Educause Security Discussion mailing list archives
Re: Firewall Upgrade
From: Roger A Safian <r-safian () NORTHWESTERN EDU>
Date: Fri, 14 Feb 2014 17:00:20 +0000
I'm not sure the wildfire service, at least the free one, is immediately helpful to you. As I understand it if certain attachments ( I think they look for specific types and sizes) come through and the Palo Alto does not already recognize them, a copy is sent to Wildfire for examination. If the results of that examination show malware, then a signature may be deployed. Not only for you but for everyone. From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Mark Rogowski Sent: Friday, February 14, 2014 10:56 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Firewall Upgrade Interesting conversation and good feedback for sure. And yes, CST, although it is daylight right now... ;-) The reason I bring this up is we are just beginning to deploy a PA and only have the AV/AM service running right now. Initial observations is that it is picking up Conficker just fine but nothing else. Obviously things need to be tweaked, but I honestly was expecting to see more action out of it from the get-go. Looking at the Spyware signatures they don't seem to get updated very often. Our ISP deployed a FireEye appliance on a 30 day trial last year. For that month we observed a significant drop in malware infections. So I was hoping the PA with the Wildfire service could be as effective. We didn't subscribe to the Wildfire service yet, and may request a trial before committing to said service. Mark Rogowski CISSP, CISM IT Security / Information Security Office University of Winnipeg Ph: 204-786-9034 From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Roger A Safian Sent: Friday, February 14, 2014 10:19 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] Firewall Upgrade I agree on wildfire, and URL filtering. In fact, the URL filtering, which we primarily wanted as another layer to prevent phishing, was terrible. My guess is it works great, in say a bank, but, in a university, the categories aren't that useful. From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Hall, Rand Sent: Friday, February 14, 2014 10:04 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] Firewall Upgrade Like Roger said, YMMV. Most people have many layers of defense. No layer is magic. OpenDNS blocks some stuff for us. PA DNS anti-hijacking firewall rules block stuff. Threat Protection on PA blocks some stuff. Basic Wildfire alerts on some stuff. Desktop AV still blocks some stuff. PA Threat Protection blocks/alerts on post-infection C&C traffic. The basic Wildfire service that comes with Threat Protection is pretty good for what it is. The premium service is overpriced, IMHO (as is URL filtering). Rand Rand P. Hall Director, Network Services askIT! Merrimack College 978-837-3532 rand.hall () merrimack edu<mailto:rand.hall () merrimack edu> If I had an hour to save the world, I would spend 59 minutes defining the problem and one minute finding solutions. - Einstein On Fri, Feb 14, 2014 at 10:25 AM, Mark Rogowski <m.rogowski () uwinnipeg ca<mailto:m.rogowski () uwinnipeg ca>> wrote: Forgive the derailing of this thread, but given all the chatter regarding Palo Alto, I am very curious to know how effective the product is at stopping malware. PA touts they have strong anti malware protection - is this in fact true? Have any of you noticed a drop in your end point infections? Mark Rogowski CISSP, CISM IT Security / Information Security Office University of Winnipeg Ph: 204-786-9034<tel:204-786-9034> -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>] On Behalf Of Michael Horne Sent: Friday, February 14, 2014 8:48 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] Firewall Upgrade I will also give a +1 to Palo Alto, We replaced a pair of aging Nortel branded check points with a pair of PA 5020's. We are very pleased with them and I personally would recommend them as well. A lot deeper view into what's happening on the network as well. Rule creation is not bad either once yopu get the mind shift changed to zone / application based vrs just a port based FW. Michael Horne Network Engineer Olin College of Engineering 1000 Olin Way, Milas Hall, Suite LL18 Needham, MA 02492 1-781-292-2438<tel:1-781-292-2438> -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>] On Behalf Of Russo, Dan Sent: Thursday, February 13, 2014 2:19 PM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: [SECURITY] Firewall Upgrade We are looking into upgrading our Firewall. I was wondering if anyone had anything to offer in regards to what you are using and the pros/cons associated to it. Thanks, Dan
Current thread:
- Re: Firewall Upgrade, (continued)
- Re: Firewall Upgrade Roger A Safian (Feb 14)
- Re: Firewall Upgrade Roger A Safian (Feb 14)
- Re: Firewall Upgrade Mark Rogowski (Feb 14)
- Re: Firewall Upgrade Roger A Safian (Feb 14)
- Re: Firewall Upgrade Ryan Hiebert (Feb 14)
- Re: Firewall Upgrade Nathaniel Hall (Feb 14)
- Re: Firewall Upgrade Ruth Ginzberg (Feb 14)
- Re: Firewall Upgrade Hall, Rand (Feb 14)
- Re: Firewall Upgrade Roger A Safian (Feb 14)
- Re: Firewall Upgrade Mark Rogowski (Feb 14)
- Re: Firewall Upgrade Roger A Safian (Feb 14)
- Re: Firewall Upgrade O'Callaghan, Daniel (Feb 14)
- Re: Firewall Upgrade Mike Osterman (Feb 14)
- Re: Firewall Upgrade Ian McDonald (Feb 14)
- Re: Firewall Upgrade Mike Osterman (Feb 14)