PaloAlto | Firewall Security
Check URL Filtering
https://www.brightcloud.com/tools/url-ip-lookup.php
https://urlfiltering.paloaltonetworks.com/query/
https://www.brightcloud.com/tools/url-ip-lookup.php
https://urlfiltering.paloaltonetworks.com/query/
admin@PA-FW-01> test url bbc.com
admin@PA-FW-01> show log url
admin@PA-FW-01> show log data
admin@PA-FW-01> show log url
admin@PA-FW-01> show log data
Cek Storage Palo
admin@PA-FW-01(active)> show system logdb-quota
Management log storage
system: 20.00%, 12.434 GB Expiration-period: 0 days
config: 20.00%, 12.434 GB Expiration-period: 0 days
alarm: 16.00%, 9.947 GB Expiration-period: 0 days
appstat: 32.00%, 19.894 GB Expiration-period: 0 days
hip-reports: 5.00%, 3.108 GB Expiration-period: 0 days
application-pcaps: 2.00%, 1.243 GB Expiration-period: 0 days
debug-filter-pcaps: 2.00%, 1.243 GB Expiration-period: 0 days
dlp-logs: 2.00%, 1.243 GB Expiration-period: 0 days
Session log storage
traffic: 35.00%, 609.172 GB Expiration-period: 0 days
threat: 17.00%, 295.883 GB Expiration-period: 0 days
trsum: 4.00%, 69.620 GB Expiration-period: 0 days
hourlytrsum: 3.00%, 52.215 GB Expiration-period: 0 days
dailytrsum: 2.00%, 34.810 GB Expiration-period: 0 days
weeklytrsum: 2.00%, 34.810 GB Expiration-period: 0 days
urlsum: 3.00%, 52.215 GB Expiration-period: 0 days
WildFire Verifikasi
admin@PA-FW-01> debug wildfire upload-log show
File Filtering | Berikut Link download File Filter Berdasarkan extension:
admin@PA-FW-01(active)> show system logdb-quota
Management log storage
system: 20.00%, 12.434 GB Expiration-period: 0 days
config: 20.00%, 12.434 GB Expiration-period: 0 days
alarm: 16.00%, 9.947 GB Expiration-period: 0 days
appstat: 32.00%, 19.894 GB Expiration-period: 0 days
hip-reports: 5.00%, 3.108 GB Expiration-period: 0 days
application-pcaps: 2.00%, 1.243 GB Expiration-period: 0 days
debug-filter-pcaps: 2.00%, 1.243 GB Expiration-period: 0 days
dlp-logs: 2.00%, 1.243 GB Expiration-period: 0 days
Session log storage
traffic: 35.00%, 609.172 GB Expiration-period: 0 days
threat: 17.00%, 295.883 GB Expiration-period: 0 days
trsum: 4.00%, 69.620 GB Expiration-period: 0 days
hourlytrsum: 3.00%, 52.215 GB Expiration-period: 0 days
dailytrsum: 2.00%, 34.810 GB Expiration-period: 0 days
weeklytrsum: 2.00%, 34.810 GB Expiration-period: 0 days
urlsum: 3.00%, 52.215 GB Expiration-period: 0 days
WildFire Verifikasi
admin@PA-FW-01> debug wildfire upload-log show
File Filtering | Berikut Link download File Filter Berdasarkan extension:
Check File Type PDF
Link Enable DNS Security to control traffic based on domains
https://www.youtube.com/watch?v=fsWwACeJb48
Link Download File EXE (MIkrotik)
https://mikrotik.com/download
Link Check Application Category
https://applipedia.paloaltonetworks.com/
Link Check THREATVAULT
https://threatvault.paloaltonetworks.com/
==================================================
DNS Security Test Domain
https://docs.paloaltonetworks.com/dns-security/administration/configure-dns-security/dns-security-test-domains
https://libredns.gr/
Penerapan di Rules Polices- Security dari Outside ke area Server. Sama satu rules, dan satu object dgn Security-Profile di Anti-Spyware.
Link Check Application Category
https://applipedia.paloaltonetworks.com/
Link Check THREATVAULT
https://threatvault.paloaltonetworks.com/
DNS Security Test Domain
https://docs.paloaltonetworks.com/dns-security/administration/configure-dns-security/dns-security-test-domains
https://libredns.gr/
Penerapan di Rules Polices- Security dari Outside ke area Server. Sama satu rules, dan satu object dgn Security-Profile di Anti-Spyware.
==============================================================
44. Anti-Spyware.
Penerapan di Rules Polices- Security dari Outside ke Inside (area Server)
============================================================
45. Data Protection
a. Object | Custom Object | Data Patern | Create Data Object
b. Object | Security Profile | Data Filtering , (lalu isi sesuai kriteria )
c. Lalu terapakan di menu Policies | Security source Inside to Outside. Di Tab Action pilih Data Filtering, pili nama yg sudah dibuat sebelumnya.
44. Anti-Spyware.
Penerapan di Rules Polices- Security dari Outside ke Inside (area Server)
============================================================
45. Data Protection
a. Object | Custom Object | Data Patern | Create Data Object
b. Object | Security Profile | Data Filtering , (lalu isi sesuai kriteria )
c. Lalu terapakan di menu Policies | Security source Inside to Outside. Di Tab Action pilih Data Filtering, pili nama yg sudah dibuat sebelumnya.
Lalu test akses dari PC/laptop Inside ke PC outside dimana file berisikan NumberCard/ Kartu Kredit. Jika berhasil harusnya ada peringatan (warning).
=======================================================
Zone Protection
Zone Protection
1. Network | Zone Protection | Add
Buat namanya dan kriterianya ex: Zone_Outside_Protection.
2. Object | Security Profile | DoS Protection | Add
Di LAB ini sy buat ada 2 kriteria i.e: Aggregate dan Clasiffication).
a. Type-1 - Aggregate
Create DoS Protection dgn Type Aggregate. Centang SYS-Flood, ICMP-Flood, UDP-Flood, IP Other . (Bisa satu-persatu dicentang, buat testing sj).
3. Menu Policies | Dos Protection | Add
-Terapkan dari Outside to Inside , dan di Tab Option/Protection (pilih Object yg baru dibuat DoS Protection, Action = Protect and Commit.
Type-2 - Specification
A. Create DoS Protection, di Tab Other Option Type Classification)
Centang semua SYS-Flood, ICMP-Flood, UDP-Fbood, IP Other Flood.
B. Lalu ke menu Policies | Dos Proection
-Source Outside (ip any) TO Inside (IP, Network) , dan tab OPtion/Pritection.
Classified:
Profile: (pilih yg baru object yg baru dibuat DoS Protection type Classification.
Address: Pilih src-dst-ip-booth. Commit
==================================================
III. Device | Setup | Session
1. Aktifkan (centang ):
- Remacth all session
- Packet Buffer Protection
===================================================
IV. Interface | Zone
1. Plih Zone Outside, centang Enable Buffer Packet Protection
Lalu test dari Kali linux. Kali linux di outside, server di Outside
========================================================
========================================================
SYN Floding
Kalilinux#kali:~# hping3 -c 15000 -d 120 -S -w 64 -p 80 --flood --rand-source 192.168.114.50
Kalilinux#kali:~# hping3 -c 15000 -d 120 -S -w 64 -p 80 --flood --rand-source 192.168.114.50
UDP FLooding
Kalilinux#kali:~# nmap -sU -p0-65535 192.168.114.50
ICMP FLooding
Kalilinux#kali:~# hping3 -1 --flood -a 192.168.114.50 192.168.17.255
Maximum Concurrent Sesions
Setting di: Object | Security Profiles | DoS Protection
Create (Add) Object
Klik Tab : Resource Protection
Aktifkan (centang) Sessions, Kasih nilai 30.
Commit.
Lanjut Test Dengan Command Berikut:
Kalilinux#kali:~# hping3 -c 15000 -d 120 -S -w 64 -p 80 --flood --rand-source 192.168.114.50
46. Data Protection Profile
Kalilinux#kali:~# nmap -sU -p0-65535 192.168.114.50
ICMP FLooding
Kalilinux#kali:~# hping3 -1 --flood -a 192.168.114.50 192.168.17.255
Maximum Concurrent Sesions
Setting di: Object | Security Profiles | DoS Protection
Create (Add) Object
Klik Tab : Resource Protection
Aktifkan (centang) Sessions, Kasih nilai 30.
Commit.
Lanjut Test Dengan Command Berikut:
Kalilinux#kali:~# hping3 -c 15000 -d 120 -S -w 64 -p 80 --flood --rand-source 192.168.114.50
46. Data Protection Profile
TCP SYN (Flood) Attack:
root@kali:~# hping3 -c 15000 -d 120 -S -w 64 -p 80 --flood --rand-source 192.168.17.150
root@kali:~# hping3 -c 15000 -d 120 -S -w 64 -p 443 --flood --rand-source 192.168.17.150
-------------------------------------------------------------------------------
ICMP Flooding Attack:
root@kali:~# hping3 -1 --flood -a 192.168.17.150 192.168.17.255
--------------------------------------------------------------------------------
UDP Port Scan:
root@kali:~# nmap -sU -p0-65535 192.168.17.150
root@kali:~# nmap -sU 192.168.17.150
--------------------------------------------------------------------------------
Host Sweep Attack:
root@kali:~# nmap -sP 192.168.17.150
-----------------------------------------------------------------------------
TCP Flood Attack:
root@kali:~# hping3 -S -P -U --flood -V --rand-source 192.168.17.150
------------------------------------------------------------------------
TCP Flood Attack DOS Protection Profile:
root@kali:~# hping3 -c 15000 -d 120 -S -w 64 -p 80 --flood --rand-source 192.168.17.150
-------------------------------------------------------------------
root@kali:~# hping3 -c 15000 -d 120 -S -w 64 -p 80 --flood --rand-source 192.168.17.150
root@kali:~# hping3 -c 15000 -d 120 -S -w 64 -p 443 --flood --rand-source 192.168.17.150
-------------------------------------------------------------------------------
ICMP Flooding Attack:
root@kali:~# hping3 -1 --flood -a 192.168.17.150 192.168.17.255
--------------------------------------------------------------------------------
UDP Port Scan:
root@kali:~# nmap -sU -p0-65535 192.168.17.150
root@kali:~# nmap -sU 192.168.17.150
--------------------------------------------------------------------------------
Host Sweep Attack:
root@kali:~# nmap -sP 192.168.17.150
-----------------------------------------------------------------------------
TCP Flood Attack:
root@kali:~# hping3 -S -P -U --flood -V --rand-source 192.168.17.150
------------------------------------------------------------------------
TCP Flood Attack DOS Protection Profile:
root@kali:~# hping3 -c 15000 -d 120 -S -w 64 -p 80 --flood --rand-source 192.168.17.150
-------------------------------------------------------------------
TCP Port SCAN
root@kali:~# nmap -p1-65535 -T4 -A -v 192.168.17.150
-------------------------------------------------------------
Host Sweep
root@kali:~# nmap -sP 192.168.17.0/24
root@kali:~# nmap -p1-65535 -T4 -A -v 192.168.17.150
-------------------------------------------------------------
Host Sweep
root@kali:~# nmap -sP 192.168.17.0/24
-------------------------------------------------------------
palo alto
Posting Komentar untuk "PaloAlto | Firewall Security"