About DNS security
cancel
Showing results for 
Search instead for 
Did you mean: 

About DNS security

Hello Bros,

                I my network and my firewall 3220 setup I have a question regarding the DNS security feature.

If you go through creating an anti-spyware profile, and exactly in the DNS signature what is the difference between DNS signature source "Palo Alto networks content DNS signature sinkhole as an action" and " Palo Alto network DNS security and sinkhole as action"

what are difference between both sections DNS security protection and from license perspective ?

MR
1 ACCEPTED SOLUTION

Accepted Solutions

L4 Transporter

The one with "DNS security" in it uses another license and it is not free but provides updates in real time to the DNS signatures  (it is something like Wildfire lisense for file attacks) and the other is the free feature that needs manual  dynamic updates to update the signatures and it will not provide zero day attack defense  (like the antivirus signatures).

 

If you have many DNS issues and have the money for the extra security then maybe you will want the DNS security:

 

https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-new-features/content-inspection-features/dns-sec...

 

https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/threat-prevention/dns-security/about-dns-...

View solution in original post

2 REPLIES 2

L4 Transporter

The one with "DNS security" in it uses another license and it is not free but provides updates in real time to the DNS signatures  (it is something like Wildfire lisense for file attacks) and the other is the free feature that needs manual  dynamic updates to update the signatures and it will not provide zero day attack defense  (like the antivirus signatures).

 

If you have many DNS issues and have the money for the extra security then maybe you will want the DNS security:

 

https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-new-features/content-inspection-features/dns-sec...

 

https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/threat-prevention/dns-security/about-dns-...

View solution in original post

Hello,

DNS security is a big deal with all the threats out there. Here are some things I highly suggest you do:

  1. Use a secure DNS provider such as OpenDNS, TitanHQ, or Quad9. Even PAN has one now
  2. Only allow your Domain Controllers or DNS servers to get out for external DNS lookups. Goes along with point 1 above. Everything internal points to your internal DNS/Domain Controllers, and only they can get out to your secure DNS provider.
  3. Enable all security features you are licensed for and apply them to all external and internal policies, you dont need to do URL filtering internally
  4. Follow all best practices, etc.
  5. Keep things simple, and think through them with a diagram.

Just some pointers.

 

Cheers!

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!