This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Pros vs Cons with PAN?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Pros vs Cons with PAN?

mikand
L6 Presenter

‎05-08-2012 04:25 PM

I guess it would be a bit biased to ask for Pros vs Cons of PAN in the supportforum of PAN 🙂 but I recently stumbled upon an article (which I wish to share) regarding PAN which I think might be of interrest for most of us in this forum:

http://www.cymbel.com/blog/a-response-to-stiennon-analysis-of-palo-alto-networks/

Another link (or links) is from a presentation held at Defcon 19 last year made by Brad Woodberg (Security Product Line Engineer) at Juniper Networks.

www.youtube.com/watch?v=s2cz--bzZRE
DEFCON 19: Network Application Firewalls: Exploits and Defense

http://www.youtube.com/watch?v=G8U-1J4SI4o
DEFCON 19: Network Application Firewalls: Exploits and Defense ( w speaker)

I think most of us will recognise that the product he is mostly speaking about and from which the screenshots are from is a PaloAlto unit.

I guess many of the claims is biased in some way or another (like not enabling threat preventation for the first occurance of rpc within a http request and ignoring results from NSS Labs regarding their IDP tests) but what caught my attention is around 25 minutes into the presentation.

Anyone in here with some more information regarding the claimed "application cache poisoning"?

Is it a particular configuration that Brad used to be able to accomplish the result (which should be avoided) or is it some bug or even specific hardware (like PA-500 or such) which will bring you the (undesired) result (and in case it was a bug, for which version was it fixed - to be compared to the AET bug discovered by NSS Labs which Brad just briefly mentioned has already been taken care of (after speaking about 5 minutes of that vuln which no longer exists in case of PAN but might exist for other vendors))?

0 Likes Likes
1 REPLY 1

sunilsadanandan
L3 Networker

‎05-10-2012 02:18 AM

This is very interesting , could someone from Palo comment on this post ?  There is setting "set application cache no". I am not sure that the default setting is. I would expect application cache to be disabled after running this command and should cause it to identify the application shift. But I has assumed Palo did not do Apllication caching by default and would detect Application shifts by default. The other aspect about this video that concerns me is DNS over a random port being detected as unknown-UDP. I have just set application cache to "no" on my firewall and going to check the what kind of performance or cpu load on the dataplane is seen.

0 Likes Likes
  • 2219 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks