Scribd
Upload
24 views

EDU 210 81b Mod16 Security

Uploaded by

shafiqktk
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
24 views

EDU 210 81b Mod16 Security

Uploaded by

shafiqktk
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 33

Next-Generation Security Practices

EDU-210
PAN-OS® 8.1
Courseware Version B
Agenda
 Migration Guidelines

 Analyzing ACC Information

 Optimizing Security Profiles

 Heatmap and Best Practice Assessment (BPA)

2 | © 2018 Palo Alto Networks, Inc.


Migration Guidelines

3 | © 2018 Palo Alto Networks, Inc.


Phase 1: Application Visibility

4 | © 2018 Palo Alto Networks, Inc.


Migration Tool
 Migrate policy from a pre-existing firewall

 https://live.paloaltonetworks.com/t5/Migration-Tool/ct-p/migration_tool

5 | © 2018 Palo Alto Networks, Inc.


Baseline Visibility
Transparent In-Line
 Virtual wire, pass traffic

 “allow-any-any” rule; see everything

 Monitor

6 | © 2018 Palo Alto Networks, Inc.


Phase 2: Next-Generation Policies
 Convert to application-based policies

 Actively monitor end users during conversion

 Convert or add rule by rule

 Consider enabling User-ID technology now for more granular control

7 | © 2018 Palo Alto Networks, Inc.


Rule Conversion: Port and Protocol to App-ID
1. Monitor current rule for applications

2. Clone rule, adding App-ID

3. Move new rule above original rule

4. Monitor to confirm that no additional traffic matches the original rule

5. Remove original rule

8 | © 2018 Palo Alto Networks, Inc.


Building New App-ID Rules from the Beginning
1. Stay in Virtual Wire mode (with general allow rules)

2. Monitor general allow access rule for applications

3. Build new App-ID rules above the allow access rule

4. Monitor diminishing traffic matching the general rule

5. When no legitimate traffic remains, convert the general rule to deny traffic

9 | © 2018 Palo Alto Networks, Inc.


Phase 3: Consolidate, Customize, and Reduce Risk
 Consolidate rules
• Shadowed rules
• Address groups
• Application groups
• Unused rules

 Create custom App-IDs for even more granular control

 Monitor

 Optimize Security Profiles

10 | © 2018 Palo Alto Networks, Inc.


Analyzing ACC Information

11 | © 2018 Palo Alto Networks, Inc.


Application Command Center (ACC)
 Best place to get a high-level view of network activity

12 | © 2018 Palo Alto Networks, Inc.


Tabs
 Network Activity: An overview of traffic and user activity on your network

 Threat Activity: An overview of the top threats, such as vulnerabilities,


spyware, and viruses
 Blocked Activity: Focuses on traffic that was prevented from coming into the
network
 Make your own tab custom tabs: Click “+” to create
custom tabs

13 | © 2018 Palo Alto Networks, Inc.


ACC Investigation Workflow
 Network activity:
1. Application use
2. Focus view on unexpected applications or application categories
3. Research applications
4. Global filter to pivot based on applications to see users and rules impacted
5. Take action as needed (update rule)

 Threat activity:
• Customize view as needed

 Blocked activity:
• Monitor closely after policy changes are made

14 | © 2018 Palo Alto Networks, Inc.


Optimizing Security Profiles

15 | © 2018 Palo Alto Networks, Inc.


File Blocking
 Start by cloning the default profiles and modify as necessary

 Block suspicious files that have no common use case

 Set allowed files to “continue” (prevents drive-by downloads)

 Set “alert” for everything else


Objects > Security Profiles > File Blocking

16 | © 2018 Palo Alto Networks, Inc.


Antivirus
 The default Antivirus Profile is the recommended behavior:
Objects > Security Profiles > Antivirus

Define actions for


standard antivirus
signatures and
signatures generated
by WildFire®

 Increase SMTP protection if no email security is in place

17 | © 2018 Palo Alto Networks, Inc.


Vulnerability Protection
 Clone the predefined strict profile

 Enable packet capture


Objects > Security Profiles > Vulnerability Protection

18 | © 2018 Palo Alto Networks, Inc.


URL Filtering
1. Start with a fresh profile or clone the default profile

2. Set all category actions to “alert”

3. Refine actions for the following categories to block:


 “copyright-infringement,” “dynamic DNS,” “extremism,” “malware,” “parked,”
“phishing,” “proxy-avoidance-and-anonymizers,” “questionable,” and “unknown”

4. (Optional) Use “continue” to phase in a strict “block” behavior

5. Use an Allow List to allow specific sites if needed

6. Attach the new profile to all rules that allow web-based applications

19 | © 2018 Palo Alto Networks, Inc.


WildFire Analysis
 Clone the default Profile and modify as necessary:
Objects > Security Profiles > WildFire Analysis

20 | © 2018 Palo Alto Networks, Inc.


Heatmap and Best Practice Assessment

21 | © 2018 Palo Alto Networks, Inc.


Heatmap and Best Practice Assessment Tool
 Online tools compare your firewall
configuration with industry standards.
 Online tool available to only partners
and employees
 Provide reports to show what currently
meets recommended best practices
 Provide recommendations to bring the
firewall up to recommended best
practices

22 | © 2018 Palo Alto Networks, Inc.


Generating a Report
1. Generate Tech Support File
2. Upload Tech Support File to generate report

3. Select Zone Type for each interface


4. Select Area of Architecture for industry comparison (optional)
5.Specify email to receive report and password protect report file

23 | © 2018 Palo Alto Networks, Inc.


Heatmap Report
 Measures percentage of “allow” rules to identify where capabilities are used

 Validates that the network is configured as intended:

Switch between Heatmap


and BPA results
Compares your firewall
to industry averages

24 | © 2018 Palo Alto Networks, Inc.


BPA Report
 Compares your firewall with recommended best practices

 Results show either pass or fail:

Switch between Heatmap


and BPA results

25 | © 2018 Palo Alto Networks, Inc.


Best Practices Check Results

Shows which checks


meet recommended Provides
best practices recommendations
if check fails

26 | © 2018 Palo Alto Networks, Inc.


BPA Check Criteria

27 | © 2018 Palo Alto Networks, Inc.


Module Summary
 Now that you have completed the module, you should be able to:
• Describe the migration process when moving from port-based firewall
policies to application-based firewall policies
• Use the ACC to view trends in network activity
• Define actions to take for optimizing Security Profiles
• Describe the benefits and differences between the Heatmap and the BPA
reports

28 | © 2018 Palo Alto Networks, Inc.


Questions?

Q&
A
29 | © 2018 Palo Alto Networks, Inc.
Capstone Lab (Pages 152-156 in the Lab Guide)
 Load a firewall lab configuration
 Configure interfaces and zones
 Configure Security and NAT policy rules
 Create and apply Security Profiles
 Configure GlobalProtect

30 | © 2018 Palo Alto Networks, Inc.


Palo Alto Networks Learning Paths
Firewall-based track Endpoint-based track

Implement and EDU-210 EDU-220


Manage

Securing Against
EDU-210 EDU-214
Threats

Support and EDU-220


EDU-210 EDU-330 Managing Endpoint
Troubleshooting (optional) EDU-281 EDU-285
(on-premises solution)
Distributed SOC
EDU-210 EDU-214 EDU-220 EDU-162* Managing Endpoint
Management EDU-290
(cloud-based solution)

SaaS Security EDU-210 EDU-164

Other
Recommended Hands-on Resources
Courseware Experience Blueprint
PCNSE prep EDU-210 (strongly recommend Study Guide
EDU-220 6 months) Practice Test
Videos

31 | © 2018 Palo Alto Networks, Inc.


Secures the Network
This page intentionally left blank

33 | © 2018 Palo Alto Networks, Inc.

You might also like