DNS Security Subscription | Palo Alto Training | Stopping Malicious DNS Part one
ฝัง
- เผยแพร่เมื่อ 5 ก.ย. 2024
- Launching another series this time looking at DNS security subscription from Palo Alto, using cloud based detection and signatures to provide much greater security to users even before they have visited the sites.
In this video we start with where it is configured and what licenses we need as well as some of the default actions and how to change default behavior to suit individual use case needs.
#paloaltonetworks #paloaltotraining #paloaltofirewall #dnssecurity #cybersecurity #dns
Excellent! Very easy to understand.
Thank you for watching !
thank you for share this content, well done
Thank you for watching!
thank you so much Bro for your good explanation, but i wounder why you have sinkhold all categories, I usually sinkhole all default block categories only.
Hi
That is a really good question and really does get to the problem I see with a lot of security practice today, so the categories vary in the potential for malicious traffic, and with this variance comes the need to put the standards and best practice docs largely to one side, I sinkhole the default-paloalto-dns because it is a Palo provided list of malicious or undesirable domains, and as such is best to sinkhole for reporting as well as security purposes, I would also suggest that C&C domains should be blocked as they serve no purpose, the same can be said for Grayware, Malware and Phishing, Parked domains are a grey area and while not really a 100 percent security risk you may want to block it if you were in a high security government organization just in case, but if you are in a low security environment you may not be that bothered, and the extra reporting and logging could just be noise that you want to tune out, same really for Ad tracking, these drop cookies and actively follow users so depending on your security stance I guess that would also be open to interpretation,
However when it comes to things like proxy Avoidance and Anonymizers, if this profile was to added to corporate network access then I cannot see why you would want to allow a user to encrypt their traffic and avoid the vast majority of security measures that are in place, but where this profile is added to Guest networks you would most likely allow it as users are more often than not going to be VPN'd back to their corporate networks and will need that traffic allowed.
Finally Newly Registered Domains, in todays hyperscaling cloud environments where DNS is crucial and services can be brought online using newly created domains or local domains, you would weigh up the quantity, if there is only a few then the exceptions list could be the way to go, but if there are likely to an exponential amount then you may want to accept the risks with New Domains, reducing the admin overhead.
Hope this helps!
thank you for this wonderful video! just a question though, do you have DNS Security license or just the Threat Prevention license in this video?
Hi,
I have the DNS security Subscription in this video.
Thank you for watching!