Security Profiles

BLOCKING KNOWN THREATS USING SECURITY PROFILES

Block Threats Using Security Profiles

https://s3.amazonaws.com/assets.paloaltonetworksacademy.net/elearning/Security_Profiles/Security_Profiles.html

 

Flow Logic of the Next Generation Firewall

>>Security Profile overview

Introducing Content-ID


• The Content ID feature:
• Includes a threat prevention engine and policies to inspect and control content
traversing the firewall
• Scans network traffic for:

Security Policy with Security Profiles

.. checks on allowed traffic.

Security Profile Types

Policies>Security

Threat Log

Monitor>Logs > Threat

 

>>Vulnerability Protection Security Profiles

Default Vulnerability Protection Security Profiles

Objects>Security Profiles> Vulnerability Protection

Vulnerability Protection Profile Rules

Objects>Security Profiles Vulnerability Protection > Add

Vulnerability Exceptions

Objects > Security Profiles Vulnerability Protection > Add

>>Antivirus Security Profiles

Default Antivirus Security Profile

Objects>Security Profiles Antivirus

Creating a New Antivirus Profile

Objects
Security Profiles Antivirus > Add

Antivirus Profile Signature Exceptions

Objects
Security Profiles Antivirus > Add

Antivirus Profile WildFire Inline Machine Learning

Objects
Security Profiles Antivirus > Add

>>Anti
Spyware Security Profiles

Default Anti-Spyware Security Profiles

Objects
Security Profiles Anti Spyware

Configuring Anti-Spyware Profile Rules

Objects >Security Profiles Anti Spyware > Add > Rules

Anti-Spyware Exceptions

Objects >Security Profiles Anti Spyware > Add

Configure DNS Signature Match Protection

Objects > Security Profiles > Anti Spyware > Add

Sinkhole Operation

View Malicious Domains in the Threat Log

Monitor >Logs > Threat

>>File Blocking Profiles

File Blocking Overview

Creating a New File Blocking Profile

Objects >Security Profiles > File Blocking > Add

Continue Response Page

Blocking Multi-Level Encoded Files

Objects >Security Profiles > File Blocking > Add

View Blocked Files in the Data Filtering Log

Monitor > Logs > Data Filtering

Data Filtering Profiles

Creating a Data Pattern

Objects > Custom Objects > Data Patterns > Add

Creating a Data Filtering Profile

Objects > Security Profiles > Data Filtering > Add

View the Data Filtering Log
•Data Filtering log records the file name and file type.
•Source is the system that sent the file.
•Destination is the system that received the file.
Monitor > Logs > Data Filtering

>>Attaching Security Profiles to Security policy rules

Assigning Security Profiles to Security Rules

Policies> Security > Add

Security Profile Groups
Objects >Security Profile Groups > Add

Security Policy Rules

Policies > Security

>>Denial of Service Protection

Denial of Service Attacks

PAN-OS Denial of Service Protections

Flood Protection Thresholds

Network > Network Profiles Zone Protection > Add

Zone Protection: Network Reconnaissance

Enabling Reconnaissance Protection

Network > Network Profiles Zone Protection > Add

Packet-Based Attacks

Zone Protection: IP Drop

Network
Network Profiles Zone Protection > Add

Zone Protection: TCP Drop

Network
Network Profiles Zone Protection > Add

Zone Protection: Non-SYN TCP

Zone Protection: ICMP Drop

Network
Network Profiles Zone Protection > Add

Zone Protection: ICMPv6 Drop

Network
Network Profiles Zone Protection > Add

Zone Protection: Protocol Protection

Network
Network Profiles Zone Protection > Add

Zone Protection: Ethernet SGT Protection

1. To properly configure DOS protection to limit the number of sessions individually from specific source IPS you would configure a DOS Protection rule with the following characteristics:

Action: Deny, Aggregate Profile with “Resources Protection” configured

Action: Deny, Classified Profile with “Resources Protection” configured, and Classified Address with “source-ip-only” configured

Action: Protect, Classified Profile with “Resources Protection” configured, and Classified Address with “source-ip-only” configured

Action: Protect, Aggregate Profile with “Resources Protection” configured

2. What action will show whether a downloaded PDF file from a user has been blocked by a security profile on the Next Generation firewall?

Filter the data filtering logs for the user's traffic and the name of the PDF file YES

Filter the system log for failed download messages

Filter the session browser for all sessions from a user with the application adobe

Filter the traffic logs for all traffic from the user that resulted in a deny action NO

3.What component of the Next Generation Firewall will protect from port scans?

Zone protection

Anti-Virus Protection

DOS Protection

Vulnerability protection

4. Which anti-spyware feature enables an administrator to quickly identify a potentially infected host on the network?

continue response page

DNS SInkhole

data filtering log entry

CVE Number NO

5. True A Security Profile attached to a Security policy rule is evaluated only if the Security policy rule matches traffic and the rule action is set to “allow.”

6. A Zone Protection Profile is applied to which item?

Security Policy Rules NO

Egress Ports

Address Groups NO

Ingress Ports

7. Network traffic matches an “allow” rule in the Security policy, but the attached File Blocking Profile is configured with a “block” action. To which two locations will the traffic be logged?

If you choose an incorrect choice your question score will be deducted.

Threat Log NO

Alarms Log

Data Filtering Log

Traffic Log

8. Which profile type is designed to protect against reconnaissance attacks such as host sweeps and port scans?

Anti-Spyware

Zone Protection

DOS Protection

Data Filtering

Comments