Professional Documents
Culture Documents
Hillario Zidan - 00000050745 - IF673 - A - UTS
Hillario Zidan - 00000050745 - IF673 - A - UTS
NIM : 00000050745
Judul : UTS Onsite Elearning IF-673
This cyber attack is created. Between the two infected endpoint and the C&C server,
which is the main server designed to listen to each compromised endpoint and respond
with appropriate attack commands. The terms “bot” and “botnet” are commonly used to
describe an infected endpoint and a set of infected endpoints that are simultaneously
controlled by a C&C server. C&C traffic must be performed in stealth mode. The server
will have full control over each logged in user and can retrieve or even destroy any other
user data
Defense:
C&C operations are often quick and rare, and can be as simple as running a very simple
script or running out of time. C&C is generally the most advanced stage of an attack.
Therefore, the most sophisticated strategy is needed to deafet the attacker during the
C&C phase
2) Konfigurasi:
a) Hubungkan firewall ke switch Layer 3 menggunakan dua antarmuka (satu
untuk masuk dan satu untuk keluar).
b) Konfigurasikan antarmuka ini sebagai pasangan kawat virtual.
c) Berikan alamat IP ke pasangan kawat virtual (opsional untuk tujuan manajemen).
d) Tentukan kebijakan keamanan untuk memantau dan mengontrol lalu lintas yang
melewati kawat virtual.
• . Layer 2 mode with VLAN tagging:
1) Explanation:
In layer 2 mode, the firewall operates at layer 2, allowing it to handle VLAN tagged
traffic. This allows the
firewall to separate traffic based on VLAN ID.
2) Configuration:
a) Connect the firewall to the layer 3 switch.
b) Configure the firewall interface in layer 2 mode.
c) Use VLAN tagging to differentiate traffic from different security zones
.
d) Define security policies based on VLAN tagging.
4. Application Identification (APP-ID) is a key feature of the Palo Alto Networks Next
Generation Firewall (NGFW) that goes beyond conventional port-based filtering. The
goal of is to accurately identify and manage applications on the network. provides a
more sophisticated and effective approach to traffic control.
APP-ID in Palo Alto Networks NGFW uses various techniques to identify applications.
First, it leverages an extensive and continuously updated database of 4,444 application
signatures. These signatures serve as unique identifiers for specific applications,
allowing the firewall to accurately identify and classify them. Additionally, the APP-ID
goes beyond the usual port number, inspecting the entire contents of the packet. This
involved analyzing content to identify 4,444 apps based on typical patterns or behavior.
This approach also includes behavioral analytics, where traffic behavior is analyzed
over time, providing further insight into the applications used. Additionally, in
scenarios where encryption is used, such as HTTPS, APP-ID can decrypt SSL traffic,
examining its content to accurately identify the application.
The benefits of APP-ID in Palo Alto Networks' NGFW are significant. Operating at the
application layer of the OSI model, APP-ID provides accurate identification of
applications regardless of the port or protocol used. This provides more precise and
efficient network control. Unlike port-based firewalls, APP-ID is adept at handling
evasion techniques that applications may use to bypass conventional port-based
filtering. Additionally, it can decrypt and inspect SSL encrypted traffic to identify
applications, ensuring full visibility. By focusing on applications, APP-ID reduces the
attack surface, allowing only essential applications while blocking or restricting others.
This approach improves security by minimizing potential vulnerabilities. The policy
granularity provided by APP-ID allows administrators to create very granular rules
based on specific applications, providing greater control over what is allowed or denied
Online. Finally, the detailed visibility into application usage provided by APP-ID
allows administrators to monitor which applications are used and by whom, an
important aspect for security, compliance and resource optimization.