Palo Alto Networks Admin Guides
Click on the links below for some helpful Palo Alto Networks Guides.
PAN-OS 4.1 Administrator’s Guide
PAN-OS 3.1 Administrator’s Guide
Updating from Cloud in Core Protection Module
If you have roaming laptops under management by the Core Protection Module in Tivoli Endpoint Manager, you can have these machines pull their updates from the Trend Micro cloud instead of your TEM server. In order to achieve this, you should run the following tasks in the order listed below.
- Core Protection Module – Update from Cloud: You can deploy this task to the endpoint and set the task as a policy and the endpoint would update its pattern directly from the Trend Global Update Server.
- Core Protection Module – Enable Connection to the Smart Protection Network: Once you run the task-1 above for your mobile endpoints, you should run task-2 to ensure that your endpoint is connected to the Trend Micro Smart Protection Network so that they have the latest protection both for the File Reputation and Web Reputation.
Using the above tasks, you ensure that your laptops go in roaming mode and always connect to the SPN network directly for the latest updates and protection. Please note that once you configure these settings on the endpoint they will always receive updates from the Trend Micro Update Server and reach out to Trend Micro Smart Protection Network for latest reputation queries. There are corresponding “disable” tasks that would need to be run if you would want to revert back.
Palo Alto Networks Highlights
Here are a few things that set the Palo Alto Networks firewall apart from the rest. To see more, please request a demo.
See what you’ve been missing. Find what you are looking for.
Within minutes of installing the the firewall on your network, you will see which users are using which applications – and whether they harbor any threats. The on-box reporting and logging is unmatched in other firewalls.
You can see which threats have traversed the firewall in a certain time period in summary format and drill down from there.
You can easily drill down to see which users and machines are the victims of threats.
Applications and users are fully integrated into the firewall rule set
You don’t have to create a “allow port 80 http” rule and then go to another solution or rule set to try to identify applications. Your policies can now say “users in the finance group allowed to use Oracle” or “marketing users allowed to access Facebook, but not Facebook games”.
Zero-Day Malware Detection
The Palo Alto Networks WildFire service identifies unknown malicious files by directly and automatically running them in a virtual cloud-based environment. If the files are indeed malicious, a signature is automatically created and delivered to all customers in the next scheduled daily content update. Combine this with their SSL decryption, identification of unknown applications and botnet detection and you have a powerful tool to fight malware.
Palo Alto Networks allows you to take control of port 80 and 443. Right now, your firewall is basically a piece of wire on those ports.
Splunk Log Monitoring
Let Digital Scepter give your organization greater visibility of application, server, and network activity by implementing Splunk log monitoring. Digital Scepter can deploy Splunk servers and agents to centrally collect and index useful information such as log files, alerts, configuration files, messages, etc. Splunk can consume events occurring on nearly any computer or device: domain controllers, web servers, email servers, database servers, name servers, routers, firewalls, and client workstations.
Digital Scepter’s staff emphasizes security end-use cases for Splunk, and can help your organization configure Splunk for security monitoring, reporting, and analysis using ‘Google-like’ queries. Depending upon your environment, Digital Scepter can configure periodic email reports such as ‘account lockouts’, ‘bandwidth usage by user’, ‘unknown DHCP clients’, and ‘unauthorized mobile devices’.
Let Digital Scepter demonstrate the power of Splunk to your organization today. We can even set up a proof of concept system on your network using Splunk’s free 500 MB a day limit license.
For more information, call us at (888) 299-3718 or user our contact form.
SQL Server Database Security
We have expanded our professional services to include SQL server database security and performance tuning. Digital Scepter’s staff has expertise on securing existing SQL Server installations even to to most stringent of specifications such as the Department of Defense’s Security Technical Interchange Guide (STIG). If an organization is using a back-end database server with a front-end web service, it may be susceptible to a vulnerability known as SQL Injection. Digital Scepter can test for and remediate SQL Injection vulnerabilities. With theft or accidental viewing a concern of all organizations that store information in databases, encryption services are a must. Digital Scepter can now protect SQL queries transmitted over the network using Secure Sockets Layer (SSL) as well as encrypt data at rest in the database.
In addition, Digital Scepter can now assist with database programming, administration, and performance tuning. Digital Scepter can identify and troubleshoot poor query performance on SQL Server. Digital Scepter’s database toolkit includes performance metrics, execution plans, index and fragmentation analysis, statistics, blocking and deadlocking analysis, stored procedure recompilation, and SQL Profiler tracing.
For more information, call us at (888) 299-3718 or user our contact form.
Announcing WildFire and PAN-OS 4.1
Palo Alto Networks just released PAN-OS 4.1 which includes a new service to detect unknown malware on your network called WildFire.
WildFire identifies unknown malicious files by directly and automatically running them in a virtual cloud-based environment. If the files are indeed malicious, a signature is automatically created and delivered to all customers in the next scheduled daily content update.
Here some interesting stats from the beta:
- 7% of all unknown files were malware
- Of this malware, 57% had no coverage by any AV vendor or had not been seen by VirusTotal at the time of discovery
- 15% of newly discovered malware was found to generate unknown traffic. Palo Alto already classified unknown applications as “unknown” which helps customers find malware.
How WildFire Works
When the firewall encounters an unknown .EXE or .DLL that has been delivered by any application, even those that are encrypted with SSL, the file can be submitted to the WildFire virtualized sandbox, where Palo Alto Networks can directly observe more than 70 malicious behaviors that can reveal the presence of malware. Submissions can be made manually or automatically based on policy. (click on the thumbnails to view a larger screenshot)
When a sample is identified as malware, the sample is passed on to WildFire’s signature generator, which automatically generates a signature for the sample and tests it for accuracy. The new signature is then distributed in the next content update. Palo Alto Networks also develops signatures for the all-important command and control traffic, enabling staff to immediately disrupt the communications of any malware inside the network.
In addition to providing protection, administrators have access to a wealth of actionable information about the detected malware through the WildFire portal. A detailed behavioral report of the malware is produced, along with information on the user that was targeted, the application that delivered the malware, and all URLs involved in the delivery or phone-home of the malware. (click on the thumbnails to view a larger screenshot)
Here is a whitepaper on how this new approach integrates with the other features of the Palo Alto next generation firewall to curb modern malware and botnets.