BLOCKING KNOWN THREATS USING SECURITY PROFILES
Block Threats Using Security Profiles
https://s3.amazonaws.com/assets.paloaltonetworksacademy.net/elearning/Security_Profiles/Security_Profiles.html
Flow Logic of the Next Generation Firewall
>>Security Profile overview
Introducing Content-ID
• The Content ID feature:
• Includes a threat prevention engine and policies to inspect and control content
traversing the firewall
• Scans network traffic for:
Security Policy with Security Profiles
.. checks on allowed traffic.
Security Profile Types
Policies>Security
Threat Log
Monitor>Logs > Threat
>>Vulnerability Protection Security Profiles
Default Vulnerability Protection Security Profiles
Objects>Security Profiles> Vulnerability Protection
Vulnerability Protection Profile Rules
Objects>Security Profiles Vulnerability Protection > Add
Vulnerability Exceptions
Objects > Security Profiles Vulnerability Protection > Add
>>Antivirus Security Profiles
Default Antivirus Security Profile
Objects>Security Profiles Antivirus
Creating a New Antivirus Profile
Objects
Security Profiles Antivirus > Add
Antivirus Profile Signature Exceptions
Objects
Security Profiles Antivirus > Add
Antivirus Profile WildFire Inline Machine Learning
Objects
Security Profiles Antivirus > Add
>>Anti
Spyware Security Profiles
Default Anti-Spyware Security Profiles
Objects
Security Profiles Anti Spyware
Configuring Anti-Spyware Profile Rules
Objects >Security Profiles Anti Spyware > Add > Rules
Anti-Spyware Exceptions
Objects >Security Profiles Anti Spyware > Add
Configure DNS Signature Match Protection
Objects > Security Profiles > Anti Spyware > Add
Sinkhole Operation
View Malicious Domains in the Threat Log
Monitor >Logs > Threat
>>File Blocking Profiles
File Blocking Overview
Creating a New File Blocking Profile
Objects >Security Profiles > File Blocking > Add
Continue Response Page
Blocking Multi-Level Encoded Files
Objects >Security Profiles > File Blocking > Add
View Blocked Files in the Data Filtering Log
Monitor > Logs > Data Filtering
Data Filtering Profiles
Creating a Data Pattern
Objects > Custom Objects > Data Patterns > Add
Creating a Data Filtering Profile
Objects > Security Profiles > Data Filtering > Add
View the Data Filtering Log
•Data Filtering log records the file name and file type.
•Source is the system that sent the file.
•Destination is the system that received the file.
Monitor > Logs > Data Filtering
>>Attaching Security Profiles to Security policy rules
Assigning Security Profiles to Security Rules
Policies> Security > Add
Security Profile Groups
Objects >Security Profile Groups > Add
Security Policy Rules
Policies > Security
>>Denial of Service Protection
Denial of Service Attacks
PAN-OS Denial of Service Protections
Flood Protection Thresholds
Network > Network Profiles Zone Protection > Add
Zone Protection: Network Reconnaissance
Enabling Reconnaissance Protection
Network > Network Profiles Zone Protection > Add
Packet-Based Attacks
Zone Protection: IP Drop
Network
Network Profiles Zone Protection > Add
Zone Protection: TCP Drop
Network
Network Profiles Zone Protection > Add
Zone Protection: Non-SYN TCP
Zone Protection: ICMP Drop
Network
Network Profiles Zone Protection > Add
Zone Protection: ICMPv6 Drop
Network
Network Profiles Zone Protection > Add
Zone Protection: Protocol Protection
Network
Network Profiles Zone Protection > Add
Zone Protection: Ethernet SGT Protection
1. To properly configure DOS protection to limit the number of sessions individually from specific source IPS you would configure a DOS Protection rule with the following characteristics:
Action: Deny, Aggregate Profile with “Resources Protection” configured
Action: Deny, Classified Profile with “Resources Protection” configured, and Classified Address with “source-ip-only” configured
Action: Protect, Classified Profile with “Resources Protection” configured, and Classified Address with “source-ip-only” configured
Action: Protect, Aggregate Profile with “Resources Protection” configured
2. What action will show whether a downloaded PDF file from a user has been blocked by a security profile on the Next Generation firewall?
Filter the data filtering logs for the user's traffic and the name of the PDF file YES
Filter the system log for failed download messages
Filter the session browser for all sessions from a user with the application adobe
Filter the traffic logs for all traffic from the user that resulted in a deny action NO
3.What component of the Next Generation Firewall will protect from port scans?
Zone protection
Anti-Virus Protection
DOS Protection
Vulnerability protection
4. Which anti-spyware feature enables an administrator to quickly identify a potentially infected host on the network?
continue response page
DNS SInkhole
data filtering log entry
CVE Number NO
5. True A Security Profile attached to a Security policy rule is evaluated only if the Security policy rule matches traffic and the rule action is set to “allow.”
6. A Zone Protection Profile is applied to which item?
Security Policy Rules NO
Egress Ports
Address Groups NO
Ingress Ports
7. Network traffic matches an “allow” rule in the Security policy, but the attached File Blocking Profile is configured with a “block” action. To which two locations will the traffic be logged?
If you choose an incorrect choice your question score will be deducted.
Threat Log NO
Alarms Log
Data Filtering Log
Traffic Log
8. Which profile type is designed to protect against reconnaissance attacks such as host sweeps and port scans?
Anti-Spyware
Zone Protection
DOS Protection
Data Filtering
Comments