How to Create Data Center Best Practice Security Profiles
Table of Contents
10.2
Expand all | Collapse all
-
- What Is a Data Center Best Practice Security Policy?
- Why Do I Need a Data Center Best Practice Security Policy?
- Data Center Best Practice Methodology
- How Do I Deploy a Data Center Best Practice Security Policy?
- How to Assess Your Data Center
-
- Create the Data Center Best Practice Antivirus Profile
- Create the Data Center Best Practice Anti-Spyware Profile
- Create the Data Center Best Practice Vulnerability Protection Profile
- Create the Data Center Best Practice File Blocking Profile
- Create the Data Center Best Practice WildFire Analysis Profile
- Use Cortex XDR Agent to Protect Data Center Endpoints
- Create Data Center Traffic Block Rules
- Order the Data Center Security Policy Rulebase
- Maintain the Data Center Best Practice Rulebase
- Use Palo Alto Networks Assessment and Review Tools
How to Create Data Center Best Practice Security Profiles
Use Security Profiles to protect against vulnerabilities,
spyware, viruses, bad file types, and unknown threats.
Security profiles provide fundamental
protections by scanning traffic that you allow on the network for threats. Security
profiles provide a full suite of coordinated threat prevention tools that block
peer-to-peer command and control (C2) application traffic, dangerous file types,
attempts to exploit vulnerabilities, and antivirus signatures, and also identify new and
unknown malware.
It takes relatively little effort to apply security profiles
because Palo Alto Networks provides predefined profiles that you
can simply add to security policy allow rules. Customizing security
profiles is easy because you can clone a predefined profile and
then edit it. Of course, you can also create a security profile from
scratch on the firewall or on Panorama.
To detect known and unknown threats in your network traffic,
attach security profiles to all security policy rules that allow
traffic on the network, so that the firewall inspects all allowed
traffic. The firewall applies security profiles to traffic that
matches the security policy allow rule, scans traffic in accordance with
the security profile settings, and then takes appropriate actions
to protect the network. The recommendations for best practice security
profiles apply to all four of the data center traffic flows except
as noted.
Download content updates automatically
and install them as soon as possible so that you have the latest
threat prevention signatures and content (antivirus, anti-spyware,
vulnerabilities, malware, etc.) on the firewall and block the latest
threats.
- Create the Data Center Best Practice Antivirus Profile
- Create the Data Center Best Practice Anti-Spyware Profile
- Create the Data Center Best Practice Vulnerability Protection Profile
- Create the Data Center Best Practice File Blocking Profile
- Create the Data Center Best Practice WildFire Analysis Profile
Create one or more Security profile groups so that you can
apply all of the profiles to a Security policy rule at one time instead of
specifying them individually.
You don’t need a URL Filtering subscription for data center
firewalls if there is no direct outbound connection to the internet.
Firewalls that don’t connect directly to the internet don’t need
the PAN-DB URL Filtering solution because it identifies internet
URLs, not private data center URLs, so importing the PAN-DB database
and checking URLs against it doesn’t apply to data center traffic.
If you’re not sure whether a firewall has URL traffic, get a trial
URL Filtering subscription and set the profile to alert on all URL
categories to identify any URL traffic. Otherwise, URL Filtering
should take place on firewalls at the network perimeter where user
traffic enters and exits the network, not at the data center perimeter.
Consider creating custom URL categories (ObjectsCustom ObjectsURL Category)
to identify and control access to internal data center web services.