Week 5: Domain 4 Securing Trafficp.133-163AntivirusAvs protect against viruses, worms, and trojans w/ spyware downloadsPalo Alto uses stream-based malware prevention. Engine–inspects traffic the moment the firstpacket is received to provide protection forclient’sw/o significantly impacting performance ofthe firewall.•Default profile inspects listed protocol decoders for viruses and generate alerts forSMTP, IMAP, and PoP3 protocols while blocking FTP, HTTP, and SMB protocols.Wildfire: provides signatures for persistent Threats that are evasive andhaven’tbeendiscovered by other Avs.•Once discovered integrates them into normal AV signatures.oAdmin can download these signatures: sub-hourly.Anti-Spyware•Block SW on compromised hosts from communicating to C2 servers.Vulnerability Protection•Stop attempts to exploit system flaws/gain unauth access to systems.•Anti-SW sec profiles identify infected hosts when traffic leaves net•Vulnerability Protection Sec profiles protect against threats entering net.oBuffer overflows, illegal code exe, etc.URL Filtering•Profile determining web access/credential-submission permissions for URL cats.•Default set to allow.•Default set to no logging•Default allows access to all URL cats except threat prone categories:oAbused-drugs, adult, gambling, hacking, malware phishing, questionable,weapons.•User Cred Submission: allow or disallow users to submit valid corporate creds to URLcategories.oprevents credential phishing.
