Deploy Data Center Best Practices
Table of Contents
10.2
Expand all | Collapse all
-
- What Is a Data Center Best Practice Security Policy?
- Why Do I Need a Data Center Best Practice Security Policy?
- Data Center Best Practice Methodology
- How Do I Deploy a Data Center Best Practice Security Policy?
- How to Assess Your Data Center
-
- Create the Data Center Best Practice Antivirus Profile
- Create the Data Center Best Practice Anti-Spyware Profile
- Create the Data Center Best Practice Vulnerability Protection Profile
- Create the Data Center Best Practice File Blocking Profile
- Create the Data Center Best Practice WildFire Analysis Profile
- Use Cortex XDR Agent to Protect Data Center Endpoints
- Create Data Center Traffic Block Rules
- Order the Data Center Security Policy Rulebase
- Maintain the Data Center Best Practice Rulebase
- Use Palo Alto Networks Assessment and Review Tools
Deploy Data Center Best Practices
If you’re already familiar with Palo Alto Networks’ platform,
this checklist streamlines deploying security best practices in
your data center to safeguard your most valuable assets.
Implement data center best practices when
you create Security profiles, Decryption profiles, Security policy
rules, Authentication policy rules, and Decryption policy rules.
For Security, Authentication, and DoS policy rules, configure log forwarding to Panorama
or external services to centralize logs for convenient viewing and analysis,
with notifications.
- Global Data Center Objects, Policies, and Actions—Create custom applications to identify and control proprietary applications with Security policy in the data center, configure strict Security profiles (Antivirus, Anti-Spyware, Vulnerability Protection, File Blocking, and WildFire Analysis), configure strict Decryption profiles and policies, block traffic that you know is malicious or unnecessary, and install Cortex XDR Agent on endpoints to protect them.
- User Data Center Traffic Policies—Configure strict Security policy rules to allow only appropriate access, ensure that users are authenticated, and decrypt the traffic.
- Internet-to-Data-Center Traffic Policies—Prevent risks such as downloading malware from an infected external server, having command-and-control malware placed on data center endpoints, allowing inadvertent access, and DoS attacks intended to disrupt data center availability.
- Data-Center-to-Internet Traffic Policies—Prevent risks such as data exfiltration, command-and-control malware that attempts to reach out to the internet and "call home", and other malware on compromised servers that attempts to download more malware.
- Intra-Data-Center Traffic Policies—Prevent lateral movement of malware, allow only sanctioned applications that are required for business, and decrypt and log the traffic.
- Data Center Security Policy Rulebase Order—The order of rules in the Security policy rulebase is critical because after traffic matches a rule, the firewall executes the rule's action on the traffic and no other action will occur on the traffic, and because of rule shadowing; follow Security Policy Rulebase Best Practices to avoid shadowing and understand how to order the rulebase.