EDU-114 Study

Objectives: Describe authentication and authorization methods supported by the firewall Configure user accounts for firewall administrators and end users Define multi-factor authentication implementation methods Configure the firewall to connect to an MFA server Configure anti-phishing and user credential submission protections Summarize the three methods used to break the credential threat attack life cycle User Authentication…

Objectives: Block known malware attacks by configuring Security Profiles according to best practices Detect unknown malware attacks by configuring WildFire according to best practices Overview of Inspecting Allowed Traffic When network traffic passes between zones on the firewall, it matches against rules on the security policy. Even if the security policy gets a match and…

Module objectives: Create and manage certificates using the web interface Configure certification revocation checking on the firewall Configure SSL/TLS decryption on the firewall Describe the effects of key pinning on firewall Decryption policy Configure SSH decryption on the firewall Manage the master key The importantance of SSL/TLS Secure Socket Layer / Transport Layer Security secures…

Objectives: Create custom software vulnerability and spyware signatures Create standard and combination threat signatures Types of signatures: Defined by Palo Alto: Vulnerability Signatures Anti-Spyware Signatures Are updated frequently (each week) via Applications and Threats content updates Custom defined: Vulnerability Signatures Anti-Spyware Signatures Are updated by the administrator as required Creating Custom Threat Signatures: Browse to…

Use logs to discover unknown traffic List methods to control unknown traffic Perform a packet capture using the web interface Create a custom application with a custom signature Manage custom applications Create a custom application without a custom signature Configure an Application Override policy Applications are not always identified Some applications can not be uniquely…

Objects: Interpret the application labels in logs and reports Migrate from a port-based Security Policy to an application-based Security policy Maintain an up-to-date App-ID implementation App-ID identifies applications in traffic o bserved by the firewall. Traffic enters the firewall, and is attempted to be identified it’s application signature. If the firewall has decryption of SSL…

The Palo Alto firewall can block connections from known bad sources. This can be useful for blocking the Delivery or Command and Control stage of a cyber attack lifecycle Use IP addresses and Address objects in a Security Policy to block traffic Configure the firewall to use external, third-party IP address lists to block traffic…

This post is just notes from my own learning, do expect errors in writing! Objectives: Describe the security benefits of implementing network segementation Network segmentation can be used to secure access to data by dividing the network into multiple areas. This helps prevent an attacker from gaining access to key resources They are factors to…

These are rough notes on my study of Palo Alto Firewalls, expect bad writing! Describing what happens at each of the seven stages in the cyber-attack lifecycle Stage 1: Reconnassisance Attackers research, identify and select targets. This can carried out via typical phishing tatics or mining data from LinkedIn profiles or coprorate websites. Scanning the…