Search icon Close icon
Search icon
Subscription
0
Cart icon
Close icon
You have no products in your basket yet
Arrow left icon
All Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Newsletters
Free Learning
Arrow right icon
Mastering Palo Alto Networks - Second Edition

You're reading from  Mastering Palo Alto Networks - Second Edition

Product type Book
Published in Jun 2022
Publisher Packt
ISBN-13 9781803241418
Pages 636 pages
Edition 2nd Edition
Languages
Concepts
Author (1):
Tom Piens aka Piens aka 'reaper' Tom Piens aka Piens aka 'reaper'
Profile icon Tom Piens aka Piens aka 'reaper'
LinkedIn
Tom Piens is a seasoned cybersecurity professional with a distinguished career closely tied to Palo Alto Networks. With over two decades of experience in the field, Tom has played a pivotal role in shaping the digital defense landscape. His journey began as the first international (outside of the continental US) support engineer at Palo Alto Networks, where he rapidly ascended the ranks due to his remarkable aptitude for innovative solutions. Beyond his technical prowess, Tom's passion for knowledge transfer has made him a sought-after mentor. He's been instrumental in cultivating a dynamic learning environment within the Palo Alto Networks LIVE community, fostering a culture of continuous growth and excellence. His innate ability to simplify complex concepts has empowered his colleagues to stay at the forefront of cybersecurity trends.
See other products by Tom Piens aka Piens aka 'reaper'

Table of Contents (18) Chapters

Preface 1. Understanding the Core Technologies 2. Setting Up a New Device 3. Building Strong Policies 4. Taking Control of Sessions 5. Services and Operational Modes 6. Identifying Users and Controlling Access 7. Managing Firewalls through Panorama 8. Upgrading Firewalls and Panorama 9. Logging and Reporting 10. Virtual Private Networks 11. Advanced Protection 12. Troubleshooting Common Session Issues 13. A Deep Dive into Troubleshooting 14. Cloud-Based Firewall Deployment 15. Supporting Tools 16. Other Books You May Enjoy
17. Index

Advanced Protection

In this chapter, we will learn about advanced configuration features, such as custom applications and custom threats, and apply them to a policy, and we will review how zone protection and Denial of Service (DoS) protection can defend the network and individual resources from attackers.

In this chapter, we’re going to cover the following main topics:

  • Custom applications and application override
  • Custom threat signatures
  • Zone protection and DoS protection

In the following chapter we will learn how to create custom applications to identify internally created protocols or applications that do not match, or match a generic App-ID. We will also learn how to create our own threat signatures so we can block certain payloads. Lastly we’ll see how we can defend the firewall and backend systems from all sorts of packet-based attacks.

Technical requirements

In this chapter, we will be covering remote connections and protection from inbound connections. If you have a lab environment where you can simulate custom applications and incoming scans or floods, this will help greatly in visualizing what is being explained.

Custom applications and threats

Every once in a while, an application may not be known. This could be due to it being a new application that has not been used much in the wild or could be something a developer created in-house for which it is not reasonable to expect there to be signatures to identify the session.

In these cases, it is possible to create custom applications that use custom signatures and can trigger an App-ID to positively identify the previously unknown application.

The need for a custom application usually starts with the discovery of an abnormality in the traffic log. In the following screenshot, I have discovered my solar power converter, and an IoT device is communicating with its home server over an unknown-tcp connection:

Figure 10.12 – An unknown-tcp application in the traffic log

Figure 11.1: An unknown-tcp application in the traffic log

There are two ways to address this issue:

  • Implement an application override that forcibly sets all these sessions to a specific application
  • Create...

Zone protection and DoS protection

While layer 7 threats generally revolve around stealing data, blackmailing users through sophisticated phishing, or infecting hosts with complex and expensive zero-day vulnerabilities, protecting the network layer against DoS and low-level packet attacks is equally important. Protecting the system and the network is achieved in three different ways:

  • System-wide settings that defend against maliciously crafted packets or attempts at evasion through manipulation
  • Zone protection to protect the whole network against an onslaught of packets intended to bring the network to its knees
  • DoS protection to more granularly protect resources from being overwhelmed

The system-wide settings are, unfortunately, not all neatly sorted in one place. I’ll go over the most important ones.

System protection settings

A good deal of the global session-related settings can be accessed through the Device | Setup | Session tab...

Summary

In this chapter, you learned how to set up site-to-site VPN tunnels and a client-to-site VPN with GlobalProtect. You can now not only provide connectivity but also scan the client machine for compliance and know how to control the user experience. You’ve also learned how to create custom applications and custom threats that will allow you to identify packets unique to your environment and take affirmative action, and we’ve learned how to set up zone and DoS protection to defend against all kinds of packet-based attacks.

In the next chapter, we will be getting our hands on some basic troubleshooting. We will learn about session details and how to interpret what is happening to a session.

If you’re preparing for the PCNSE, remember QoS rules are applied on the egress interface and how the classes apply to different profiles on different interfaces. Remember the implications of using an app override and what the benefits are of a custom application...

lock icon The rest of the chapter is locked
arrow left Previous Chapter
Chapter 1 of 18
Next Chapter arrow right
You have been reading a chapter from
Mastering Palo Alto Networks - Second Edition
Published in: Jun 2022 Publisher: Packt ISBN-13: 9781803241418
© 2022 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at $15.99/month. Cancel anytime}

Authors (1)

Profile icon Tom Piens aka Piens aka 'reaper'
LinkedIn
Tom Piens is a seasoned cybersecurity professional with a distinguished career closely tied to Palo Alto Networks. With over two decades of experience in the field, Tom has played a pivotal role in shaping the digital defense landscape. His journey began as the first international (outside of the continental US) support engineer at Palo Alto Networks, where he rapidly ascended the ranks due to his remarkable aptitude for innovative solutions. Beyond his technical prowess, Tom's passion for knowledge transfer has made him a sought-after mentor. He's been instrumental in cultivating a dynamic learning environment within the Palo Alto Networks LIVE community, fostering a culture of continuous growth and excellence. His innate ability to simplify complex concepts has empowered his colleagues to stay at the forefront of cybersecurity trends.
Read more
See other products by Tom Piens aka Piens aka 'reaper'

Personalised recommendations for you

Based on your interests and search pattern
Left arrow icon
Designing and Implementing Microsoft Azure Networking Solutions
Designing and Implementing Microsoft Azure Networking Solutions
Designing and Implementing Microsoft Azure Networking Solutions Exam Ref AZ-700 is an all-encompassing guide to the AZ-700 exam and contains all the information you need to succeed in the world of virtual networking with Azure. With this book, you will be fully prepared for the exam and the world of cloud networking.
Aug 2023 17 hours 28 minutes
Microsoft 365 Security, Compliance, and Identity Administration
Microsoft 365 Security, Compliance, and Identity Administration
The Microsoft 365 Security, Compliance, and Identity Administration is a comprehensive guide that helps you employ Microsoft 365's robust suite of features and empowers you to optimize your administrative tasks.
Aug 2023 21 hours 0 minutes
Zero Trust Overview and Playbook Introduction
Zero Trust Overview and Playbook Introduction
Get started on Zero Trust with this step-by-step playbook and learn everything you need to know for a successful Zero Trust journey with tailored guidance for every role, covering strategy, operations, architecture, implementation, and measuring success. This book will become an indispensable reference for everyone in your organization.
Oct 2023 8 hours 0 minutes
The Self-Taught Cloud Computing Engineer
The Self-Taught Cloud Computing Engineer
This self-study book helps you master multiple clouds, including AWS, Azure, and GCP, and serves as a roadmap to becoming a certified cloud computing expert. The book will guide you to develop a professional cloud career by helping you build a broad cloud knowledge base, developing hands-on cloud computing skills, and getting cloud certified.
Sep 2023 15 hours 44 minutes
Technology Operating Models for Cloud and Edge
Technology Operating Models for Cloud and Edge
This book will help you build and create ownership of a technology operating model, as well as connect your leadership with engineering and operations, keeping your internal and external customers in mind. It provides practical tips on why, where, and how to make the cloud and edge platform paradigm sing for you, your team, and your organization.
Aug 2023 7 hours 36 minutes
Azure Architecture Explained
Azure Architecture Explained
Azure is the preferred platform to build mission-critical and secure apps. This book provides comprehensive coverage of essential Azure products, services, and solutions vital for every solution architect's success. Elevate your knowledge and master the critical components of Azure to excel in your role with Azure Architecture Explained.
Sep 2023 14 hours 52 minutes
Pentesting Active Directory and Windows-based Infrastructure
Pentesting Active Directory and Windows-based Infrastructure
This practical guide helps you explore the pentesting of Microsoft infrastructure in detail, and enhances your offensive skillset by showing you the different ways to perform security assessment. This book will help blue teamers and IT engineers get up to speed with possible security issues they may encounter in their Windows environments.
Nov 2023 12 hours 0 minutes
Practical Ansible
Practical Ansible
In Practical Ansible, you'll work with the latest release of Ansible and learn to solve complex issues quickly with the help of task-oriented scenarios. You'll start by installing and configuring Ansible to automate monotonous and repetitive IT tasks and get to grips with concepts such as playbooks, inventories, plugins, collections, and network modules.
Sep 2023 14 hours 0 minutes
Windows 11 for Enterprise Administrators
Windows 11 for Enterprise Administrators
Microsoft’s launch of Windows 11 is a step toward satisfying the enterprise administrator’s needs for better management and enhanced user experience customization. This book provides the enterprise administrator with the knowledge needed to fully utilize the advanced feature set of Windows 11 Enterprise.
Oct 2023 9 hours 32 minutes
The Linux DevOps Handbook
The Linux DevOps Handbook
This book is for software and IT professionals seeking knowledge on Linux systems and DevOps practices. This book will provide you with guidance and tools to learn and gain proficiency in managing Linux-based infrastructures and knowledge of DevOps.
Nov 2023 14 hours 16 minutes
Right arrow icon