Nama : Hillario Zidan

NIM : 00000050745
Judul : UTS Onsite Elearning IF-673

1. Command and control steps

Command and control is the exercise of authority and direction by a duly appointed
commander over assigned and subordinate forces in the accomplishment of a mission.
The command and control function is performed by a set a personnel, equipment,
communications, facilities, and procedures used by the commander to plan, direct,
coordinate, and control forces and activities within framework of carrying out the attack

This cyber attack is created. Between the two infected endpoint and the C&C server,
which is the main server designed to listen to each compromised endpoint and respond
with appropriate attack commands. The terms “bot” and “botnet” are commonly used to
describe an infected endpoint and a set of infected endpoints that are simultaneously
controlled by a C&C server. C&C traffic must be performed in stealth mode. The server
will have full control over each logged in user and can retrieve or even destroy any other
user data

Defense:
C&C operations are often quick and rare, and can be as simple as running a very simple
script or running out of time. C&C is generally the most advanced stage of an attack.
Therefore, the most sophisticated strategy is needed to deafet the attacker during the
C&C phase

2. Metode dan Konfigurasi:

• . Mode Virtual Wire:

1) Penjelasan:
Dalam mode Virtual Wire, firewall berfungsi sebagai jembatan Layer 2,
memungkinkan lalu lintas melewati tanpa routing. Mode ini ideal untuk lingkungan
dengan antarmuka fisik terbatas.

2) Konfigurasi:
a) Hubungkan firewall ke switch Layer 3 menggunakan dua antarmuka (satu
untuk masuk dan satu untuk keluar).
b) Konfigurasikan antarmuka ini sebagai pasangan kawat virtual.
c) Berikan alamat IP ke pasangan kawat virtual (opsional untuk tujuan manajemen).
d) Tentukan kebijakan keamanan untuk memantau dan mengontrol lalu lintas yang
melewati kawat virtual.
 • . Layer 2 mode with VLAN tagging:
1) Explanation:
In layer 2 mode, the firewall operates at layer 2, allowing it to handle VLAN tagged
traffic. This allows the
firewall to separate traffic based on VLAN ID.
2) Configuration:
a) Connect the firewall to the layer 3 switch.
b) Configure the firewall interface in layer 2 mode.
c) Use VLAN tagging to differentiate traffic from different security zones
.
d) Define security policies based on VLAN tagging.

• . Use virtual router:

1) Explanation:
Virtual router allows you to manage multiple IP subnets through
firewalls. This is useful when dealing with security zones that use
different IP ranges.
2) Configuration:
a) Configure virtual router on Palo Alto firewall.
b) Assign interfaces and IP addresses to each virtual router.
c) Define specific policies and routes for each virtual router.

• . Security policy configuration:

1) Explanation:
Regardless of mode or configuration, it is essential to set the appropriate security policy
to control traffic between
security zones.
2) Configuration:
a) Create a security policy to allow or deny traffic between
different zones.
b) Identify source and destination zones, as well as
authorized services and applications.

3. The security configuration in the

Palo Alto Networks next generation firewall includes a set of security measures applied
totraffic across the network to identify and resolve potential threats . These profiles
work in concert with security policies, providing strong protection against a variety of
cyber risks. Palo Alto Networks' next-generation firewall offers several types of
security configurations, including anti-virus, anti-spyware, vulnerability protection,
WildFire scanning, URL filtering, and file blocking. Each serves a different purpose,
such as blocking known malware, protecting from spyware, blocking exploit attempts,
and exposing unknown files for analysis more. Integrating security profiles with's
security policies brings depth to's threat detection, content and behavior inspection to
 prevent a range of potential risks. Additionally, as these profiles continuously evolve,
leverages updated threat intelligence to maintain defenses against emerging and
changing threats, even those threats related to zeroday vulnerabilities. This
comprehensive approach improves visibility, enables granular control of network
traffic, and establishes layered protection against multiple attack vectors. Additionally,
security profiles play an important role in regulatory compliance, helping to comply
with industry-specific data and privacy regulations. Overall, Security Profiles, when
used in conjunction with Security Policy, form a comprehensive security framework
that provides effective protection against a wide range of cyber risks.

4. Application Identification (APP-ID) is a key feature of the Palo Alto Networks Next
Generation Firewall (NGFW) that goes beyond conventional port-based filtering. The
goal of is to accurately identify and manage applications on the network. provides a
more sophisticated and effective approach to traffic control.

APP-ID in Palo Alto Networks NGFW uses various techniques to identify applications.
First, it leverages an extensive and continuously updated database of 4,444 application
signatures. These signatures serve as unique identifiers for specific applications,
allowing the firewall to accurately identify and classify them. Additionally, the APP-ID
goes beyond the usual port number, inspecting the entire contents of the packet. This
involved analyzing content to identify 4,444 apps based on typical patterns or behavior.
This approach also includes behavioral analytics, where traffic behavior is analyzed
over time, providing further insight into the applications used. Additionally, in
scenarios where encryption is used, such as HTTPS, APP-ID can decrypt SSL traffic,
examining its content to accurately identify the application.

The benefits of APP-ID in Palo Alto Networks' NGFW are significant. Operating at the
application layer of the OSI model, APP-ID provides accurate identification of
applications regardless of the port or protocol used. This provides more precise and
efficient network control. Unlike port-based firewalls, APP-ID is adept at handling
evasion techniques that applications may use to bypass conventional port-based
filtering. Additionally, it can decrypt and inspect SSL encrypted traffic to identify
applications, ensuring full visibility. By focusing on applications, APP-ID reduces the
attack surface, allowing only essential applications while blocking or restricting others.
This approach improves security by minimizing potential vulnerabilities. The policy
granularity provided by APP-ID allows administrators to create very granular rules
based on specific applications, providing greater control over what is allowed or denied
Online. Finally, the detailed visibility into application usage provided by APP-ID
allows administrators to monitor which applications are used and by whom, an
important aspect for security, compliance and resource optimization.

When compared, APP-ID outperforms the Intrusion Prevention System (IPS)

in several key areas. While IPS specifically targets known attack signatures, APP-ID is
specific to identification and control applications. This allows APP-ID to provide a
more comprehensive view of operations network. Additionally, APP-ID takes context
into account when making application-level decisions. Considering factors such as user,
device, and location improves security by allowing more granular policy enforcement.
Additionally, APP-ID tends to produce fewer false positives than IPS. This is due to its
special design to identify applications, reducing the possibility of falsely reporting
legitimate traffic. Finally, while IPS is essential for identifying and preventing certain
attacks, APP-ID provides broader control by allowing or blocking all applications, not
just specific attack vectors.