https://live.paloaltonetworks.com/t5/advanced-threat-prevention/block-high-risk-tlds/m-p/461739#M1471 <P>Thanks for the responses all.&nbsp;</P><P>&nbsp;</P><P>I still believe PAN-OS should support blocking specific TLDs in a simple way; this seems like a fool proof way to greatly reduce the attack surface since we never need to visit sites using these TLDs for legitimate reasons.</P> Fri, 28 Jan 2022 10:20:20 GMT Josh990 2022-01-28T10:20:20Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/block-high-risk-tlds/m-p/452397#M1407 <P>Hi All,</P><P>&nbsp;</P><P>I want to start blocking 'high risk' top level domains within PAN-OS. Has anyone else done this successfully?&nbsp;</P><P>&nbsp;</P><P>I presume the following should work based on PAN-OS RegEX:</P><P>&nbsp;</P><P>URL Category:</P><P>&nbsp;</P><P>*.eg/</P><P>*.ex/</P><P>etc....</P><P>&nbsp;</P><P>Set&nbsp;URL Category to 'Block' within existing URL Filtering Profile.</P><P>&nbsp;</P><P>Cheers</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 09 Dec 2021 18:14:37 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/block-high-risk-tlds/m-p/452397#M1407 Josh990 2021-12-09T18:14:37Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/block-high-risk-tlds/m-p/452600#M1409 <P>Hello,</P> <P>I would say utilize the dynamic features of the PAN to do this for you instead of utilizing specific lists. Enable all, AntiVirus, Anti-Spyware with DNS sinkhole, Vulnerability protection, URL filtering, and wildfire. Then use a secure DNS provider, either palo alto's or someone elses, and block all others. I made a video for a conference regarding secure DNS that is worth the 12 minutes.</P> <P><A href="https://youtu.be/ROIAYSEbTuo" target="_blank">https://youtu.be/ROIAYSEbTuo</A></P> <P>&nbsp;</P> <P>Its all about defense in depth and machine learning, rather than static lists.</P> <P>&nbsp;</P> <P>Hope this helps.</P> <P>&nbsp;</P> Fri, 10 Dec 2021 21:30:09 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/block-high-risk-tlds/m-p/452600#M1409 OtakarKlier 2021-12-10T21:30:09Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/block-high-risk-tlds/m-p/452943#M1416 <P>You can dig more from Unit42 post:&nbsp;<A href="https://unit42.paloaltonetworks.com/top-level-domains-cybercrime/" target="_blank">https://unit42.paloaltonetworks.com/top-level-domains-cybercrime/</A>&nbsp;<BR />Also, from&nbsp;<A href="https://www.spamhaus.org/statistics/tlds/" target="_blank">https://www.spamhaus.org/statistics/tlds/</A></P> <P>If you want to do it at larger scale, EDL can be a better choice than static entries.</P> Mon, 13 Dec 2021 21:07:13 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/block-high-risk-tlds/m-p/452943#M1416 aobszynski 2021-12-13T21:07:13Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/block-high-risk-tlds/m-p/461739#M1471 <P>Thanks for the responses all.&nbsp;</P><P>&nbsp;</P><P>I still believe PAN-OS should support blocking specific TLDs in a simple way; this seems like a fool proof way to greatly reduce the attack surface since we never need to visit sites using these TLDs for legitimate reasons.</P> Fri, 28 Jan 2022 10:20:20 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/block-high-risk-tlds/m-p/461739#M1471 Josh990 2022-01-28T10:20:20Z