VIKRANT RANA CYBERSECURITY

ESSENTIALS II PROJECT

Contents
Lab 9: Stopping Reconnaissance Attacks
Lab 10: Using Dynamic Block Lists
Lab 11: Denying International Attackers
Lab 12: Configuring HIP for GlobalProtect
STUDENT PROJECT
Lab 9: Stopping Reconnaissance Attacks
After loading the configuration, add a Zone Protection in the Network Profiles under the Network
tab in the Palo Alto firewall web interface. Name it Zone Protection to protect against Nmap
scans with SYN, ICMP, ICMPv6 UDP and Other IP Flood Protection. Protect against TCP Port
Scans, Host Sweeps, and UDP Port scans by blocking. Also protect against packet-based
attacks checking spoofed IP addresses, Fragmented traffic, with IP option drop on strict and
loose source routing. Apply this zone protection inside, outside and to the dmz security zones.
After committing changes, use Nmap to perform a reconnaissance attack on DMZ server. In
Nmap, target 192.168.50.10 with an intense scan on all ports. Notice in the Monitor tab, the
SCAN: TCP Port Scan from the inside zone to the DMZ. 192.168.1.20 is the client machine.

Lab 10: Using Dynamic Block Lists

We are configuring a security policy to use a dynamic block list. This lab was very simple. We
opened notepad and put a couple site in a file. We then uploaded the file to the DMZ server. Next
we went into external dynamic lists and added a block-list field. Finally we created a security
policy that used block-list. We committed and tested. Both sites that we originally put on list are
blocked as intended.

Lab 11: Denying International Attackers

After loading the configuration for the exercise, go to the Allow-Inside-Out Security Policy under
the Policy tab in the Palo Alto Firewall web portal and clone with rule order: Move to Top
selected. Selected cloned security policy and rename it to Block-Countries with a source of
outside zone, adding source addresses North Korea (KP), China (CN) and Russia (RU),
checking Russia. Under the Actions tab, selected Deny and then commit Rule. Cannot test.
Lab 12: Configuring HIP for GlobalProtect

We will download GlobalProtect while utilizing a HIP object within a HIP profile. Probably the
most fun lab in this section. We download the GlobalProtect agent. Next we go into HIP objects
and add Has AV HIP object. This will be used to confirm that the Clamwin antivirus is installed.
Now we go into HIP profiles and add, we then modify the security policy to add the HIP profile.
So next we modify the Global Protect gateway to add a HIP notification. Basically, we add a
message to when you are connected and not connected. We commit all the changes and then
connect the GlobalProtect. We still can’t connect because we haven’t downloaded Clamwin
which we do next. Once this is done we are able to connect to the GlobalProtect agent and verify
that we have a connection.

Student Project