Configure DNS Security
Table of Contents
Expand all | Collapse all
-
- About Cloud NGFW for AWS
- Getting Started from the AWS Marketplace
- Register Your Cloud NGFW Tenant with a Palo Alto Networks Support Account
- Cloud NGFW for AWS Pricing
- Cloud NGFW Credit Distribution and Management
- Cloud NGFW for AWS Free Trial
- Cloud NGFW for AWS Limits and Quotas
- Subscribe to Cloud NGFW for AWS
- Locate Your Cloud NGFW for AWS Serial Number
- Cross-Account Role CFT Permissions for Cloud NGFW
- Invite Users to Cloud NGFW for AWS
- Manage Cloud NGFW for AWS Users
- Deploy Cloud NGFW for AWS with the AWS Firewall Manager
- Enable Programmatic Access
- Terraform Support for Cloud NGFW AWS
- Provision Cloud NGFW Resources to your AWS CFT
- Configure Automated Account Onboarding
- Usage Explorer
- Create a Support Case
-
-
- Prepare for Panorama Integration
- Link the Cloud NGFW to Palo Alto Networks Management
- Unlink the Cloud NGFW from Palo Alto Networks Management
- Associate a Linked Panorama to the Cloud NGFW Resource
- Use Panorama for Cloud NGFW Policy Management
- View Cloud NGFW Logs and Activity in Panorama
- View Cloud NGFW Logs in Strata Logging Service
- Tag Based Policies
- Enterprise Data Loss Prevention (E-DLP) Integration with Cloud NGFW for AWS
-
- Strata Cloud Manager Policy Management
Configure DNS Security
Learn how to secure your VPC traffic from DNS-based threats.
Domain Name Service (DNS) is a critical and foundational protocol of the internet, as
described in the core RFCs for the protocol. Malicious actors have utilized command and control (C2)
communication channels over the DNS and, in some cases, have even used the protocol
to exfiltrate data. DNS exfiltration can happen when a bad actor compromises an
application instance in your VPC and then uses DNS lookup to send data out of the
VPC to a domain that they control. Malicious actors can also infiltrate malicious
data and payloads to the VPC workloads over DNS. Palo Alto Networks Unit 42 research
has described different types of DNS abuse
discovered.
Cloud NGFW for AWS allows you to protect your VPC traffic from advanced DNS-based
threats, by monitoring and controlling the domains that your VPC resources query.
With Cloud NGFW for AWS. You can deny access to the domains that Palo Alto Networks
considers bad or suspicious and allow all other queries.
Cloud NGFW uses the Palo Alto Networks DNS Security service which proactively detects malicious domains by generating DNS
signatures using advanced predictive analysis and machine learning, with data from
multiple sources (such as WildFire traffic analysis, passive DNS, active web
crawling & malicious web content analysis, URL sandbox analysis, Honeynet, DGA
reverse engineering, telemetry data, whois, the Unit 42 research organization, and
Cyber Threat Alliance). DNS security service then continuously distributes these DNS signatures to your
Cloud NGFW resources to proactively defend against malware using DNS for command and
control (C2) and data theft.
DNS Security for Cloud NGFW requires Panorama. Configure all DNS
Security-related policy rules on Panorama and push them to Cloud NGFW resources as
part of a Cloud Device Group.
To enable DNS Security in Cloud NGFW resources—
- Enable DNS Security in Panorama by creating an Anti-Spyware profile in Cloud Device Groups associated with your Cloud NGFW Resources.
- Redirect your DNS traffic in your VPC to your Cloud NGFW resource. How your configure traffic redirection depends on your DNS server setup.