• Samba เป็น Software ที่ช่วยให้สามารถ Share File และเครื่องพิมพ์บน Linux ให้กับระบบปฏิบัติการ Windows:

    • เจาะลึก Snoc กับบริการ Cloud สำหรับป้องกัน DDoS โดยเฉพาะ ที่ทุกองค์กรควรให้ความสนใจ:

    • Snoc เปิดตัว Solution Version 3.0 พร้อมให้บริการ Web Application Firewall และ DDoS Protection:

    • เผย...ตลาดมืด Online รับยิง DDoS!!:

    • นิ่งไปสามวิ! DDoS ติดโผ Datacenter Outage:

    • จะรู้ได้อย่างไรว่าเรากำลังถูกโจมตีแบบ DDoS:

    • Introduction, Build the DDoS response plan with Checklist, How do you know when they DDoS you!, DDoS Mitigation Technique:

    • App VS Volume รู้ยัง! ตัวไหนโดนงัดมาใช้บ่อยสุด:

    • Attack of the year 2014: รู้ยัง! ว่าตัวไหนน:

    • X-Forwarded-For (XFF):

    • TCP 3-Way Handshake:

    • www.icez.net/blog/69510/ddos-tcp-fin-flood

    • th.wikipedia.org/wiki/อินเทอร์เน็ตบอต

    • URL vs URI:

    • Basic Cryptography - Digital Certificate & SSL:

    • Cache คืออะไร:

    • Penetration Tester:
      • app.cybrary.it/browse/course/comptia-linux-plus
      • app.cybrary.it/browse/course/comptia-security
      • app.cybrary.it/browse/course/ethical-hacking
      • EC-Council CHFI

    • Security Operations Center (SOC) Analyst - Add below:
      • app.cybrary.it/browse/course/comptia-network-plus
      • app.cybrary.it/browse/course/comptia-casp

    • Cyber Security Engineer - Add below:
      • app.cybrary.it/browse/course/comptia-cloud-plus
      • app.cybrary.it/browse/course/cisco-ccna
      • app.cybrary.it/browse/course/comptia-cysa-2018
      • app.cybrary.it/browse/course/cissp
      • app.cybrary.it/browse/course/cism
      • app.cybrary.it/browse/course/project-management-professional
      • app.cybrary.it/browse/course/isc2-certified-cloud-security-professional-ccsp

    • www.facebook.com/longhackz

    • หลักแห่งการออกแบบระบบอย่างมั่นคงปลอดภัย (Secure Design Principles):

    • Example Attacks:
      • blog.endace.com/2013/08/27/ddos-attacks-on-port-0-does-it-mean-what-you-think-it-does
      • www.techtalkthai.com/blacknurse-dos-attack-server-firewalls
      • notebookspec.com/ทำความรู้จักกับ-distributed-denial-of-service-ddos/36287
      • arit.rmutsv.ac.th/th/blogs/80-sql-injection-คืออะไร-757
      • www.thaicert.or.th/downloads/presentations/20150507_Seminar_Dataone_.pdf

    Palo Alto:

    • PA-200, PA-3000, PA-5000, and PA-7000 models are the Palo Alto Networks next-generation firewall models.

    • Control and data planes are found in Palo Alto Networks single-pass platform architecture.

    • The strength of the Palo Alto Networks firewall is its Single-Pass Parallel Processing (SP3) engine.

    • PA-5280 new firewall model was introduced with PAN-OS® 8.1 with double the data-plane memory.

    • Palo Alto Networks firewall are built with a dedicated out-of-band management port that has Labeled MGT by default, Passes only management traffic for the device and cannot be configured as a standard traffic port, and Administrators use the out-of-band management port for direct connectivity to the management plane of the firewall attributes.

    • Can revert the candidate configuration to the running configuration, Clicking Save creates a copy of the current candidate configuration, and Choosing Commit updates the running configuration with the contents of the candidate configuration.

    • Firewall administrator accounts can be individualized for user needs, granting or restricting permissions as appropriate.

    • Firewall administration can be done using web interface, Panorama, command line interface, or XML API.

    • Service routes can be used to configure an in-band port to access external services.

    • Virtual routers provide support for static routing and dynamic routing using OSPF, RIPv2, and BGP protocols.

    • Layer 3, Tap, and Virtual Wire interface types are valid on a Palo Alto Networks firewall.

    • Intrazone traffic is allowed by default but interzone traffic is blocked by default.

    • A Virtual Wire (vwire) interface sometimes called a Bump in the Wire or Transparent In-Line, no support for routing or device management, and support NAT, Content-ID, and User-ID.

    • A Layer 3 interface can be configured as dual stack with both IPv4 and IPv6 addresses.

    • Source Zone, Username, URL, and Application items are possible network traffic match criteria in a Security policy on a Palo Alto Networks firewall.

    • Universal type of Security policy rules is the default rule type.

    • The intrazone-default and interzone-default rules can be modified.

    • dynamic IP, dynamic IP/Port, and static are names of valid source NAT translation types.

    • Logging on intrazone-default and interzone-default Security policy rules is disabled by default.

    • Logs can be forwarded to Email, Syslog, Panorama, or SNMP the Remote Logging Destinations.

    • A log can be exported to CSV format.

    • A Report Group must be sent as a scheduled email. It cannot be downloaded directly.

    • A SaaS application that formally approve for use on network is sanctioned of application.

    • only one firewall actively processes traffic, no increase in session capacity and throughput, and supports Virtual Wire, Layer 2, and Layer 3 deployments attributes describe an active/passive HA firewall configuration.

    • configuration synchronization, heartbeats, and hellos are types of traffic flow across the HA Control link.

    • On a firewall with dedicated HA ports, Data link describes the function of the HA2 port.

    • A Backup Control link helps prevent split-brain operation in a firewall HA cluster.

    • heartbeats and hellos, internal health checks, link and path groups are failure detection methods in a firewall HA cluster.

    • A Security policy rule displayed in italic font indicates The rule is disabled condition.

    • A Server Profile enables a firewall to locate a server with remote user accounts server type.

    • An Antivirus Security Profile specifies Actions and WildFire Actions. WildFire Actions enable to configure the firewall to perform Block traffic when a WildFire virus signature is detected operation.

    • An Interface Management Profile can be attached to Layer 3 and Loopback interface types.

    • App-ID running on a firewall identifies applications using Program heuristics, Application signature, and Known protocol decoders methods.
  • 1 Comment sorted by
    • Finding URLs matched to the not-resolved URL category in the URL Filtering log file might indicate that should take Validate connectivity to the PAN-DB cloud action.

    • If a DNS sinkhole is configured, any sinkhole actions indicating a potentially infected host are recorded in Threat log type.

    • If there is an HA configuration mismatch between firewalls during peer negotiation, NON-FUNCTIONAL will the passive firewall enter.

    • In s Security Profile, The traffic responder is reset and For UDP sessions, the connection is dropped action does a firewall take when the profiles action is configured as Reset Server.

    • In an HA configuration, networks, objects, and policies components are synchronized between the pair of firewalls.

    • In an HA configuration, path monitoring and heartbeats failure detection methods rely on ICMP ping.

    • On a firewall that has 32 Ethernet ports and is configured with a dynamic IP and port (DIPP) NAT oversubscription rate of 2x, 128K is the maximum number of concurrent sessions supported by each available IP address (2x64K layer 4 protocol ports).

    • SSL Inbound Inspection requires that the firewall be configured with server's digital certificate and private key components.

    • The User-ID feature is enabled per firewall security zone.

    • The WildFire Portal website supports upload files to WildFire for analysis, report incorrect verdicts, and view WildFire verdicts operations.

    • dataplane and control/management plane are the separate planes that make up the PAN-OS architecture.

    • Pre-Logon, User-Logon, and On-demand are connection methods for the GlobalProtect agent.

    • untrusted and expired certificate checking are benefits of attaching a Decryption Profile to a Decryption policy no-decrypt rule.

    • When SSL traffic passes through the firewall, Security policy component is evaluated first.

    • GlobalProtect Portal does a GlobalProtect client connect to first when trying to connect to the network.

    • Continue action in a File Blocking Security Profile results in the user being prompted to verify a file transfer.

    • Continue, Block, Override, and Alert actions can be applied to traffic matching a URL Filtering Security Profile.

    • Tab, Layer 2, and Layer 3 interface types require configuration changes to adjacent network devices.

    • It determines which firewall services are accessible from external devices describes a function provided by an Interface Management Profile.

    • There is a single, per-firewall password is a URL Filtering Profile override password.

    • file traversing the firewall, email attachments, and URL links found in email components can be sent to WildFire for analysis.

    • Virtual Wire, Layer 2, and Layer 3 interface types can control or shape network traffic.

    • Default gateway, Netmask, and IP address MGT port configuration settings are required in order to access the WebUI from a remote subnet.

    • .dll and .exe file types can be sent to WildFire for analysis if a firewall has only a standard subscription service.

    • dynamic update antivirus, WildFire antivirus, and dynamic update threat signatures are type of content update have to be scheduled for download on the firewall.

    • GlobalProtect user mapping method is recommended for a highly mobile user base.

    • GlobalProtect clientless VPN provides secure remote access to web applications that use HTML5, JavaScript, and HTML technologies.

    • URL Filtering, Threat Prevention, and WildFire® subscription services are included as part of the GlobalProtect cloud service.

    • 20 is the maximum number of WildFire® appliances that can be grouped in to a WildFire®
      appliance cluster.

    • The decryption broker feature is supported by PA-7000, 3200, and 5200 Palo Alto Networks firewall series.

    • Dropbox, Google, and YouTube HTTP header insertion types are predefined.

    • VM-50 Lite VM-Series model was introduced with the release of PAN-OS® 8.1.

    • docs.paloaltonetworks.com/pan-os/7-1/pan-os-admin/policy/use-case-pbf-for-outbound-access-with-dual-isps

    What should be considered when buying a firewall?:
    1. Interface Port: 1G/10G, UTP/SFP
    2. Throughput: Firewall, SSL-VPN

    •  ทำความรู้จักกับ Palo Alto Networks NGFW:

    • คู่มือการใช้งาน FortiGate: