Skip to main content

Palo Alto - Security Profiles

 Having multiple layer of defense in depth is a great idea.  Top firewall vendor always has mixture of different security profiles which helps against malware infection. Palo Alto also has different flavors of protection from Anti Virus to DOS attack prevention. The main advantage of Palo Alto in compared to other firewall is making use of SP3 also know as Single Pass Parallel Processing Architecture. SP3 provides parallel processing which significantly reduces latency and overhead. We will talk about SP3 in some other blog. Let me know briefly describe about some of the security profiles that Palo Alto provides.

1. Anti Virus

Anti Virus in Palo Alto Network firewall is an inline layer security profile that will stop any viruses trying to enter the network or also try to identify and block any outgoing traffic. Antivirus in Palo Alto is a licensed feature and threat prevention license  needs to be purchased. Antivirus also needs to be updated regularly. Antivirus can be part of group security policy also can be used  single handedly. Antivirus must be attached with a policy in order to come into effect.

Go to Objects > Security Profiles > Antivirus in order to configure Antivirus.


Antivirus Profile will then needed to be added to the respective policy or can also be associated with security profiles.

2. Anti Spyware
Spyware is a malware that shares information about end user (computers) without user consent. Spyware is usually hidden and very difficult to locate.  Spyware is used to gather information from browser activity to download activity. Spyware is used to collect and sell user information to interested advertisers or other interested parties. Spyware also comes in the form of keyloggers.

Anti Spyware provides protection after the end host has been effected. It can also be referred to as post infection remediation. There are number of categories that Palo Alto can provide anti spyware protection against ranging from browser based , C&C, P2P-communication, keylogger etc. We can make a profile using any of the above mentioned category or can also select all. Top firewalls like Fortigate, Cisco Firepower even doesn't provide features like Anti Spyware whereas checkpoint does provide protection for post infected end host named as Anti Bot. The problem with Anti Bot is the protection is limited to C&C connection only.

Go to Objects > Security Profiles > Anti Spyware in order to configure Anti Spyware


Categories for spyware can also be set where protection can be provided accordingly if required. There are also additional features like packet capture if any threats are found which can be analyzed downloading using wireshark. 

3. Vulnerability Protection




















Labels:

Comments

Post a Comment

Popular posts from this blog

SSL Decryption FortiGate

  We have pretty much heard about SSL decryption and of malware hiding inside an encrypted traffic. A large amount of traffic in the internet is pretty much encrypted which basically means that bad things like malware, virus, ransomware can hide inside this encrypted traffic. If majority of these traffic are encrypted our Firewalls are not able to analyze these traffic which can easily infect our organization and the investment which we have done in these firewalls are wasted. There does come around a solution for this and as my topic suggest SSL Decryption also know as Deep Packet Inspection as by some IT folks. The image that I have attached down below clearly suggest about what I am trying to explain. Using deep packet inspection, the firewall simply decrypts the encrypted traffic happening  between client and server, inspects the content to find the threats and block them , then forwards it to the destination re-encrypting it . We will need to first setup the SSL/SSH in...
Post a Comment
Read more

High Availability Palo Alto (Active/Standby)

 High Availability is usually performed in most of the data centers networks today which ensures application availability . High Availability is usually achieved in case one of the appliance goes down or have some physical or logical connectivity issues.  Achieving high availability in Palo Alto firewall is relatively very easy. Palo Alto firewall can work in both Active/Standby mode or in Active/Active. We will basically be talking about Active/Standby mode in this article. There are basically two links that needs to be configure in Palo Alto for HA. 1. Control Links Control Links are associated with control plane traffic which is mainly used for heartbeat exchanged, configuration synchronization. Dedicate HA ports are available in higher series of Palo Alto or even a HA interface can be created for some inband ports.   2. Data Links Data Links are mainly used for session synchronization, forwarding table synchronization. Dedicated HSCI Ports are available for highe...
Post a Comment
Read more

Virtual Chassis Juniper EX 3400 (PREPROVISONED)

Juniper has always been an technology that I have always liked right from the beginning of my career when I was working as an Jr Network Administrator. The logical command as well as the hierarchy based Juniper devices has always made me love the device. Let me today talk about a very useful and an interesting topic which we usually called stack in the world of Cisco and virtual chassis in the world of Juniper, both of them mean the same thing logically make two or more than two switch as a one and configure and manage the device as a single unity. High Availability, managed configuration and maintenance are few of the benefits that a virtual chassis can provide. The configuration for virtual chassis can be found easily in the juniper sites but my objective about writing this is making it more simpler in context to Juniper's document. There are basically two ways of configuring virtual chassis in Juniper. 1.   Nonprovisioned configuration  :  The master switch assig...
Post a Comment
Read more