It has been a very busy spring for data breaches, which has exposed not only a shift in how breaches are executed, but also what types of information are being targeted. As with most breaches, some of the details remain murky, but overall we have seen a pattern of sophisticated attacks targeting information and assets that could be used as part of subsequent targeted attacks. This means that enterprises need to not only re-evaluate how they secure their assets, but also take a fresh look at the real value of …
Overview There are some special cases in which HA failover doesn't happen: When the peer is in a suspended status. When the device goes to active(failover happens) in last 60 seconds. During commit & dynamic content update process, and also 1 minute after the job has completed. owner:
Gartner’s research on next-generation firewalls and how they are changing the enterprise firewall marketplace is pretty compelling. And the recommendation to migrate from traditional firewalls and IPS to next generation firewalls at refresh time is very clear. Here’s your chance to hear from Greg Young, Gartner Research VP, and one of the authors of the 2010 Enterprise Firewall Magic Quadrant. And catch the premier of what is likely to be one of the hottest movies of the year.
Money mules are an essential and often overlooked part of financial theft and malware rings. Even after a theft, the hacker still must find a way to get the money back to his account without revealing his true identity or location. This is where the money mule comes in. In short, the mule acts as a middle-man in the transfer of the stolen funds. In a bit of a twist, the money mule is often unaware that they are facilitating a crime. Hackers will go to great lengths to create …
Details URL filtering decisions are made when a session is created through the Palo Alto Networks firewall (a session matches a security rule with a URL filtering profile). Here's what happens in a typical web-browsing session with URL filtering on a blocked URL: TCP 3-way handshake completes. Client then
Palo Alto Networks™, the network security company, today announced that NSS Labs awarded Palo Alto Networks the "Recommended" rating for passing all tests, including the TCP split-handshake spoof test, within its Network Firewall 2011 Comparative Test.
Overview Categorization is based on the URL path of up to one-level deep. Detail The following examples mean anything before the domain name can be uniquely categorized: example.com a.example.com b.example.com The following examples apply to one level past the domain: example.com/c example.com/d But, does not apply to this example: not
Steps To terminate multiple VLANS on the same physical interface, multiple tagged sub-interfaces need to be created (one per VLAN). From the WebGUI, go to Network > Interfaces link. Next choose L3 or L2 interface (should be highlighted as shown in above pic for ethernet1/6) and then click on Add
As part of our ongoing botnet tracking and research, we have recently discovered a novel approach for detecting the presence of SpyEye in a network. Just in case you aren’t familiar, SpyEye is a rapidly growing banking botnet and a direct rival to Zbot a.k.a. ZeuS. In fact, the SANS reading room has a detailed analysis of how both bots work, and specifically the mechanisms that SpyEye uses to detect and remove ZeuS from an infected machine. http://www.sans.org/reading_room/whitepapers/malicious/clash-titans-zeus-spyeye_33393 The technique we established revolves around the ability to detect the SpyEye …
Overview The TCP split handshake evasion technique is designed to confuse content decoder state machines, allowing vulnerability exploits or similar threats to bypass detection from network-based security devices. The evasion technique works by modifying the standard TCP 3-way handshake in a way that can confuse a decoder state machine. The
If you are not already familiar, Windows Live Mesh 2011 is Microsoft’s file synchronization and remote desktop access application that evolved out of its earlier products, FolderShare and Live Sync. It is a part of Microsoft’s vision for how users will manage their data across multiple devices – using a blend of cloud services and PC-based apps. According to this recent announcement by the Live Mesh team, the service connects 5 million devices, with over 3 million users syncing 2.2 petabytes of data, since being first introduced six months ago. Although it is …
Overview This document describes how to use General Policy Objects (GPO) to push SSL decryption certificates to the end-user. Steps Note: Actual screen displays will vary between Windows releases and environments. Export the SSL-Decryption certificate from the Palo Alto Networks firewall. Create a GPO profile. Import the SSL-Decryption cert to
The Application Usage and Risk Report (7th Edition, May 2011) from Palo Alto Networks provides a global view into enterprise application usage by summarizing 1,253 application traffic assessments conducted between October 2010 and April 2011. The key findings and observations both globally and by specific countries are outlined in this report.
Overview This document outlines the basic steps involved in establishing a tunnel between a Palo Alto Networks device and a Check Point UTM-1 Edge. The UTM-1 Edge might also be referred to as VPN-1 Edge, SofaWare, or Safe@Office appliances. All the named Check Point devices run SofaWare’s Embedded NGX code.
The following is list of possible codes returned should the auto update agent fail to download the latest Content version. The updater error code is viewable in the ms.log in the Tech Support file. The codes are: case -1: return "generic communication error" case -2: return "command error" case -3:
The ongoing WikiLeaks saga has been one of the most intensely covered stories in information security, and for good reason. It involves the exposure of damaging national secrets; has ignited fresh debates about the freedom of information, and has a very willing villain/hero in Julian Assange who is all too happy to hold the spotlight. However, for all of these same reasons it is easy to be lured into following the narrative of WikiLeaks, while missing the very real lessons and warning signs for enterprise security.
Details Basic Information RFC1661 and RFC2516 are supported Per physical-interface configuration The maximum number of PPPoE instances on a device is the number of physical interfaces of the device Only one PPPoE instance can be configured on each physical interface Note: Cannot configure PPPoE on a VLAN tagged sub-interface PPPoE
Here is the FileType list with Threat-ID as of May, 2017. *The Description for each File Type does not included on this page due to contents size limitation. ID Name File Type Name Min Version Scope File Type Direction 52000 Microsoft PowerPoint ppt 1.0.1 session both 52001 Microsoft Word
Issue After attempting a software (PAN-OS) upgrade, the Palo Alto Networks firewall displays the error on the console: "System Initializing; please wait". This is followed by a continuous reboot cycle. Resolution Perform factory reset on the Palo Alto Networks firewall. See: How to Factory Reset a Palo Alto Networks Device.
Palo Alto Networks devices are designed and built with security in mind but as with any network computing device it is important to avoid certain pitfalls when performing configuration tasks. Below are a few guidelines that will assist the administrator in ensuring that their Palo Alto Networks device is properly
Twitter has recently joined the ranks of fellow social media giants Facebook and Google by moving to more widespread and defualt use of SSL to protect their end-users’ information. Twitter announced on their blog that users can set a preference to secure all Twitter communication via HTTPS, which will in time become the default setting for the Twitter service. You can read the Twitter blog here: http://blog.twitter.com/2011/03/making-twitter-more-secure-https.html This shift highlights a very real and important challenge for enterprise security that boils down to this:
RSA, the security division of EMC, is trying to contain the damage caused by hackers who penetrated its network and compromised technical specifications for its SecurID token-based multifactor authentication system.
The hard drives for the PA-2000 series devices are swappable, but there are some caveats listed below: Does the drive come preloaded with a version of PANOS? Yes, A version number will be asked for at the time of the RMA and the spare HDD will come pre-loaded with that
The GlobalProtet data file, located on the Device tab > Dynamic Updates contains the OPSWAT file that lists the vendors to be used in the HIP object configuration. A valid Global Protect Gateway and Portal license is necessary, and the download schedule needs to be configured before automatic updates can
It’s that time of year again when college basketball takes center stage in America – brackets are filled out, fretted over, and filled out again. Otherwise sane and reasonable coworkers morph into die-hard superfans, and full-grown men begin having serious debates about Cinderella. They call it March Madness for a reason. It is also the time of year when IT and network teams brace for the surge of network traffic as employees tune in to watch the games on-line. This year the impact is likely to be largest ever as …
When creating a policy rule, there is an option to log the session at session start, session end, both or none. Two terms will show up in the logs that are easily confused Session start time - time at which the session started Receive time - time at which the