If you are reading this blog, you probably already know what Conficker is. If you don’t, then Conficker is one of the prominent viruses from last few years that continues to infect computers running Microsoft Windows through its several variants. Conficker is also reportedly building a botnet of the infected machines; botnets are used to generate spam and launch Distributed Denial Of Service (DDoS) attacks. A report earlier this year by Qualys indicated that 1 in 10 computers running Windows are still vulnerable to Conficker attack i.e., these computers have …
Overview When a second event is encountered within a minute, the counter will increment, but a new log won't be created. Checking the details of the data filtering log should show the exact count. To change the behavior and have log entries for each event. From CLI configuration mode:
This document describes the CLI commands to view management interface information. To see the Management Interface's IP address, netmask, default gateway settings: admin@anuragFW> show system info hostname: anuragFW ip-address: 10.21.56.125 netmask: 255.255.255.0 default-gateway: 10.21.56.1 ip-assignment: static ipv6-address: unknown ipv6-link-local-address: fe80::20c:0000:0000:0000/64 ipv6-default-gateway: mac-address: 00:0c:29:00:00:00 time: Wed Aug 2 17:45:41 2017
ICMP is not available in the "Service" column of the security policies. Instead the option is available in the "Application" column. Palo Alto Networks does not recommend blocking ICMP as it is an important networking protocol. It is recommended to only block ping as this affects only echo request packets.
Must have been a slow news day. Or we have just become accustomed to being inundated with news about Facebook. The point is, Facebook email has existed for sometime. Perhaps not as a standalone service like Gmail, Yahoo Mail, AOL Mail or Hotmail, but it is out there, it is used frequently and heavily. The existing email services should indeed be concerned about their marketshare.
Application dependency warnings are messages from the Palo Alto Networks device that can appear post commit. These warnings advise the administrator there is an application configured on a policy that may not function fully because another application (or applications) is needed. For example, if the “facebook-base” application on a policy
Symptoms Custom URL categories are used to allow people to browse certain web sites and block all the rest. Two custom URL categories were created, and the other sites were put in a block list (identified by *.*). The result is that the sites that are allowed to access are
The management interface MTU size is configurable from the web UI: Device > Management > Management Interface Settings > Edit > MTU From the CLI, the MTU can be configured with the following command in configuration mode: # set deviceconfig system mtu <576-1500> Note: For PAN-OS below 5.0, it
Issue User Access Control (UAC) is causes problems when installing the User-ID agent with UAC enabled. Resolution To disable User Access Control: Open Control Panel and enter UAC in the search box. Click the “Turn User Account Control (UAC) on or off” link. On the next screen, uncheck the
The rapid expansion of social networking, video chat and micro-blogging has led to some speculation that webmail is dead or dying. Like Mark Twain famously said, “the report of my death was an exaggeration,” the same holds true for the claimed death of webmail.
When pitching venture firms, entrepreneurs typically include a slide that shows revenue curving sharply up and to the right shortly after launch – what’s known as the “hockey stick” – but even the best companies rarely meet those projections.
The latest Application Usage and Risk Report shows that when at work, Facebook users exhibit passive, voyeuristic usage patterns as opposed to a more active game playing or posting usage pattern. This activity pattern indicates that the “productivity loss associated with games or posting” is somewhat overblown. Inbound and outbound security risks DO exist, however, a non-productive employee is just that, non-productive; social networking is just one of the tools used to avoid work.
Details Link and/or port monitoring via SNMP is done through the system (sys) logs in the Palo Alto Networks firewall. A SNMP trap can be sent for all of the sys logs. Since there are sys logs which provide the status of ports/links, SNMP traps can be sent for the
There are several realities that typically fall outside of the approved enterprise communications mechanisms. These applications can enhance business responsiveness and performance – but, conversely – introduce inbound risks such as malware and vulnerability exploits, and outbound risks such as data loss and inadvertent sharing of private or proprietary data.
Question: What Happens When Licenses Expire on the Palo Alto Networks Firewall? Answer: The following will occur when a license expires on the firewall. Support - Online Software updates will no longer be allowed Threat Prevention - Threat and Antivirus updates will no longer occur. The current database will
This document describes the packet handling sequence in PAN-OS. Day in the Life of a Packet PAN-OS Packet Flow Sequence. Since PanOS 7.0.2 and 6.1.7 (PAN-48644), dos protection lookup is done prior to security policy lookup. This DOC was updated to reflect this change in behaviour. Contents: SECTION
Software applications that enable employees to communicate personally with each other, participate in social networks and share files with one another are being used in 96 percent of the organizations recently studied, and account for about one-quarter of the total bandwidth being consumed by those organizations.
In its latest edition of the Application Usage and Risk Report, Palo Alto Networks draws attention to several realities that typically fall outside of the approved enterprise communications mechanisms.
Since we began tracking the use of browser-based file sharing applications in the March 2008, they have evolved to the point where there are now several distinct use cases. As described in the latest Application Usage and Risk Report, published today, the first use case are those that that enable me to be more efficient at work. Examples include DocStoc and YouSendIt!, which allow me to find a template document or send a large file that I cannot get through the email server. The second use case is a cloud-based …
When committing a configuration, a warning may appear that one rule "shadows" another rule. Rule 'rule1' shadows 'rule2' Configuration committed successfully A shadow rule warning generally indicates a more broad rule matching the criteria is configured above a more specific rule. See this example: No traffic will ever match the
Last week we held our first webinar in the Threat Review Series where we focus on new or interesting threats in the security landscape and how to protect against them. It was an interesting session as we featured three very different types of threats – a botnet, a Windows application vulnerability and the always engaging Stuxnet malware and exploit. Given the popularity of the webinar, we created short videos that detail each threat including how it works and how to stop it. See below for a quick summary of each …
Stuxnet is the first malware in recent history that attacked industrial control systems also known as SCADA (Supervisory Control and Data Acquisition) systems developed by Siemens (Siemens SIMATIC WinCC). These systems monitor and control critical industrial facilities like nuclear power plants, power grids etc. Clearly, any security breach in such systems can have far reaching consequences and as such, these are arguably the most protected IT systems so much so that it is not impossible to imagine that none of these systems are even connected to or accessible through Internet.
VLANs are used as an alternative solution to routers for broadcast containment. A Layer 2 switch can be configured to group subsets of ports into virtual broadcast domains isolated from each other. These domains are commonly known as virtual LANs (VLANs). Using a VLAN not only offers the benefit of
Next-generation firewalls, or application-aware firewalls, have enjoyed well-deserved hype from network engineers and analysts, but the technology is still evolving. Many enterprises are also holding onto their old port and protocol firewalls, at least for now.
Recently, the discussion surrounding application visibility and control provided by next-generation firewalls has become deafening. Now, every stateful inspection based firewall vendor is calling themselves a next-generation firewall that can identify and control applications. A remarkable feat, given that they are all still using port and protocol as the primary traffic classification mechanism and that all application identification is being done by a bolt-on IPS engine.
IT is a tough job, but somebody's got to do it. And these days it takes a team of talented technology professionals, each with his or her own special expertise, to carry out mission-critical assignments.