The catalog of threats that IT system administrators have to take into account has changed significantly in recent years. Attack vectors, against which up to a point could be protected using traditional firewall and anti-virus protection of workstations, have undergone a significant transformation. Criminals quite quickly learned to bypass traditional security measures and developed techniques thanks to which the hijacking and surveillance of an IT system often takes place unnoticed. APT (Advanced Persistent Threat) threats have become very real. Known and high-profile attacks of this type are sometimes detected after months, and sometimes years, when criminals have already extracted all the data from the systems.

Defending against this type of threat using traditional tools is little that ineffective, it creates a false sense of security, which allows intruders to conduct their activities with complete freedom. The lack of appropriate alerts from security systems means that everyone seems to be safe and there is no need to look at it closely. Most serious security incidents happen not in security-deficient environments, but in security-defective environments. Often, as part of handling a security incident, new tools are launched that immediately detect a whole range of threats and generate a large number of alerts, while traditional antivirus systems and firewalls present in the network do not see anything.

Continue ...

Systems implemented to protect IT infrastructure, like any other, may be vulnerable to various types of threats. There are many known cases of threats related to, for example, anti-virus software. We can cite here, for example, the recent critical errors of the RCE class (remote code execution) in the Windows Defender service. In 2017 alone, 6 vulnerabilities were identified, estimated at 9.3 on the 10 point CVE scale.

The same is the case with devices such as firewall, UTM, NG firewall. We can quote some of the louder mishaps a hole in the Cisco ASA IPsec service (versions 7.2-9.5). A buffer overflow vulnerability rated at 10 on the CVE scale could lead to remote code execution.

The end of last year is, in turn, an equally critical flaw in Palo Alto Networks products. PAN-OS versions 6.1.18, 7.0.18, 7.1.13, 8.0.5 and earlier turned out to be vulnerable to remote code execution as root without the need for authentication. Two were also identified in 2017 other critical vulnerabilities in PAN-OS systems.

Considering the above information, it is worth taking care of regular updates of your security systems. Below we present a tutorial on how to configure Palo Alto Networks PAN-OS updates.