routeprotocol.com

Palo Alto

  • Palo Alto EDU-114: Blocking threats in encrypted traffic

    Module objectives: Create and manage certificates using the web interface Configure certification revocation checking on the firewall Configure SSL/TLS decryption on the firewall Describe the effects of key pinning on firewall Decryption policy Configure SSH decryption on the firewall Manage the master key The importantance of SSL/TLS Secure Socket Layer / Transport Layer Security secures…

  • Palo Alto EDU-114: Custom Threat Signatures

    Objectives: Create custom software vulnerability and spyware signatures Create standard and combination threat signatures Types of signatures: Defined by Palo Alto: Vulnerability Signatures Anti-Spyware Signatures Are updated frequently (each week) via Applications and Threats content updates Custom defined: Vulnerability Signatures Anti-Spyware Signatures Are updated by the administrator as required Creating Custom Threat Signatures: Browse to…

  • Palo Alto EDU-114: Blocking Threats Using Custom Applications

    Use logs to discover unknown traffic List methods to control unknown traffic Perform a packet capture using the web interface Create a custom application with a custom signature Manage custom applications Create a custom application without a custom signature Configure an Application Override policy Applications are not always identified Some applications can not be uniquely…

  • Palo Alto EDU-114 Notes: Blocking Threats Using APP-ID

    Objects: Interpret the application labels in logs and reports Migrate from a port-based Security Policy to an application-based Security policy Maintain an up-to-date App-ID implementation App-ID identifies applications in traffic o bserved by the firewall. Traffic enters the firewall, and is attempted to be identified it’s application signature. If the firewall has decryption of SSL…

  • Palo Altu EDU-114 Notes: Blocking Threats from Known-Bad Sources

    The Palo Alto firewall can block connections from known bad sources. This can be useful for blocking the Delivery or Command and Control stage of a cyber attack lifecycle Use IP addresses and Address objects in a Security Policy to block traffic Configure the firewall to use external, third-party IP address lists to block traffic…

  • Notes on Palo Alto EDU-114: Blocking Packet-Based and Protocol-Based Attacks

    This post is just notes from my own learning, do expect errors in writing! Objectives: Describe the security benefits of implementing network segementation Network segmentation can be used to secure access to data by dividing the network into multiple areas. This helps prevent an attacker from gaining access to key resources They are factors to…

  • Notes on Palo Alto EDU-114: The Cyber-Attack Lifecycle

    These are rough notes on my study of Palo Alto Firewalls, expect bad writing! Describing what happens at each of the seven stages in the cyber-attack lifecycle Stage 1: Reconnassisance Attackers research, identify and select targets. This can carried out via typical phishing tatics or mining data from LinkedIn profiles or coprorate websites. Scanning the…