what OS is PA built on

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

what OS is PA built on

L4 Transporter

Does security management require alot of linux, unix and ubuntu knowledge and software?s

15 REPLIES 15

Cyber Elite
Cyber Elite

PANOS is built upon Fedora Linux.

Cyber Elite
Cyber Elite

PAN-OS runs on redhat 🙂

 

for the PAN-OS perspective you don't need to worry about linux knowledge as the underlying OS is not exposed to the user.

 

In a broader sense, as a security manager it's probably good to get acquainted with linux a bit so you get a sense what kind of environment you're dealing with and to keep tabs on your admins (are they running everything in root, are they sandboxing processes, are they keeping services patched,...)

 

ubuntu is a good candidate to play with as it's very user friendly and has plenty of online resources 🙂

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

@reaper

 

So are you a security manager reaper? Do you find everything regarding security done with linux, unix and ubuntu or is there a wider variety of choices? I am not a security manager just a systems engineer. I have learned linux, I am not an expert but I have built and configured some. 

In my previous job I was everything combined 😉 (they only had one guy to do everything security and networking related)

 

some basic linux skills and understanding initially helped me better understand what the database guys were doing and helped me convince them they were doing it wrong 😉 later on it helped me better implement a couple of bastion servers (a couple of bind DNS boxes we needed as external DNS to our company)

 

maybe if your team is larger and you can delegate to a teamlead there's really no need for much linux knowledge but it's not a bad skill to posess, keeps people on their toes if you can drop a 'so did you CHROOT that bind9 you just deployed?' 😉 

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

@reaper

 

But really using linux for security is a preference not a necessity to do security.  We are not a large team and they just formed a new security group of 2 based on the fact that linux experience made one guy more qualified to be in security.

We also use bind for DNS but I am not sure how we got on this subject LOL and it has be in place for over 4 years.

I have to agree with Reaper that Linux/Unix is the base for a majority of the security products out there. Some I have seen as just software installed onto an OS of your choice. Very few have custom sourced base code.

 

I think the reasoning is that you can really strip down linux to only the little pieces you want and its not licensed so there is no worry of that added cost of support (can be added) or developing base code. 

 

However just because someone knows Linux, doesnt make them more qualified. I think its more of a mindset as I have seen some windows systems so locked down that it was very secure. Also most vendors put their own spin onto the GUI so you cant even get into the base shell to run the basic commands.

@OtakarKlier

@reaper

 

 

I agree and that was my thought as well, that linux knowledge does not make you more qualified to be a security person because the products may be based on linux but that does not mean that they allow or require you to know linux to use them and most are not set up to modify them, they are a ready made package deal

@jdprovine,

Depending on how in depth you're getting with security and certain aspects of analysis on different Malware/Spyware sample or stuff like that I almost really would call Linux a necessity. Not only because of the tools available, but because of the threat of doing some of that on a Windows box would actually be. 

You can do everything you would need to on a Windows box, but the time that it would take to do so would be inefficient and someone doing the same alaysis on a Linux box would be more efficient. 

@BPry

 

Interesting viewpoint bpry thanks for sharing. Can you give some examples of the linux tools that you use?

www.kali.org

securityonion.net

 

They are two good ones to take a peak at.

@jdprovine,

If your just getting started I would really recommend spinning up a REMnux and Cuckoo and giving them a go. They're pretty well documented, likely the best documented outside of the entire Kali distro. REMnux is it's own distro so it can be installed directly from it's OVA and Cuckoo last I checked still needed to be actually installed on an exsiting Linux install, they may have released it as it's own distro by now though I'm not sure. 

Once you get involved in it and start working on forums you'll here other tools mentioned that you can look into; but I would recommend running with those two to start. 

I feel the underlying question is a bit loaded
A good working knowledge of Linux is certainly an asset in the role of a security manager, but so is windows and a host of other operating systems and even types of deployments and software packages
The more knowledge at a top level (mile wide, inch deep), the stronger the security manager, But I wouldn't say exclusive deep knowledge in Linux makes you a qualified security person
Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

@reaper

 

I was approaching a situation where the justification for creating  a security position for an individual was justified by tgat person(not me) that the linux experience qualifies them above other for the position to which I disagreed. I believe the same way that you do that a wide variety of experiences make a good security person. 

So what type of access does a security person usually have? Access to manage anything or limited access?

I guess it will depend a bit on the size of the team and the actual background of the manager.

 

Typically they would probably rely on reporting tools (reporting from the PANW itself and reporting tools like splunk/crystalreports/siem/...) to gain insight in the actual security situation rather than raw access to appliances or servers, that's the task of the admins.

A good (basic) working knowledge helps in assessing what needs to be done and how to hold the admins accountable to do their jobs properly, deeper knowledge improves that accountability but would still not really be part of the manager's job unless the team is so small the manager is also the admin and just needs to swap hats 

 

A manager needs to be able to understand the environment and outline best practices based on a deep understanding of how security works, cysber kill chain etc. 

 

an anecdote: in my previous company our database guy was an absolute linux guru but had no clue about 'security' as it only impeded on his core business of making the databases run smoothly

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization
  • 4483 Views
  • 15 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!