topic Re: what OS is PA built on in General Topics

what OS is PA built on

jdprovine — Thu, 10 Aug 2017 21:05:15 GMT

Does security management require alot of linux, unix and ubuntu knowledge and software?s

Re: what OS is PA built on

OtakarKlier — Thu, 10 Aug 2017 22:17:36 GMT

PANOS is built upon Fedora Linux.

Re: what OS is PA built on

reaper — Fri, 11 Aug 2017 07:59:39 GMT

PAN-OS runs on redhat 🙂

for the PAN-OS perspective you don't need to worry about linux knowledge as the underlying OS is not exposed to the user.

In a broader sense, as a security manager it's probably good to get acquainted with linux a bit so you get a sense what kind of environment you're dealing with and to keep tabs on your admins (are they running everything in root, are they sandboxing processes, are they keeping services patched,...)

ubuntu is a good candidate to play with as it's very user friendly and has plenty of online resources 🙂

Re: what OS is PA built on

jdprovine — Fri, 11 Aug 2017 12:57:17 GMT

@reaper

So are you a security manager reaper? Do you find everything regarding security done with linux, unix and ubuntu or is there a wider variety of choices? I am not a security manager just a systems engineer. I have learned linux, I am not an expert but I have built and configured some.

Re: what OS is PA built on

reaper — Fri, 11 Aug 2017 13:13:53 GMT

In my previous job I was everything combined 😉 (they only had one guy to do everything security and networking related)

some basic linux skills and understanding initially helped me better understand what the database guys were doing and helped me convince them they were doing it wrong 😉 later on it helped me better implement a couple of bastion servers (a couple of bind DNS boxes we needed as external DNS to our company)

maybe if your team is larger and you can delegate to a teamlead there's really no need for much linux knowledge but it's not a bad skill to posess, keeps people on their toes if you can drop a 'so did you CHROOT that bind9 you just deployed?' 😉

Re: what OS is PA built on

jdprovine — Fri, 11 Aug 2017 13:21:16 GMT

@reaper

But really using linux for security is a preference not a necessity to do security. We are not a large team and they just formed a new security group of 2 based on the fact that linux experience made one guy more qualified to be in security.

We also use bind for DNS but I am not sure how we got on this subject LOL and it has be in place for over 4 years.

Re: what OS is PA built on

OtakarKlier — Fri, 11 Aug 2017 13:29:16 GMT

I have to agree with Reaper that Linux/Unix is the base for a majority of the security products out there. Some I have seen as just software installed onto an OS of your choice. Very few have custom sourced base code.

I think the reasoning is that you can really strip down linux to only the little pieces you want and its not licensed so there is no worry of that added cost of support (can be added) or developing base code.

However just because someone knows Linux, doesnt make them more qualified. I think its more of a mindset as I have seen some windows systems so locked down that it was very secure. Also most vendors put their own spin onto the GUI so you cant even get into the base shell to run the basic commands.

Re: what OS is PA built on

jdprovine — Fri, 11 Aug 2017 13:42:19 GMT

@OtakarKlier

@reaper

I agree and that was my thought as well, that linux knowledge does not make you more qualified to be a security person because the products may be based on linux but that does not mean that they allow or require you to know linux to use them and most are not set up to modify them, they are a ready made package deal

Re: what OS is PA built on

BPry — Fri, 11 Aug 2017 13:51:12 GMT

@jdprovine,

Depending on how in depth you're getting with security and certain aspects of analysis on different Malware/Spyware sample or stuff like that I almost really would call Linux a necessity. Not only because of the tools available, but because of the threat of doing some of that on a Windows box would actually be.

You can do everything you would need to on a Windows box, but the time that it would take to do so would be inefficient and someone doing the same alaysis on a Linux box would be more efficient.

Re: what OS is PA built on

jdprovine — Fri, 11 Aug 2017 13:53:38 GMT

@BPry

Interesting viewpoint bpry thanks for sharing. Can you give some examples of the linux tools that you use?

Re: what OS is PA built on

OtakarKlier — Fri, 11 Aug 2017 13:55:41 GMT

www.kali.org

securityonion.net

They are two good ones to take a peak at.

Re: what OS is PA built on

BPry — Fri, 11 Aug 2017 14:14:00 GMT

@jdprovine,

If your just getting started I would really recommend spinning up a REMnux and Cuckoo and giving them a go. They're pretty well documented, likely the best documented outside of the entire Kali distro. REMnux is it's own distro so it can be installed directly from it's OVA and Cuckoo last I checked still needed to be actually installed on an exsiting Linux install, they may have released it as it's own distro by now though I'm not sure.

Once you get involved in it and start working on forums you'll here other tools mentioned that you can look into; but I would recommend running with those two to start.

Re: what OS is PA built on

reaper — Fri, 11 Aug 2017 17:41:33 GMT

I feel the underlying question is a bit loaded
A good working knowledge of Linux is certainly an asset in the role of a security manager, but so is windows and a host of other operating systems and even types of deployments and software packages
The more knowledge at a top level (mile wide, inch deep), the stronger the security manager, But I wouldn't say exclusive deep knowledge in Linux makes you a qualified security person

Re: what OS is PA built on

jdprovine — Mon, 14 Aug 2017 12:55:52 GMT

@reaper

I was approaching a situation where the justification for creating a security position for an individual was justified by tgat person(not me) that the linux experience qualifies them above other for the position to which I disagreed. I believe the same way that you do that a wide variety of experiences make a good security person.

So what type of access does a security person usually have? Access to manage anything or limited access?

Re: what OS is PA built on

reaper — Mon, 14 Aug 2017 13:21:24 GMT

I guess it will depend a bit on the size of the team and the actual background of the manager.

Typically they would probably rely on reporting tools (reporting from the PANW itself and reporting tools like splunk/crystalreports/siem/...) to gain insight in the actual security situation rather than raw access to appliances or servers, that's the task of the admins.

A good (basic) working knowledge helps in assessing what needs to be done and how to hold the admins accountable to do their jobs properly, deeper knowledge improves that accountability but would still not really be part of the manager's job unless the team is so small the manager is also the admin and just needs to swap hats

A manager needs to be able to understand the environment and outline best practices based on a deep understanding of how security works, cysber kill chain etc.

an anecdote: in my previous company our database guy was an absolute linux guru but had no clue about 'security' as it only impeded on his core business of making the databases run smoothly

Re: what OS is PA built on

jdprovine — Mon, 14 Aug 2017 13:31:35 GMT

@reaper

The size of the team is two and they were taking from the systems administration group and still have full access to everything on the network. But in previous the security people as you said relied on reporting tools and woked with the admins to correct the security issues they did not have the access to make changes on the systems.

I have been the primary person dealing with the security related to the Palo alto

I like your anecdote it certainly makes a point in my question concerning linux and security.

I do think that it is interesting that the PA is based on a version of linux and most of the time whe TAC remotes in they prefer the CLI to the GUI interface for troubleshooting