist is an example of a deception deployment profiling and sizing. This example is based on a company with one headquarters (HQ) site and two remote sites, one of which is a manufacturing site.

    Deception Items

    Customer Requirements

    Deployment

    FortiDeceptor appliance HW/VM

    VM

    The VM supports VMware, Hyper-V or KVM.

    HQ site installation

    Yes

    Deploy on the company ESXi where you have access to most of the network VLANs.

    Number of remote sites

    2

    If the primary and remote locations are connected by FortiGate firewall, configure the VXLAN tunnel between firewalls to publish decoys over the L2 tunnel from the HQ to the remote sites. For details on setting up the VXLAN, see https://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType= kc&externalId=FD47325&sliceId=1&docTypeID=DT_KCARTICLE_1_1&dialogID=163742631&stateId=1%200%20163740760%27.

    If the firewalls are different, check with Customer Support on how to configure an L2 Tunnel.

    Remote sites are office / OT network

    1 remote office + 1 manufacture site

    For remote office site, deploy Windows / Linux desktop decoys and deception lures like SMB, RDP and cache credentials.

    For remote OT site, deploy Windows / Linux and SCADA decoys.

    Number of segments (VLANS) to cover

    30

    Number of DC segments to cover

    2

    Deploy Windows / Linux server decoys.

    Customer's server OS

    Windows, Linux

    Deploy Windows / Linux server decoys.

    Critical services in the DC segments

    SAP, web logistic app

    Deploy ERP decoy, Windows decoy with a web app.

    Number of endpoint segments to cover

    25

    Deploy Windows / Linux desktop decoys.

    Customer's endpoint OS

    Windows, MAC

    Deploy deception lures such as SMB, RDP, and cache credentials for both Windows and MAC.

    Customer's most important asset to protect

    SAP

    Deploy Windows decoy with SQL that uses SAP fake data.

    Attack vectors customer is facing

    Phishing, PTH, lateral movement based on AD

    Deploy deception lures like SMB, RDP, and cache credentials. Follow cache credentials best practice.

    Customer network's IoT devices

    Printer, camera, temp sensors

    Customer network's OT devices

    SCADA PLC, HMI

    Deploy Windows / Linux and SCADA decoys.

    Customer FortiGate firewall solution

    Yes

    Configure Security Fabric integration for isolation mitigation response.

    Customer SIEM solution

    Yes

    Send SYSLOG from the FDC.

    Configure a correlation rule to detect lateral movement based on cache credentials lure.
    Previous
    Next

    Deployment best practices checklist

    Deployment best practices checklist

    This checklist is an example of a deception deployment profiling and sizing. This example is based on a company with one headquarters (HQ) site and two remote sites, one of which is a manufacturing site.

    Deception Items

    Customer Requirements

    Deployment

    FortiDeceptor appliance HW/VM

    VM

    The VM supports VMware, Hyper-V or KVM.

    HQ site installation

    Yes

    Deploy on the company ESXi where you have access to most of the network VLANs.

    Number of remote sites

    2

    If the primary and remote locations are connected by FortiGate firewall, configure the VXLAN tunnel between firewalls to publish decoys over the L2 tunnel from the HQ to the remote sites. For details on setting up the VXLAN, see https://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType= kc&externalId=FD47325&sliceId=1&docTypeID=DT_KCARTICLE_1_1&dialogID=163742631&stateId=1%200%20163740760%27.

    If the firewalls are different, check with Customer Support on how to configure an L2 Tunnel.

    Remote sites are office / OT network

    1 remote office + 1 manufacture site

    For remote office site, deploy Windows / Linux desktop decoys and deception lures like SMB, RDP and cache credentials.

    For remote OT site, deploy Windows / Linux and SCADA decoys.

    Number of segments (VLANS) to cover

    30

    Number of DC segments to cover

    2

    Deploy Windows / Linux server decoys.

    Customer's server OS

    Windows, Linux

    Deploy Windows / Linux server decoys.

    Critical services in the DC segments

    SAP, web logistic app

    Deploy ERP decoy, Windows decoy with a web app.

    Number of endpoint segments to cover

    25

    Deploy Windows / Linux desktop decoys.

    Customer's endpoint OS

    Windows, MAC

    Deploy deception lures such as SMB, RDP, and cache credentials for both Windows and MAC.

    Customer's most important asset to protect

    SAP

    Deploy Windows decoy with SQL that uses SAP fake data.

    Attack vectors customer is facing

    Phishing, PTH, lateral movement based on AD

    Deploy deception lures like SMB, RDP, and cache credentials. Follow cache credentials best practice.

    Customer network's IoT devices

    Printer, camera, temp sensors

    Customer network's OT devices

    SCADA PLC, HMI

    Deploy Windows / Linux and SCADA decoys.

    Customer FortiGate firewall solution

    Yes

    Configure Security Fabric integration for isolation mitigation response.

    Customer SIEM solution

    Yes

    Send SYSLOG from the FDC.

    Configure a correlation rule to detect lateral movement based on cache credentials lure.
    Previous
    Next