This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Junk traffic

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Junk traffic

jdprovine
L4 Transporter

‎02-10-2017 06:49 AM

Is there a good way to verify good traffic from junk traffic.?

0 Likes Likes
4 REPLIES 4

reaper
Cyber Elite
Cyber Elite

‎02-10-2017 07:48 AM - edited ‎02-10-2017 07:50 AM

Hi !

 

That's a tricky one!

the only real way to filter out good from junk is to 'know' the network

 

this will most likely require a little legwork where you talk to whomever is responsible for a set of servers to see if they can tell you which connections are needed and which arent, which in most cases will result in the sysadmin replying "ALL PORTS NEED TO BE OPEN" or something along those lines 😉

 

you can go about creating some custom reports that highlight the overall app category, that should split up most 'business' traffic from 'not so business' and then you can tune from there

 

2017-02-10_16-46-57.png2017-02-10_16-49-11.png

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization
0 Likes Likes

jdprovine
L4 Transporter
In response to reaper

‎02-10-2017 08:57 AM

Good idea reaper I have been trying to use the ACC too. I am trying to tighten up our DMZ 😛

0 Likes Likes

BPry
Cyber Elite
Cyber Elite
In response to jdprovine

‎02-10-2017 10:21 AM

Sadly DMZs take a long time to actually secure properly if they are already running production services. Mgmt doesn't want you to bring anything down, but at the same time I've seen DMZ that was configured to allow anything between their internal zone and had outside RDP open to the servers. Took me a very long time to explain that they had destroyed any reason to have a DMZ in the first place. 

jdprovine
L4 Transporter
In response to BPry

‎02-10-2017 12:51 PM

I hear ya Bpry

0 Likes Likes
  • 1759 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks