Able to utilize Zone Protection profiles to provide additional protection for specific network zones to protect the zones from attack. Able to use Nmap on the client machine to perform reconnaissance attack. This will test the Zone Protection profiles of the Palo Alto Networks Firewalls.
• Create a Zone Protection Profile
Zone Protection Profiles supplement additional protection between determined zones to protect the zones against attacks.
• Apply the Zone Protection Profile to Zones and Commit
Using the Zone Protection Profile created to the inside, outside, and DMZ security zones. This helps control against network floods, reconnaissance, and other packet-based related attacks. Then commit changes into the Firewall.
• Perform a Reconnaissance Attack on the DMZ Server
Using Nmap to perform reconnaissance attack on the DMZ server. Nmap is used to scan networks as a host detection tool for penetration testing and to visualize network vulnerabilities.
• Monitor and Analyze the Threat Logs
able to analyze and monitor the Threat logs in the Palo Alto Networks Firewall.
After an admin analyzes the logs present on the Firewall from
the Nmap scan, the port scan activity is visible. If this had
been a malicious hacker scanning the network, the threat logs would have alerted the admin.
For this lab, the security policy is set to allow all traffic. That security policy setting most likely would not be utilized in a production environment. If the security policy would have been set to deny traffic, an alert would have been triggered by the Nmap scan but the scan traffic would not have been allowed between the zones.
Top comments (0)