I'm a network administrator looking to enhance the security of our corporate network. I want to conduct a thorough scan of the entire network to identify all open and active ports on our devices and servers. I'm also interested in differentiating between actively used ports and unnecessary ones. Additionally, I would like to analyze traffic logs to see which internal clients connect to specific IP addresses and ports. Ultimately, I want to block any unused or risky ports and tighten our internal and outbound communication. I'm using a FortiGate 200F firewall, and I'd appreciate advice on how to effectively utilize its features for scanning, logging, and reporting. Specifically, I'm seeking recommendations on scanning tools, methods for analyzing traffic, best practices for blocking ports without disrupting services, and any visualization tools available within FortiGate.
5 Answers
If you're using Fortinet switches, you might manage them right from the firewall interface, which can save you a lot of hassle. Otherwise, tools like Lansweeper can provide some additional depth, although they come with a cost. It's worth checking those out for detailed reporting and insights.
Definitely consider tools like Purple Knight or PingCastle for starting points. They can help you tackle easier wins like CA policies before you dive deeper into network security.
Blocking everything by default and then allowing what's necessary is a good strategy. Just remember to be cautious to avoid disrupting essential services. That said, getting a professional penetration test could also provide valuable insights into your network's vulnerabilities.
For log analysis, if you're on Cisco hardware, consider using NetFlow. It helps you understand traffic flow better. Also, setting up ACLs to log activity before blocking them can give you a week-long snapshot to see what’s actually in use.
You might want to start with nMap; it's a solid tool for scanning and mapping out all the open ports on your network. It can help pinpoint what’s really active versus what could be blocked. Just make sure to use it carefully, especially if you're not super familiar with network tools!
Totally agree! A pro's perspective can really help you shore up any holes without the guesswork.