The Training combines lectures and hands-on labs, covering the following modules:
The Cyber-Attack Lifecycle: Understanding common attack methodologies and recognizing how specific firewall features disrupt each stage of an attack.
Determining and Improving Security Policy Efficacy: Analyzing existing security policies using tools like the Best Practice Assessment (BPA) tool to identify weaknesses, rule usage, and areas for optimization.
Implementing Threat Prevention:
Security Profile Revision: Applying and customizing security profiles (Antivirus, Anti-Spyware, Vulnerability Protection) effectively.
URL Filtering and DNS Security: Configuring URL filtering profiles and DNS security to block access to malicious domains and inappropriate websites.
Blocking Unknown Threats with WildFire: Integrating and applying WildFire analysis profiles to detect and prevent zero-day malware and grayware.
Zone and DoS Protection: Implementing protections at the network perimeter, zones, and devices to defend against packet-based attacks and DoS floods.
Analyzing and Updating Security Rules:
Migrating to Application-Based Policy: Using the Policy Optimizer to convert legacy port-based rules to more secure, application-based rules using App-ID.
Implementing the Principle of Least Privilege: Modifying policies for inbound, outbound, and internal traffic to ensure only necessary traffic is permitted.
Blocking Threats in Encrypted Traffic (SSL Decryption): Planning for and deploying SSL/TLS decryption to inspect and control traffic that would otherwise be hidden from security inspection.
Hardening PAN-OS Administratively: Applying best practices to secure management access, including administrative roles, authentication profiles, log storage, and dynamic updates.
Monitoring and Reporting: Using the interactive web interface, logs, and reports (including the Application Command Center (ACC)) to monitor network activity and ensure compliance.
Developing Workflows for Security Posture Management: Establishing operational maintenance and processes for continuous improvement of the security environment.
Target Audience and Prerequisites
Target Audience: Security administrators, security engineers, and anyone responsible for the daily management and hardening of a Palo Alto Networks firewall installation.
Prerequisites: Completion of the EDU-210: Firewall Essentials - Configuration and Management course or equivalent experience is highly recommended. Familiarity with basic security concepts and general networking is required.
