DEV Community: FLO

Securing Endpoints Using Vulnerability Profiles

FLO — Tue, 03 Jan 2023 00:00:30 +0000

In this lab, I was able to secure an endpoint by blocking a PDF file with a Custom Vulnerability Object and Vulnerability Protection Profile. Palo Alto Networks Firewalls support the use
of Custom Vulnerability Signatures that can be written with expression patterns to identify vulnerability exploits. Vulnerability Protection Profiles will stop any attempt to
exploit system flaws so that unauthorized access cannot be gained to a targeted system.

In this video:
• Install the latest Dynamic Updates of Antivirus
Dynamic Updates ensure policy enforcement on a Palo Alto Networks Firewall of new threat signatures and applications.
• Install Manual Update of Applications and Threats
There are times when the Firewall may not have Internet access to perform a Dynamic Update. Applications and Threats will be updated via file that has been downloaded from the Palo Alto Networks Customer Support Portal.
• Create a Custom Vulnerability Signature
Palo Alto Network Firewalls use Custom Vulnerability Signature to identify vulnerability exploits by writing a custom regular expression. The Firewall then looks for the custom-defined pattern within the network traffic and takes the necessary action to identify and stop the vulnerability exploit.
• Clone a Vulnerability Protection Profile
Creating a customized profile, I'm able to maximize vulnerability-checking for traffic between trusted security zones, and maximize protection for traffic received from untrusted zones, such as the Internet. The strict profile shows the block response to all client and server critical, high, and medium severity events and uses the Default Action for low and informational vulnerability protection events.
• Apply Custom Vulnerability Protection Profile to a Security Policy
Using Allow-Any security policy for enforcement on Custom Vulnerability Protection Profile and PDF Vulnerability Protection.
• Commit and Test Vulnerability Protection
Attempting to download an infected PDF file and test the Vulnerability Protection. Next, verify in the Threat Logs of the Palo Alto Networks Firewall.
*** The site can't be reached because the connection was reset by the Firewall to stop the exploit.***

Stopping Reconnaissance Attacks

FLO — Mon, 02 Jan 2023 21:16:45 +0000

Able to utilize Zone Protection profiles to provide additional protection for specific network zones to protect the zones from attack. Able to use Nmap on the client machine to perform reconnaissance attack. This will test the Zone Protection profiles of the Palo Alto Networks Firewalls.

• Create a Zone Protection Profile
Zone Protection Profiles supplement additional protection between determined zones to protect the zones against attacks.

• Apply the Zone Protection Profile to Zones and Commit
Using the Zone Protection Profile created to the inside, outside, and DMZ security zones. This helps control against network floods, reconnaissance, and other packet-based related attacks. Then commit changes into the Firewall.

• Perform a Reconnaissance Attack on the DMZ Server
Using Nmap to perform reconnaissance attack on the DMZ server. Nmap is used to scan networks as a host detection tool for penetration testing and to visualize network vulnerabilities.

• Monitor and Analyze the Threat Logs
able to analyze and monitor the Threat logs in the Palo Alto Networks Firewall.

After an admin analyzes the logs present on the Firewall from
the Nmap scan, the port scan activity is visible. If this had
been a malicious hacker scanning the network, the threat logs would have alerted the admin.
For this lab, the security policy is set to allow all traffic. That security policy setting most likely would not be utilized in a production environment. If the security policy would have been set to deny traffic, an alert would have been triggered by the Nmap scan but the scan traffic would not have been allowed between the zones.

Log Forwarding To Linux

FLO — Mon, 02 Jan 2023 19:25:29 +0000

In this video:
- Configure Syslog Monitoring via Palo Alto Firewall
Syslog is a standard log transport mechanism that enables the aggregation of log data from different network devices - such as routers, firewalls, printers - from different vendors into a central repository for archiving, analysis, and reporting.
Palo Alto Firewalls can forward every type of log they generate to an external Syslog server. Using TCP or SSL for reliable and secure log forwarding, or UDP for non-secure forwarding.

- Verify Syslog Forwarding
able to connect to the DMZ server and verify that the syslogs are being forwarded. Using Xfce Terminal, I was able to ping the DMZ server address by typing ping -c4 192.168.50.10.
Also using tail -f /var/log/messages can connect the current file for any changes that are occurring. Which should show the date, source of the syslog data, and information about the traffic.

Analyzing Firewall Logs

FLO — Mon, 02 Jan 2023 05:25:47 +0000

In this video, I was able to:

- Generate Traffic to the Firewall

using a script on puTTY configuration window, I was able to load and open the traffic-generator and type in sh /tg/malware.sh. Which is able to generate test malware traffic to the Firewall so that you're able to see the malware traffic in the Firewall.

- Review Traffic in the Firewall Log
noticing the traffic from the firewall by clicking on monitor. You are able to notice the traffic under the Application column and see the traffic that is categorized as web-browsing. Also you can review the Detailed Log View window to see the source, destination.

Network Traffic Analysis

FLO — Sat, 31 Dec 2022 05:30:42 +0000

In this lab, I:
• Configured log forwarding on the firewall appliance
• Generate traffic
able to prepopulate the Firewall with log entries and usernames that can be observable and investigated.
using an Xfce terminal, able to capture traffic packets to the Palo Alto Networks Firewall using sh /tg/traffic.sh.
Pushing malware packet captures to the Firewall using sh /tg/malware.sh.
• Test log forwarding
The firewall's log forwarding profile will also forward the log traffic to the DMZ server's syslog server for permanent storage and for further analysis to possibly include machine learning analysis (MLA).
• Export the firewall appliances' traffic log as a csv file
able to forward my firewall's threat log to my DMZ server running syslog. Syslog is a standard log transport mechanism that enables the aggregation of log data from different network devices - such as routers, firewalls, printers- from different vendors into a central repository for archiving, analysis, and reporting.

• Perform data analysis on the exported traffic csv file

Spotify-clone

FLO — Sat, 03 Sep 2022 04:57:55 +0000

It has been a while since I have blogged but I have been busy working on myself and more clone apps to build.

Loving React and JavaScript and thought to clone Spotify app. We all know and love Spotify. I love building apps that I love.

This was extremely fun to create. I was high-key stressed but I believe once you are consistent in everything you do, you can achieve just about anything you desire.

I finally completed my Spotify-clone app using React JS, NextJs, HTML, CSS, JavaScript, hosted on Firebase.

Importing...

FLO — Wed, 22 Jun 2022 12:32:32 +0000

One of my favorite things to learn on React is importing. What is importing? Let me explain to you in simple terms.

You may create a page and render it but if it is not imported, then your computer wouldn't know what you are trying to say.

Let's say I have an App.js as my main page. But I also created another component called NavTitle.js. If I want to add all my work from NavTitle.js to App.js, then I must import.
Next, you are going to add where in the file NavTitle.js is located.
Example: import { NavTitle } from './NavTitle.js';

__Think of import as someone who is the life of the party that you just have to bring with you everywhere. _
_

Destructuring Assignment

FLO — Fri, 13 May 2022 12:40:54 +0000

Completed my Destructuring assignment. I really enjoyed this lab because it was an easier way to pull out objects and my codes are a bit clearer. Below, I used different variables for this assignment, objects, arrays, and strings. It's an easy way to pick and choose the pieces of data I'd like to assign.
JavaScript is a challenge but once you start noticing patterns, you start getting the hang of it.

Coding World

FLO — Fri, 13 May 2022 12:36:30 +0000

This was really great to create. I created a Tasklister Mini-Project for my cat LuLu. Haha! I built a function to-do list application that uses JavaScript to manipulate the DOM. I also used the Event.preventDefault() method to suppress the default actions.