Lockdown Market mission is to market business service around IOT devices, cybersecurity and business software integration. The aim is to be the number one content provider globally for those who have an interest in the secure connected world.

Lockdown Market is part of the foydigital group of companies which is a web agency delivering powerful media and marketing solutions.

Blocking Unknown Malware with Wildfire

>>WildFire concepts

WildFire Threat Intelligence Cloud

WildFire is a cloud based, virtual sandbox used to evaluate unknown files and URL links found in emails

analysis --> files and links --> label -->benign, grayware, malware, or phishing

WildFire Operation Overview

yes,  firewall trusts that the file does not have hidden malware and allows the file to be delivered. NO creates a # number for the file,

MAX file limit applies. i.e not sent to WildfFire

>>URL Filtering Security Profiles

Challenges with Preventing Web-Based Threats

Enable business without compromising security

Encrypted web content

Silo management

URL Filtering Features

license required or no license required ---> Firewall

2 methods

Security policies or URL filtering 

URL Filtering Profiles

 

URL Category: Policy Versus Profile

Policies > Security

BLOCKING KNOWN THREATS USING SECURITY PROFILES

Block Threats Using Security Profiles

https://s3.amazonaws.com/assets.paloaltonetworksacademy.net/elearning/Security_Profiles/Security_Profiles.html

 

Flow Logic of the Next Generation Firewall

>>Security Profile overview

Introducing Content-ID


• The Content ID feature:
• Includes a threat prevention engine and policies to inspect and control content
traversing the firewall
• Scans network traffic for:

>Security Zones overview

Configure and Manage Firewall Security Zones

SPAN is like TAP

Network Segmentation

Data and users not the same Accounting, sales, customers, HR vlans Layer 2 subnets Layer 3 can be used.

Network Segmentation and Security Zones

reduce attack surface. Intra zone traffic is allowed by default. inter zone is not by default

Firewall Authentication and Authorisation

Administrator Accounts And Roles

Authenticate local or remote

Admin account assigned a role with privileges  

Administrator actions logged in config and system logs Monitor>Logs

Only the predefined admin account has access to the firewall. add administrator accounts for delegation and auditing purpose.

PAN-OS OS for local or ...supported Authentication/authorisation and accounting Services like active directory, LDAP, RADIUS, SAML.

XML config or database

Configuration Management

The purpose of the running and candidate firewall configurations

Running Configuration
• Configuration settings currently active on the firewall (maintained in a file on the firewall named running config.xml)

Candidate Configuration
•Configuration changes in progress but not active on the firewall (all of in progress edits are made to the candidate configuration)

Initial System Access To Firewall

Use either a MGT out of band ethernet interface, serial console connection default IP address 192.168.1.1/24. Must change admin password user name

Username: admin
Password: admin

Use web, SSH/Console CLI Rest/XML API and Panorama (many firewalls) as admin access tools

Reset to factory configuration