Yesterday, I passed the PCNSA exam.
I previously did the PCCSA/PCCET exam, which was more of a general overview about security concepts and the Palo Alto product range. By contrast, the PCNSA is more practical, so it’s aimed at people who do hands-on tasks with a Palo Alto firewall. In particular, it’s mostly focussed on PAN-OS, with a bit of Panorama; the other cloud-based services (e.g. Prisma) have separate certifications.
(more…)In Windows 2003, the local firewall was turned off by default. You could enable it, but you had to be careful about defining all your exceptions; unlike a PC running Windows XP, you presumably want people to be able to connect to your server! Finding a list of all the relevant ports/protocols could be difficult, and Microsoft sometimes advised people not to enable the firewall at all. SP1 introduced the Security Configuration Wizard (SCW), which helps you to configure the firewall, but you have to specifically install this as an extra component.
In Windows 2008, this changed: the firewall is turned on by default, and the SCW is installed automatically. You can still turn the firewall off, but that’s not ideal from a security point of view: it’s better to configure it so that only certain traffic can get through.
I was going through the log files on my firewall server today when I saw something odd: my PC was trying to send outbound traffic on port 6667 every 30 seconds. At first I thought that this was for my IRC client, but it wasn’t. Instead, it’s a legacy of the “Sky by Broadband” service that I signed up for last year.
One of my current projects is configuring ISA 2004 as a firewall. Without wanting to get sidetracked into advocacy debates, all I’ll say is that:
a) It’s a lot better than ISA 2000.
b) It’s annoying that it doesn’t support more than one internet connection, so hopefully they’ll fix that in ISA 2006.
Anyway, today I got hold of some blacklists (i.e. a long list of dodgy websites), and set up rules to block them. While I generally think that enumerating badness is a doomed endeavour, enumerating goodness is a bit tricky for websites, so this seems like a reasonable step (in conjunction with other rules). So, once I’d imported these lists, I then tested them, by trying to access the blocked websites on my PC. This is where typos can cause problems…
Me: “Let’s see, http://www.killerporn.com/ … aargh!”
Server: “Tum te tum, I’m blocking http://www.killerpornstars.com/ as ordered.”
Me: “Ok, let’s add this site to the list as well, then try that again…”
Similar problems occured with the various permutations of “0Adult-manga.com”. So, when the report gets run tonight, my traffic may look a bit dodgy tomorrow. In the sense of “My eyeballs are bleeding!”
Ah well, it’s a living.
(Just to state the obvious, I don’t recommend following those links, especially if you’re at work!)