- FortiWeb versions 8.0.0 through 8.0.1
- FortiWeb versions 7.6.0 through 7.6.4
- FortiWeb versions 7.4.0through 7.4.9
- FortiWeb versions 7.2.0 through 7.2.11
- FortiWeb versions 7.0.0 through 7.0.11
- Apply appropriate updates provided by Fortiguard to vulnerable systems immediately after appropriate testing.
- Apply the Principle of Least Privilege to all systems and services. Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
- Use vulnerability scanning to find potentially exploitable software vulnerabilities to remediate them.
- Architect sections of the network to isolate critical systems, functions, or resources. Use physical and logical segmentation to prevent access to potentially sensitive systems and information. Use a DMZ to contain any internet-facing services that should not be exposed from the internal network. Configure separate virtual private cloud (VPC) instances to isolate critical cloud systems.
- Use capabilities to detect and block conditions that may lead to or be indicative of a software exploit occurring.
