Securing Endpoints Using Vulnerability Profiles

In this lab, I was able to secure an endpoint by blocking a PDF file with a Custom Vulnerability Object and Vulnerability Protection Profile. Palo Alto Networks Firewalls support the use
of Custom Vulnerability Signatures that can be written with expression patterns to identify vulnerability exploits. Vulnerability Protection Profiles will stop any attempt to
exploit system flaws so that unauthorized access cannot be gained to a targeted system.


In this video:
• Install the latest Dynamic Updates of Antivirus
Dynamic Updates ensure policy enforcement on a Palo Alto Networks Firewall of new threat signatures and applications.
• Install Manual Update of Applications and Threats
There are times when the Firewall may not have Internet access to perform a Dynamic Update. Applications and Threats will be updated via file that has been downloaded from the Palo Alto Networks Customer Support Portal.
• Create a Custom Vulnerability Signature
Palo Alto Network Firewalls use Custom Vulnerability Signature to identify vulnerability exploits by writing a custom regular expression. The Firewall then looks for the custom-defined pattern within the network traffic and takes the necessary action to identify and stop the vulnerability exploit.
• Clone a Vulnerability Protection Profile
Creating a customized profile, I'm able to maximize vulnerability-checking for traffic between trusted security zones, and maximize protection for traffic received from untrusted zones, such as the Internet. The strict profile shows the block response to all client and server critical, high, and medium severity events and uses the Default Action for low and informational vulnerability protection events.
• Apply Custom Vulnerability Protection Profile to a Security Policy
Using Allow-Any security policy for enforcement on Custom Vulnerability Protection Profile and PDF Vulnerability Protection.
• Commit and Test Vulnerability Protection
Attempting to download an infected PDF file and test the Vulnerability Protection. Next, verify in the Threat Logs of the Palo Alto Networks Firewall.
*** The site can't be reached because the connection was reset by the Firewall to stop the exploit.***