https://live.paloaltonetworks.com/t5/general-topics/controlling-byod-as-well-as-scanning-app-store-traffic/m-p/9599#M7033 <HTML><HEAD></HEAD><BODY><P class="MsoNormal"><SPAN style="font-size: 10pt; line-height: 115%; font-family: Arial, sans-serif; background-image: initial; background-attachment: initial; background-origin: initial; background-clip: initial; background-position: initial initial; background-repeat: initial initial; ">I did some checking on Applipedia/ Threat Vault and did not find for example the recent Apple IOS virus in the database – Did a search for Apple, IOS, mac, flashback etc. So it is my understanding that currently Threat Vault does not include virus signatures for Android and Apple IOS at present. Is this correct? I did see some vulnerabilities signatures for these platforms which is nice.</SPAN></P><P class="MsoNormal"><SPAN style="font-size: 10pt; line-height: 115%; font-family: Arial, sans-serif; background-image: initial; background-attachment: initial; background-origin: initial; background-clip: initial; background-position: initial initial; background-repeat: initial initial; "><BR /></SPAN></P><P class="MsoNormal"><SPAN style="font-size: 10pt; line-height: 115%; font-family: Arial, sans-serif; background-image: initial; background-attachment: initial; background-origin: initial; background-clip: initial; background-position: initial initial; background-repeat: initial initial; ">Reason why this is so important is that the App stores are currently a massive haven for all kinds of security vulnerabilities/virusses etc. It would be great to be able to scan traffic to and fro for these stores for mobile platform viruses and threats.</SPAN></P></BODY></HTML> Wed, 23 May 2012 08:09:56 GMT Quinton 2012-05-23T08:09:56Z https://live.paloaltonetworks.com/t5/general-topics/controlling-byod-as-well-as-scanning-app-store-traffic/m-p/9595#M7029 <HTML><HEAD></HEAD><BODY><P>Hi</P><P></P><P>I've got an interesting question regarding mobile devices based on iOS or Android (maybe also Symbian and/or Blackberry OS to a much lesser extent). I searched the forums but haven't found anything posted that ask the the following questions:</P><P></P><P>1) How does an administrator ensure that apps downloaded via the app stores (i.e iStore or Adroid market place) are not infected with virusses etc. If they are, block them as per usual. Does Palo's threat protection database include Android and/or iPhone virus signatures?</P><P></P><P>2) Continuing from question 1, how does one do this if the connection to the app store(s) is SSL based. Will Palo's SSL decryption work in this case?</P><P></P><P>Thanks</P></BODY></HTML> Thu, 03 May 2012 16:31:36 GMT https://live.paloaltonetworks.com/t5/general-topics/controlling-byod-as-well-as-scanning-app-store-traffic/m-p/9595#M7029 Quinton 2012-05-03T16:31:36Z https://live.paloaltonetworks.com/t5/general-topics/controlling-byod-as-well-as-scanning-app-store-traffic/m-p/9596#M7030 <HTML><HEAD></HEAD><BODY><P>1) I hope someone from PAN can answer this.</P><P></P><P>In short you cant assure that apps downloaded from market(s) is virusfree (except for a regular signaturebased scan similar to the one in PA or a standalone desktop virusscanner).</P><P></P><P>You would need to create your own market, block all other markets (within the settings of each mobile device) and then manually approve each application (before it shows up in your market) by examine the sourcecodes or such. In Android you can customize this to include signed applications so that only apps from your own market will be able to be installed on your devices (because a user can otherwise mail the apk file to itself and install it that way).</P><P></P><P>When it comes to privacy issues PDroid seems like a good option - this way you as the owner of the device will decide which data will be available to each application (not uncommon these days that applications requests more permissions than really needed).</P><P></P><P><BR />2) Create a custom CA (and import its private stuff into your PA) and install the CA cert as trusted in your mobile device in order for ssl-termination to work.</P><P></P><P>However some services, such as windowsupdate among others, use their own certstore which means that they will refuse to function if the ssl isnt as expected. PA have a list of which these services are.</P></BODY></HTML> Fri, 04 May 2012 06:35:23 GMT https://live.paloaltonetworks.com/t5/general-topics/controlling-byod-as-well-as-scanning-app-store-traffic/m-p/9596#M7030 mikand 2012-05-04T06:35:23Z https://live.paloaltonetworks.com/t5/general-topics/controlling-byod-as-well-as-scanning-app-store-traffic/m-p/9597#M7031 <HTML><HEAD></HEAD><BODY><P>I was thinking about this last night. How about "force" all BYOD's to use HTTP when connecting to their respective market places. For example, setup firewall rules to block connections to the market place if it is on port 443. This would cause the BYOD's to fall back to HTTP connections.This way you could monitor/scan and log user traffic. Identifying will be done via captive portal since these devices do not log onto a domain. Will this work?</P><P></P><P>Slightly off topic, but can you set the PA to block connections if it SSL. Reason why I'm asking is the following - just in case the BYOD's try and SSL over port 80.</P><P></P><P>So idea is the following - Instead of trying to decrypt the SSL connection between the respective market place and the BYOD, just force it to use an unencrypted connection to allow scanning/monitoring/logging.</P><P></P><P>Then of course confirmation if PA's TP does contain Android and Apple virus signatures would be great.</P></BODY></HTML> Fri, 04 May 2012 08:04:06 GMT https://live.paloaltonetworks.com/t5/general-topics/controlling-byod-as-well-as-scanning-app-store-traffic/m-p/9597#M7031 Quinton 2012-05-04T08:04:06Z https://live.paloaltonetworks.com/t5/general-topics/controlling-byod-as-well-as-scanning-app-store-traffic/m-p/9598#M7032 <HTML><HEAD></HEAD><BODY><P>Hi Quinton,</P><P></P><P>App-ID will see all applications regardless of their port.</P><P>In order to see our threat coverage, you can go to the Threat Vault in this support site and search on Android, iOS and similar.</P><P></P><P>Thanks</P><P>James</P></BODY></HTML> Fri, 04 May 2012 08:37:20 GMT https://live.paloaltonetworks.com/t5/general-topics/controlling-byod-as-well-as-scanning-app-store-traffic/m-p/9598#M7032 James 2012-05-04T08:37:20Z https://live.paloaltonetworks.com/t5/general-topics/controlling-byod-as-well-as-scanning-app-store-traffic/m-p/9599#M7033 <HTML><HEAD></HEAD><BODY><P class="MsoNormal"><SPAN style="font-size: 10pt; line-height: 115%; font-family: Arial, sans-serif; background-image: initial; background-attachment: initial; background-origin: initial; background-clip: initial; background-position: initial initial; background-repeat: initial initial; ">I did some checking on Applipedia/ Threat Vault and did not find for example the recent Apple IOS virus in the database – Did a search for Apple, IOS, mac, flashback etc. So it is my understanding that currently Threat Vault does not include virus signatures for Android and Apple IOS at present. Is this correct? I did see some vulnerabilities signatures for these platforms which is nice.</SPAN></P><P class="MsoNormal"><SPAN style="font-size: 10pt; line-height: 115%; font-family: Arial, sans-serif; background-image: initial; background-attachment: initial; background-origin: initial; background-clip: initial; background-position: initial initial; background-repeat: initial initial; "><BR /></SPAN></P><P class="MsoNormal"><SPAN style="font-size: 10pt; line-height: 115%; font-family: Arial, sans-serif; background-image: initial; background-attachment: initial; background-origin: initial; background-clip: initial; background-position: initial initial; background-repeat: initial initial; ">Reason why this is so important is that the App stores are currently a massive haven for all kinds of security vulnerabilities/virusses etc. It would be great to be able to scan traffic to and fro for these stores for mobile platform viruses and threats.</SPAN></P></BODY></HTML> Wed, 23 May 2012 08:09:56 GMT https://live.paloaltonetworks.com/t5/general-topics/controlling-byod-as-well-as-scanning-app-store-traffic/m-p/9599#M7033 Quinton 2012-05-23T08:09:56Z