Skip to main content

Palo Alto - Security Profiles

 Having multiple layer of defense in depth is a great idea.  Top firewall vendor always has mixture of different security profiles which helps against malware infection. Palo Alto also has different flavors of protection from Anti Virus to DOS attack prevention. The main advantage of Palo Alto in compared to other firewall is making use of SP3 also know as Single Pass Parallel Processing Architecture. SP3 provides parallel processing which significantly reduces latency and overhead. We will talk about SP3 in some other blog. Let me know briefly describe about some of the security profiles that Palo Alto provides.

1. Anti Virus

Anti Virus in Palo Alto Network firewall is an inline layer security profile that will stop any viruses trying to enter the network or also try to identify and block any outgoing traffic. Antivirus in Palo Alto is a licensed feature and threat prevention license  needs to be purchased. Antivirus also needs to be updated regularly. Antivirus can be part of group security policy also can be used  single handedly. Antivirus must be attached with a policy in order to come into effect.

Go to Objects > Security Profiles > Antivirus in order to configure Antivirus.


Antivirus Profile will then needed to be added to the respective policy or can also be associated with security profiles.

2. Anti Spyware
Spyware is a malware that shares information about end user (computers) without user consent. Spyware is usually hidden and very difficult to locate.  Spyware is used to gather information from browser activity to download activity. Spyware is used to collect and sell user information to interested advertisers or other interested parties. Spyware also comes in the form of keyloggers.

Anti Spyware provides protection after the end host has been effected. It can also be referred to as post infection remediation. There are number of categories that Palo Alto can provide anti spyware protection against ranging from browser based , C&C, P2P-communication, keylogger etc. We can make a profile using any of the above mentioned category or can also select all. Top firewalls like Fortigate, Cisco Firepower even doesn't provide features like Anti Spyware whereas checkpoint does provide protection for post infected end host named as Anti Bot. The problem with Anti Bot is the protection is limited to C&C connection only.

Go to Objects > Security Profiles > Anti Spyware in order to configure Anti Spyware


Categories for spyware can also be set where protection can be provided accordingly if required. There are also additional features like packet capture if any threats are found which can be analyzed downloading using wireshark. 

3. Vulnerability Protection




















Labels

Labels:

Comments

Post a Comment

Popular posts from this blog

SAN Switch Zoning with Brocade

Zoning in Brocade SAN Switch Let's begin with resetting the switch completely. In my environment I have two brocade SAN Switch connecting to 2 Dell R940 server configured with VMware. The SAN switch will be having connectivity between Dell Unity 500 storage and Dell R940 servers. Multipathing will be done between the server and storage with the help of SAN Switch. Multipathing, also called SAN multipathing or I/O multipathing, is the establishment of multiple physical routes between a server and the storage device that supports. It results in better fault tolerance and performance enhancement. DESIGN The idea behind zoning is that intended WWPN talk with each other . This is more like ACL in the world of Ethernet. To see the devices which are logged into the switch the following commands can be executed. SAN-A:admin> switchshow switchName: SAN-A switchType: 118.1 switchState: Online switchMode: Native switchRole: Principal switchDomain: 1 switchId: ...
Post a Comment
Read more

Device Mapper Multipath with LVM in Oracle Linux

This blog describes you the step by step procedure for configuring multipath in liunx using Device Mapper and will also help you understanding what Device Mapper is. Simply stating Device Mapper is an interface to Linux Kernel which helps us to configure multiple I/O path between the server and the storage arrays.  Device Mapper interface allows the linux kernel to communicate with LVM Logical Volumes, EVMS Volumes , Software RAID, multipath and many other solutions. Multipathing is a must for all those mission critical applications as we all know that data is the most important thing in an enterprise network . Let me now share the installation process for multipathing. Installing Device Mapper #yum install device-mapper-multipath -y #rpm -qa | grep device-mapper Enabling Multipath #cp /usr/sare/doc/device-mapper-multipath - */multipath.conf   /etc/multipath.conf #mpathconf -enable -user_firendly_names n #modprobe dm_multipath #lsmod | grep dm_multip...
Post a Comment
Read more

Upgrade Catalyst C9500

Upgrading Catalyst 9500 series switch is relatively easy. The one that I'm going to upgrade today is on Install mode containing packages.conf file. Install mode consumes far less resources in compared to the traditional bundle mode and has some advantage like auto upgrade when configured in stacked mode. We can talk about the difference between bundle and install mode later on. Let's focus on upgrading the Catalyst 9500 switch. Switch I am trying to upgrade is in 17.03.03 which has some bugs and security vulnerabilities. I am upgrading it from 17.03.03 to 17.6.5(MD) golden image present in the cisco download site for C9500 series switch and also reading down the linked document from cisco that is what they recommend. You can have a look at it . https://www.cisco.com/c/en/us/support/docs/switches/catalyst-9300-series-switches/221498-recommended-releases-for-catalyst-9200-9.html We will first need to create FTP username and password in the switch. The username and password must b...
1 comment
Read more