My Final Year Project

Month Year
June 20, 2021
Committee Member Names
Pr. LAHCEN OUGHDIR
Pr. ZAKARIA CHALH
Supervised by
Pr. MOHAMED BENSLIMANE
By
MOHAMMED EL ALAM
A project submitted in partial fulfillment
of the requirements for the degree of in
Network and Security Engineering
Palo Alto Firewall and Cybersecurity Challenges
U.S.M.B.A
University Sidi Mohammed Ben Abdellah
National School of Applied Sciences – Fez
Field Study: Information Technology

iii
Foreward
First Name and Last Name of the Trainee Engineer from ENSAF :
✓ MOHAMMED EL ALAM
Project Title :
✓ Palo Alto Firewall and Cybersecurity Challenges: « Dev Networking Solution »
Host Organization :
✓ Enterprise : Dev Networking Solution
✓ Address : Casablanca
✓ Site web : http://www.devnetmaroc.com/company.php
First Name and Last Name of the project leader in the host organization :
✓ M. Ahmed LAGHFOUL
First Name and Last Name of the project supervisor at ENSAF :
✓ M. MOHAMED BENSLIMANE
Start and end date of Internship :
✓ Start date : 10/01/2021
✓ End date : 10/06/2021

iv
Dedicaces
To thebestof parents
No dedication can express my respects, my deep love and my gratitude.
for the sacrifices you have made for my education and well-being. I wish you
thank you for all the support and love that you have given me since my childhood and I hope
may your blessing always be with me. May this humble work be the fulfillment of
your so many wishes, the fruit of your countless sacrifices.
May God, the Most High, preserve you and grant you health, happiness and long life.
To my dearbrothersandsisters
You have always been at my side, you have never ceased to support and encourage me during all the years
of my studies, I am very grateful to you.
As a testimony of my deep tenderness and gratitude, I wish you a life full of happiness and success and may
God, the Almighty, protect and guard you.
To allmy familymembers
Please find in this work the expression of my affection.
To my friendsandcolleagues
It would be difficult for me to name all of you, you are in my heart, affectionately.

v
ACKNOWLEDGEMENT
My heartfelt thanks go to:
All the teaching and administrative staff of the ENSA Fez
I can only testify all my gratitude to you for the quality of the teaching that you have given me during these
two years spent at the ENSA of Fez.
Mr. Mohamed BENSLIMANE
I had the honor of being among your students and benefiting from your rich teaching, your pedagogical and
human qualities are a model for me, your dedication and your undeniable skills have always aroused my deep
respect.
I sincerely thank you for your patience and guidance during all these years and for the great honor you have
given me to accept the supervision of this work.
Mr. Ahmed LAGHFOUL
Your competence, your supervision has always aroused my admiration. I thank you for having granted me
this very enriching project for my training, for your welcome and your precious advice. Please find here, the
expression of my gratitude and my great esteem.
Dear jury members
You do me a great honor by agreeing to judge this work…

vi
UNDERTAKING
This is to declare That The project entitled “Palo Alto Firewall andCyber Security Challenges” is an Original
work done by undersigned, in partial fulfillment of the requirements for the degree “Master in Network
Security Engineering” at Computer Network and Security Engineering Department, University of Computer
and Information Technology, University of Science and Technology.
All the analysis, design and system development have been accomplished by the undersigned. Moreover, this
project has not been submitted to any other college or university.

vii
‫ملخص‬
‫عن‬ ‫المشروع‬ ‫هذا‬ ‫يتحدث‬
Palo Alto Firewall
‫فترة‬ ‫خالل‬ ‫به‬ ‫قمت‬ ‫الذي‬ ‫للعمل‬ ‫توليف‬ ‫عن‬ ‫عبارة‬ ‫التقرير‬ ‫هذا‬ ،‫السيبراني‬ ‫األمن‬ ‫وتحديات‬
" ‫شركة‬ ‫في‬ ‫تدريبي‬
Dev Networking Solutions
‫حماية‬ ‫كيفية‬ ‫معرفة‬ ‫هو‬‫المشروع‬ ‫لهذا‬ ‫العام‬ ‫الهدف‬ .‫دراستي‬ ‫نهاية‬ ‫مشروع‬ ‫من‬ ‫كجزء‬ ،"
‫األ‬ ‫تحديات‬ ‫من‬ ‫شركتنا‬
‫لشبكة‬ ‫األمنية‬ ‫والتهديدات‬ ‫السيبراني‬ ‫من‬
Networks
Palo Alto
.
‫وخاصة‬ ،‫الجودة‬ ‫وعالي‬ ‫ًا‬‫د‬‫ج‬ ‫قوي‬ ‫أمان‬ ‫هو‬ ‫اعتبارك‬ ‫في‬ ‫تضعه‬ ‫أن‬ ‫يجب‬ ‫شيء‬ ‫أول‬ ‫فإن‬ ،‫وتتقدم‬ ‫األمام‬ ‫إلى‬ ‫ما‬ ‫شركة‬ ‫تمضي‬ ‫لكي‬ ،‫ا‬ً‫ع‬‫جمي‬ ‫نعلم‬ ‫كما‬
‫أن‬ ‫قررت‬ ‫جدا؛‬ ‫واسع‬ ‫موضوع‬ ‫هو‬ ‫الشبكة‬ ‫أمن‬ .‫الشبكات‬ ‫مع‬ ‫تتعامل‬ ‫التي‬ ‫الشركات‬
‫الموضوع‬ ‫هذا‬ ‫اخترت‬ .‫ألهميته‬ ‫منه‬ ‫الصغير‬ ‫الجزء‬ ‫هذا‬ ‫أكتب‬
‫وإيجاد‬ ‫المشكلة‬ ‫هذه‬ ‫التعامل‬ ‫كيفية‬ ‫حول‬ ‫ما‬ ‫ا‬ً‫ئ‬‫شي‬ ‫أكتب‬ ‫أن‬ ‫وقررت‬ ‫شبكتهم‬ ‫اختراق‬ ‫مدى‬ ‫الحظت‬ ،‫عملي‬ ‫مكان‬ ‫في‬ ‫مشاكل‬ ‫من‬ ‫خضته‬ ‫ما‬ ‫بسبب‬ ‫ًا‬‫د‬‫عم‬
.‫لها‬ ‫حل‬
‫تأ‬ ‫أصبح‬ .‫المعلومات‬ ‫تكنولوجيا‬ ‫مجال‬ ‫في‬ ‫ا‬ً‫م‬‫مه‬ ‫ا‬ ً‫دور‬ ‫السيبراني‬ ‫األمن‬ ‫يلعب‬
‫األمن‬ ‫في‬ ‫نفكر‬ ‫عندما‬ .‫عصرنا‬ ‫تحديات‬ ‫أكبر‬ ‫أحد‬ ‫المعلومات‬ ‫مين‬
.‫يوم‬ ‫بعد‬ ‫ا‬ً‫م‬‫يو‬ ‫كبير‬ ‫بشكل‬ ‫تتزايد‬ ‫والتي‬،"‫اإللكترونية‬ ‫"الجريمة‬ ‫هو‬ ‫أذهاننا‬ ‫إلى‬ ‫يتبادر‬ ‫ما‬ ‫أول‬ ‫فإن‬ ،‫السيبراني‬
‫التداب‬ ‫هذه‬ ‫من‬ ‫الرغم‬ ‫على‬ .‫اإللكترونية‬ ‫الجرائم‬ ‫هذه‬ ‫لمنع‬ ‫الخطوات‬ ‫من‬ ‫العديد‬ ‫والشركات‬ ‫الحكومات‬ ‫تتخذ‬
‫قلق‬ ‫مصدر‬ ‫السيبراني‬ ‫األمن‬ ‫يزال‬ ‫ال‬ ،‫ير‬
‫التقرير‬ ‫هذا‬ ‫يركز‬ .‫للكثيرين‬ ‫كبير‬
‫تقنيات‬ ‫أحدث‬ ‫على‬ ‫يركز‬ ‫كما‬ .‫التقنيات‬ ‫أحدث‬ ‫في‬ ‫السيبراني‬ ‫األمن‬ ‫يواجهها‬ ‫التي‬ ‫التحديات‬ ‫على‬ ‫أساسي‬ ‫بشكل‬
‫ًا‬‫ض‬‫أي‬ ‫الحل‬ ‫هذا‬ ‫يوفر‬ .‫السيبراني‬ ‫األمن‬
:
•
‫شبكات‬ ‫توفر‬
Palo Alto Networks
‫والتحقيق‬ ‫التلقائي‬ ‫والكشف‬ ‫الوقاية‬ :‫األمنية‬ ‫احتياجاتك‬ ‫جميع‬ ‫لتلبية‬ ‫التهديدات‬ ‫إلدارة‬ ً‫ال‬‫شام‬ ً‫ال‬‫ح‬
.‫الكبيرة‬ ‫إلى‬ ‫المتوسطة‬ ‫الفئة‬ ‫من‬ ‫للعمالء‬ ‫السحابة‬ ‫على‬ ‫وقائم‬ ‫بالكامل‬ ‫دار‬ُ‫م‬ ‫إلكتروني‬ ‫أمان‬ ‫حل‬ ‫إنه‬ .‫والتكيف‬ ‫واالستجابة‬
•
Secure Gateway (managed firewall)
•
Web Protection Suite
•
Strata (Next-generation firewalls and virtualized next-generation firewalls)
•
Prisma (Cloud Security)
•
Cortex (CyberSOC)
‫المشروع‬ ‫هذا‬ ‫لمحاكاة‬ ‫واألدوات‬ ‫التقنيات‬ ‫من‬ ‫مجموعة‬ ‫استخدام‬ ‫تم‬
VMware, EVE-ng, Wireshark, Firefox, WinSCP:
VNCviewer, SecureCrt
Keywords: cyber security, cyber-crime, cyber ethics, social media, cloud computing, Threat, Asset,
Vulnerability, Exploit, Attack, Risk and Countermeasures, android apps, Iot.

viii
Abstract
This project talks about Palo Alto Firewall and cybersecurity challenges, this reportis a synthesis of the work
I did during my internship in the company "Dev Networking Solutions”, as part of my graduation project.
The overall objective of this project was how to protect our business from Cybersecurity challenges and
threats on Palo Alto Network Security.
as we all know that for any company to move forward and progress, the first thing the company has to take
into consideration is a very strong and good security, especially companies that deal with networking.
Network security is a very large topic of networking; I decided to write this small part of it because of the
importance of it to companies. I purposely chose this topic because of what I experienced in the place I did
my Internship (Morocco), I noticed how porous their network is and I decided to write something on how
such network porosity could be handle and find a lasting solution to it.
Cyber Security plays an important role in the field of information technology. Securing the information
have become one of the biggest challenges in the present day. Whenever we think about the cyber
security the first thing that comes to our mind is ‘cyber crimes’ which are increasing immensely day by
day. Various Governments and companies are taking many measures in order to prevent these cyber-crimes.
Besides various measures cyber security is still a very big concern to many. This paper mainly
focuses on challenges faced by cyber security on the latest technologies. It also focuses on latest about
the cyber security techniques, ethics and the trends. This solution also provides:
• Palo Alto Networks provide a holistic solution to threat management to address all your security
needs: prevent, automatically detect, investigate, respond and adapt. It is a fully-managed, cloud
cybersecurity solution for medium and large customers.
• Secure Gateway (managed firewall)
• Web Protection Suite
• Strata (Next-generation firewalls and virtualized next-generation firewalls)
• Prisma (Cloud Security)
• Cortex (CyberSOC)
A set of technologies and tools were used to simulate this project: VMware, EVE-ng, Wireshark, Firefox,
WinSCP, VNCviewer, and SecureCrt.
Keywords: cyber security, cyber-crime, cyber ethics, social media, cloud computing, Threat, Asset,
Vulnerability, Exploit, Attack, Risk and Countermeasures, android apps, Iot.

ix
Résumé
Ce projet parle de Palo Alto Firewall et des défis de la cybersécurité, ce rapport est une synthèse du travail
que j'ai effectué lors de mon stage dans la société "Dev Networking Solutions", dans le cadre de mon projet
de fin d'études. L'objectif général de ce projet était de savoir comment protéger notre entreprise des défis de
la cybersécurité et des menaces sur la sécurité du réseau Palo Alto Firewall.
Comme nous le savons tous, pour qu'une entreprise puisse avancer et progresser, la première chose qu'elle
doit prendre en considération est une sécurité très forte et de qualité, en particulier les entreprises qui
s'occupent de réseaux. La sécurité des réseaux est un sujet très vaste ; j'ai décidé d'en écrire cette petite partie
en raison de l'importance qu'elle revêt pour les entreprises. J'ai délibérément choisi ce sujet en raison de ce
que j'ai vécu dans le lieu où j'ai fait mon stage (Maroc), j'ai remarqué à quel point leur réseau est poreux et
j'ai décidé d'écrire quelque chose sur la façon dont une telle porosité du réseau pourrait être gérée et trouver
une solution à ce problème.
La cybersécurité joue un rôle important dans le domaine des technologies de l'information. La sécurisation de
l'information sont devenues l'un des plus grands défis de notre époque. Lorsque nous pensons à la cyber
sécurité, la première chose qui nous vient à l'esprit est la "cybercriminalité", qui augmente considérablement
de jour en jour.
Diversgouvernementset entreprisesprennentdenombreuses mesurespour prévenir ces cyber-crimes. Malgré
ces mesures, la cybersécurité reste une préoccupation majeure pour beaucoup. Ce document se concentre
principalement sur les défis rencontrés par la cybersécurité sur les dernières technologies. Il se concentre
également sur les dernières techniques, l'éthique et les tendances de cybersécurité. Cette solution fournit
également :
Palo Alto Networks fournit une solution holistique de gestion des menaces pour répondre à tous vos besoins
en matière de sécurité : prévention, détection automatique, enquête, réponse et adaptation. Il s'agit d'une
solution de cybersécurité en nuage entièrement gérée, destinée aux clients de moyenne et grande taille.
- Secure Gateway (gestion des démarreurs)
- Web Protection Suite
- Strata (Pare-feu de nouvelle génération et pare-feu de nouvelle génération virtualisés)
- Prisma (sécurité du cloud)
- Cortex (CyberSOC)
Un ensemble de technologies et d'outils ont été utilisés pour simuler ce projet : VMware, EVE-ng, Wireshark,
Firefox, WinSCP, VNCviewer et SecureCrt.
Mots clés : cybersécurité, cybercriminalité, cyberéthique, médias sociaux, cloud computing, menace, actif,
vulnérabilité, exploitation, attaque, risque et contre-mesures, applications androïdes, Iot.

x
Abbreviations
DDoS Distributed Denial of Service
DoS Denial of Service
DHCP Dynamic Host Configuration Protocol
DNS Domain Name System
DPI Deep Packet Inspection
HTTP Hyper Text Transfer Protocol
ICMP Internet Control Message Protocol
IDS Intrusion Detection System
IP Internet Protocol
LDAP Lightweight Directory Access Protocol
FTP File Transfer Protocol
NFS Network File System
OSI Open Systems Interconnection
SMTP Simple Mail Transfer Protocol
SSH Secure Shell
TCP Transmission Control Protocol
UDP User Datagram Protocol
VPN Virtual Private Network
VLANs Virtual Local Area Network
ACL Access Control List
AAA Authentication, Authorization, Accounting
DMZ Demilitarized Zone
IPSec Internet Protocol Security
IOS Internetwork Operating System
LAN Local Area Network
MAC Media access control
TFTP Trivial File Transfer Protocol

xi
IDS Intrusion Detection System
API Application Programming Interface
CLI Command Line Interface
FQDN Fully Qualified Domain Name
NAT Network Address Translation
SSL Secure Sockets Layer
WAN Wide Area Network
ISO International Organization for Standardization
NTP Network Time Protocol
AD Active Directory
BYOD Bring your own device
SSO Single Sign On

1
Table of Contents
Foreward ....................................................................................................................................iii
Dedicaces.................................................................................................................................... iv
ACKNOWLEDGEMENT.............................................................................................................. v
UNDERTAKING......................................................................................................................... vi
‫ملخص‬......................................................................................................................................... vii
Abstract.................................................................................................................................... viii
Résumé....................................................................................................................................... ix
Abbreviations............................................................................................................................... x
Table of Contents.......................................................................................................................... 1
List of Figures.............................................................................................................................. 4
General Introduction...................................................................................................................... 7
CHAPTER 1: Presentation of Specifications...................................................................................... 8
1.1 Introduction......................................................................................................................... 8
1.2 Host Organization................................................................................................................. 8
1.2.1 Business Units ......................................................................................................... 8
1.3 Organization Chart................................................................................................................ 9
1.4 Services............................................................................................................................ 10
1.5 Associated company and organization.................................................................................... 10
1.6 Problem and methodology for the management of project......................................................... 12
1.6.1 Problem Definition ....................................................................................................... 12
1.6.2 Project Schedule........................................................................................................... 12
1.6.3 Project planning ........................................................................................................... 13
1.7 Conclusion ........................................................................................................................ 14
CHAPTER 2: Theoretical notions about Cyber Security Challenges.................................................... 15
2.1 Introduction....................................................................................................................... 15
2.2 Cyber Security Introduction ................................................................................................. 15
2.3 Common Network Security Terms........................................................................................ 16
2.3 Cyber Security Important..................................................................................................... 19
2.4 Cyber Security Goals.......................................................................................................... 19
2.4.1 Confidentiality............................................................................................................. 20
2.4.2 Integrity...................................................................................................................... 22

2
2.4.3 Availability ................................................................................................................. 23
2.5 Types of Cyber Security ...................................................................................................... 24
2.5.1 Critical Infrastructure.................................................................................................... 24
2.5.2 Network Security.......................................................................................................... 24
2.5.3 Cloud Security............................................................................................................. 25
2.5.4 Application Security ..................................................................................................... 25
2.5.5 Internet of things (IoT) Security...................................................................................... 25
2.5.6 Developing a Cyber Security Strategy.............................................................................. 25
2.5.7 Understanding risks to critical business operations............................................................. 26
2.5.8 Integrating the strategy across departments....................................................................... 26
2.5.9 Plan for breaches ahead of time ...................................................................................... 26
2.6 Cyber Security Challenges................................................................................................... 26
2.6.1 Ransomware Evolution.................................................................................................. 27
2.6.2 Blockchain Revolution.................................................................................................. 27
2.6.3 IoT Threats.................................................................................................................. 27
2.6.4 AI Expansion............................................................................................................... 28
2.6.5 Serverless Apps Vulnerability ........................................................................................ 28
2.7 Types of Cyber Attacks....................................................................................................... 28
2.7.1 Web-based attacks........................................................................................................ 29
2.7.2 System-based attacks .................................................................................................... 35
2.8 Types of Cyber Attackers..................................................................................................... 40
2.8.1 Cyber Criminals........................................................................................................... 41
2.8.2 Hacktivists .................................................................................................................. 41
2.8.3 State-sponsored Attacker............................................................................................... 41
2.8.4 Insider Threats............................................................................................................. 42
CHAPTER 3: Requirement Engineering and Analysis ...................................................................... 43
3.1 Introduction....................................................................................................................... 43
3.2 Firewall Technologies and VPN............................................................................................ 43
3.2.1 Stateful Firewall................................................................................................................ 45
3.2.2 StatelessFirewall........................................................................................................... 46
3.2.3 Packet FilteringFirewall................................................................................................. 46
3.2.4 ProxyFirewall.............................................................................................................. 47
3.2.5 ApplicationFirewall...................................................................................................... 47
3.2.6 Personal Firewall .......................................................................................................... 48
3.2.7 TransparentFirewall...................................................................................................... 49

3
3.2.8 Virtual Wire Firewall.................................................................................................... 49
3.2.9 Traditional Network Firewall ......................................................................................... 49
3.2.10 Zone-BasedFirewall.................................................................................................... 50
3.2.10 Cloud-Based Firewall ................................................................................................... 50
3.2.11 Virtual Firewall........................................................................................................... 51
3.2.12 UTMFirewall............................................................................................................. 51
3.2.13 Next-Generation Firewall (NGFW) ............................................................................... 52
3.3 VPNs................................................................................................................................ 54
3.4 Project Process................................................................................................................... 55
3.4.1 The choice of the solution.............................................................................................. 55
3.4.2 Reasons for choice........................................................................................................ 57
3.5 Palo Alto Firewall platform.................................................................................................. 58
3.5.1 Definition.................................................................................................................... 58
3.5.2 Palo Alto firewall deployment terminology....................................................................... 59
CHAPTER 4: Implementation Plan and Test ................................................................................... 62
4.1 Introduction....................................................................................................................... 62
4.1.1 Suggested Architecture.................................................................................................. 62
4.1.2 Tools for project realization and emulation....................................................................... 63
4.2 Project implementation........................................................................................................ 64
4.2.1 The topology of the project ............................................................................................ 64
4.2.2 Install and Configure Palo alto firewall and Servers........................................................... 65
4.3 Install and configure the server side....................................................................................... 65
4.3.1 Install and configure Active Directory ............................................................................. 65
4.3.2 Install and Configure DNS Server................................................................................... 66
4.3.3 Install and Configure DHCP Server................................................................................. 67
4.3.4 Install Active Directory Certificate Services ..................................................................... 68
4.3.5 Install and Configure FTP Server.................................................................................... 70
4.3.6 Install and Configure Web Application Server .................................................................. 73
4.4 Install and configure the Palo Alto Firewall Networks side........................................................ 75
4.4.1 Perform Initial Configuration on Palo Alto Firewall........................................................... 75
CHAPTER 5: Conclusion and Results...........................................................................................101
CHAPTER 6: References............................................................................................................102

4
List of Figures
Figure 1: Logo of The Company Dev Networking Solutions. ............................................................... 8
Figure 2: DEVNET Organization Chart. ......................................................................................... 10
Figure 3: DEVNET Services......................................................................................................... 11
Figure 4: shows the main partners of DEVNET................................................................................ 11
Figure 5: Project Gantt................................................................................................................. 13
Figure 6: Asset............................................................................................................................ 16
Figure 7: Vulnerability................................................................................................................. 16
Figure 8: Exploit. ........................................................................................................................ 16
Figure 9: Threat. ......................................................................................................................... 17
Figure 10: Attack......................................................................................................................... 17
Figure 11: Risk. .......................................................................................................................... 18
Figure 12: Countermeasure........................................................................................................... 18
Figure 13: Security Goals. ............................................................................................................ 20
Figure 14: Confidentiality Tools.................................................................................................... 21
Figure 15: Integrity Tools............................................................................................................. 22
Figure 16: Types of Cyber Security................................................................................................ 24
Figure 17: Integrating the strategy across departments....................................................................... 26
Figure 18: Cyber Security Challenges............................................................................................. 27
Figure 19: Classification of Cyber attacks. ...................................................................................... 29
Figure 20: SQL Injection.............................................................................................................. 30
Figure 21: Identify Malware.......................................................................................................... 30
Figure 22: Cross Site Scripting...................................................................................................... 31
Figure 23: Adware....................................................................................................................... 31
Figure 24: Phishing...................................................................................................................... 32
Figure 25: Denial of Service.......................................................................................................... 33
Figure 26: Man in The Middle....................................................................................................... 34
Figure 27: Ransomware................................................................................................................ 35
Figure 28: Virus.......................................................................................................................... 35
Figure 29: Worm......................................................................................................................... 36
Figure 30: Trojan horse................................................................................................................ 37
Figure 31: Spyware...................................................................................................................... 37
Figure 32: Keyloggers.................................................................................................................. 38
Figure 33: Scareware. .................................................................................................................. 39
Figure 34: Logic Bomb. ............................................................................................................... 39
Figure 35: Botnet......................................................................................................................... 40
Figure 36: Types of Cyber Attackers. ............................................................................................. 41
Figure 37: Insider Threats............................................................................................................. 42
Figure 38: Firewall Technologies................................................................................................... 44
Figure 39: Statefull Firewall.......................................................................................................... 45
Figure 40: Packet Filtering Firewall................................................................................................ 46
Figure 41: Proxy Firewall............................................................................................................. 47
Figure 42: Application Firewall..................................................................................................... 47
Figure 43: Description of Application Firewall ................................................................................ 48
Figure 44: Personal Firewall.......................................................................................................... 48

5
Figure 45: Transparent Firewall..................................................................................................... 49
Figure 46: Palo Alto V-wire Mode Firewall..................................................................................... 49
Figure 47: Traditional Network Firewall......................................................................................... 49
Figure 48: Zone-Based Firewall..................................................................................................... 50
Figure 49: Cloud-Based Firewall. .................................................................................................. 50
Figure 50: Virtual Firewall............................................................................................................ 51
Figure 51: 14 UTM Firewall. ........................................................................................................ 51
Figure 52: Next-Generation Firewall (NGFW)................................................................................. 52
Figure 53: Firewall Placement Options. .......................................................................................... 53
Figure 54: Types of VPN.............................................................................................................. 54
Figure 55: The General Feasibility Study. ....................................................................................... 55
Figure 56: Leaders Firewalls......................................................................................................... 56
Figure 57: Comparison Between the Top Firewall............................................................................ 56
Figure 58: Evaluation of Solutions................................................................................................. 57
Figure 59: Palo Alto Next Generation Firewall deployed in TAP mode................................................ 59
Figure 60: Palo Alto Next Generation Firewall deployed in V-Wire mode............................................ 60
Figure 61: Palo Alto Next Generation Firewall deployed in Layer 2 mode............................................ 60
Figure 62: Palo Alto Next Generation Firewall deployed in Layer 3 mode............................................ 61
Figure 63: Suggested Architecture.................................................................................................. 62
Figure 64: Project Tools. .............................................................................................................. 63
Figure 65: The Topology to be Implemented. .................................................................................. 64
Figure 66: Domain Controller Installation. ...................................................................................... 65
Figure 67: DNS Server Configuration............................................................................................. 66
Figure 68: Install The DHCP Service.............................................................................................. 67
Figure 69: Configure DHCP Server................................................................................................ 67
Figure 70: Figure 41: Testing DHCP Server.................................................................................... 68
Figure 71: Install The Active Directory Certificate Services............................................................... 68
Figure 72: Configure Active Directory Certificate Services................................................................ 69
Figure 73: Manage Cerificate Service GUI...................................................................................... 69
Figure 74: Microsoft Active Directory Certificate Service WEB Interface............................................ 70
Figure 75: Install FTP Service....................................................................................................... 70
Figure 76: Open URL to Access FTP Server.................................................................................... 71
Figure 77: Configure FTP Server................................................................................................... 71
Figure 78: Testing FTP Server....................................................................................................... 72
Figure 79: User Authentication to Access FTP Server. ...................................................................... 72
Figure 80: Install and Configure Appache Server.............................................................................. 73
Figure 81: The Directory of Web Application.................................................................................. 73
Figure 82: Open URL to Access Web Application............................................................................ 74
Figure 83: Testing Web Application Server..................................................................................... 74
Figure 84: Change the old password in the first login........................................................................ 76
Figure 85: User Web Interface....................................................................................................... 76
Figure 86: Configure General Settings............................................................................................ 77
Figure 87: Configure the Management Interface............................................................................... 77
Figure 88: Creates Zones.............................................................................................................. 78
Figure 89: Attach Virtual Router and Security Zone toEthernet Interface............................................. 79
Figure 90: Configure Interface....................................................................................................... 79
Figure 91: Open Virtual Router. .................................................................................................... 80
Figure 92: Configure a Static Route................................................................................................ 80

6
Figure 93: Open Source NAT Policy. ............................................................................................. 81
Figure 94: Configure Source Zone. ................................................................................................ 82
Figure 95: Configure Translated Packet. ......................................................................................... 82
Figure 96: Open Destination NAT Policy........................................................................................ 83
Figure 97: Configure Static Destination NAT. ................................................................................. 83
Figure 98: Configure Original Packet. ............................................................................................ 84
Figure 99: Create Security Policy rules........................................................................................... 84
Figure 100: Configure Source Zone................................................................................................ 85
Figure 101: Configure Destination Zone. ........................................................................................ 85
Figure 102: Create Antivirus Profile............................................................................................... 87
Figure 103: Apply Antivirus Profile to Security Policy...................................................................... 87
Figure 104: Open Windows Sessions By User F.ENSA..................................................................... 88
Figure 105: Open a Fack Link on Google........................................................................................ 88
Figure 106: Testing Antivirus Profile.............................................................................................. 88
Figure 107: Create File Blocking Profile......................................................................................... 89
Figure 108: Apply File Blocking Profile to Security Policy................................................................ 89
Figure 109: Testing File Blocking Profile........................................................................................ 90
Figure 110: Create LDAP Server Profile......................................................................................... 91
Figure 111: Configure Palo Alto Networks User-ID Agent Setup........................................................ 91
Figure 112: Enable User Identification Monitored Server. ................................................................. 91
Figure 113: Create LDAP Authentication Profile.............................................................................. 92
Figure 114: Configure LDAP Authentication Profile......................................................................... 92
Figure 115: Create Group Mapping................................................................................................ 93
Figure 116: Configure Group Mapping........................................................................................... 93
Figure 117: Select which Groups You Allowed to Monitor................................................................ 93
Figure 118: Create Local Users CP_user1. ...................................................................................... 94
Figure 119: Create Local Users CP_user2. ...................................................................................... 94
Figure 120: Create Local Group CP_usergroup................................................................................ 95
Figure 121: Create Local Authentication Profile............................................................................... 95
Figure 122: Configure Local Authentication Profile.......................................................................... 95
Figure 123: Configure Captive Portal Settings. ................................................................................ 96
Figure 124: Configure Captive portal On Palo Alto Firewall. ............................................................. 96
Figure 125: Configure Interface Management Profile........................................................................ 97
Figure 126: Enable User_ID on the source Zone............................................................................... 97
Figure 127: Create Authentication Enforcement............................................................................... 98
Figure 128: Open Authentication Policy Rule.................................................................................. 98
Figure 129: Configure Authentication Policy Rule............................................................................ 99
Figure 130: Create Authentication Policy for captive Portal. .............................................................. 99
Figure 131: Captive Portal Authentication......................................................................................100
Figure 132: Testing captive Portal.................................................................................................100

7
General Introduction
During my internship at Dev Networking Solutions, I had the opportunity to perform several tasks, including
Study, Design and Implementation of a security solution based on the Palo Alto firewall.
Unfortunately, my end-of-study project could not take place at my internship location, It was then that I was
inspired by the latter to develop my project.
Indeed, nowadays we are never safe from a failure or breakdown. From this point of view the implementation
of a redundant and secure network is essential.
This End of Study report will be divided into six chapters:
The first chapter consists of:
• A brief presentation of the company Dev Networking Solutions
• Problem and methodology for the management of project
The second chapter gives some theoretical notions on this project at the level of:
• Cyber Security challenges
• Cyber Security Goals
• Types of Cyber Security
• Types of Cyber Attacks
The third chapter deals with the Requirement Engineering and Analysis:
• Types of Firewalls Technologies and VPNs
• Project Process
• The Best Solution Palo Alto Firewall Platform
The fourth chapter deals with the Implementation Plan and Test:
• Suggested Architecture
• Project implementation
• Install and Configure the Palo Alto Firewall Solution
The five chapter contains a conclusion and Results:
• From the work done
• Difficulties encountered
• Results obtained
• Possible improvements
The six chapter contains a References:

8
CHAPTER 1: Presentation of
Specifications
1.1 Introduction
This chapter gives an overall view of the project. It highlights the host organization and its activities, present
the general framework of the project and its planning.
1.2 Host Organization
Dev Networking Solutions is one of the leading integrators of IT (Information Technology) solutions, it was
created in 2014 to respond to and support the needs of large and medium-sized companies, by combining the
experience of these technical experts with their ability to listen, understand and support in the design,
deployment and maintenance of this infrastructure. powerful, robust and scalable.
The mission of Dev Networking Solutions is to offer the most adapted services and solutions to the most
perennial and profitable customer issues.
Dev Networking Solutions capitalizes on the feedback fromthe field drawn frommany sectors of activity and
technical environment. This allows the teams to understand the needs customers and to propose the most
adapted accompaniments and solutions and offering the best return on investment, incontexts that are always
intended to offer the best.
more specific:
1.2.1 Business Units
Today, DEVNET is structured in 3 entities (Business Units):
Network and Security Business Unit
The Networks and Security Division was involved very early on in the design and implementation of private
networks with prestigious clients. it has followed the technological evolution by constantly maintaining a
know-how and a very high level of competence.
Figure 1: Logo of The Company Dev Networking Solutions.

9
Most of the engineers and technicians involved in study projects and network security deployment are
certified by the manufacturers of the equipment used and have several years of experience in the field.
Over the years, DEVNET has been able to develop partnerships with leaders in the field. worldwide in the
sector. Itis withthemthat itintervenes onall the projectsthat itdevelops. The permanenttechnologicalwatch
as well as the relations with its partners are a guarantee of the quality of the proposed solutions and of their
Adequacy with the objectives defined by the users.
Systems Integration Business Unit
Informationsystemsnow representan essential lever in the followingareasthe search for performance. These
systems cover the entire chain of company's values while integrating specificities linked to globalization
markets, which require international harmonization of standards of quality and traceability that can better
govern trade in the future.
Faced with these challenges, DEVNET anticipates by making available to companies horizontal solutions
(across the entire value chain) combined with vertical solutions (by sector of activity), this approach allows
DEVNETtocapitalize onits positioningand marketstrengthsand thus offer tothecompanies withhigh value
information systems management solutions added.
Throughits masteryof itscustomers' businesses andits know-howinprojectmanagement, DEVNETprovides
proof of its expertise throughout its intervention at the customer's site.
IT Development Business Unit
Dev Networking Solution Dev meets all your expectations in terms of Internet sites and applications (fixed
and mobile), e-commerce platforms, specific development and automated catalog management.
Our solutions Languages, Frameworks and CMS used by DEVNET:
PHP, MySQL, Zend Framework, Symfony, WordPress.
1.3 OrganizationChart
Since its creation, DEVNET has quickly established itself as the undisputed leader in its field. of the
information services integration sector on a national scale. Indeed, the expansion of DEVNET is due to the
fact that it has the human resources, materials as well as qualified administrative staff and specialized
technicians and engineers with extensive experience in the following fields the material to meet market
expectations. Figure 2. shows DEVNET's organizational chart.
As my internship was carried out in the Technical Department, which is a large department, I was able to
work in a very different department. which manages the infrastructure of the different Clients in Morocco.
This department contains several Business Units, my work during this internship was more precisely at the
within the Network and Security BU. This service supports the design of the architectures network security
and monitoring as well as solving network and security related problems.

10
Figure 2: DEVNET Organization Chart.
1.4 Services
Thanks to itsglobal business model, DEVNETcanprovideits services bytype of services, but also toposition
itself as a single point of contact for everyone the following services (see Figure 3).
1.5 Associatedcompany and organization
In order to offer efficient, secure and latest generation solutions, DEVNET has developed strong strategic
partnerships, ensuring quality of service.

11
Figure 3: DEVNET Services.
Unequalled. The choice of partners in its strategy is an essential step, this is why DEVNET has surrounded
itself with partners recognized for their reliability, their control and technological leadership at the global
level. Figure 4 shows the main partners of DEVNET.
Figure 4: shows the main partners of DEVNET.

12
1.6 Problem and methodology for themanagement ofproject
1.6.1 Problem Definition
First of all, and as previously mentioned in the geo-introduction, the following points should be noted. This
end-of-study project is part of the deployment phase of DEVNET's Palo Alto Firewall security solution in
partnership with one of their customers. Of course, for each new technology that emerges; the propaganda of
the latter remains relatively limited at the very beginning, simply because this it is very difficult to change a
solution that is already available, especially when it is works well. Of course, even in commercial speeches,
a lot of the of benefits and improvements are cited and only then do clients go to the possibility of success of
this new solution for the case of their structure.
That said, it should also be noted that with any new technological developments, it is necessary to answer the
questions and confusions of the customers. Because in the end, a product is there to meet their needs. For our
In these cases, several questions were asked from potential DEVNET clients, among which:
- How secure are the applications and data on top of the new NGFW firewalls?
- How to migrate the existing traditional firewall to a new NGFW firewall?
- In today's architecture, you see and touch the hardware; if one day the Controller of the new Solution fails,
what about the applications? and data?
All these questions, and others, directed our thinking towards the studies and applications we wanted to
experimentandapplyinorder tobest answer thesequestions. problems. Andinorder todo so, it was necessary
to understand the technical details of the thing; but also to position oneself in the place of the final customers
and try to find answers to their questions.
1.6.2 Project Schedule
In this section, I will define the specifications for my project, allowing to define the existing needs within the
issues, and thus setting objectives throughout the process of resolving them.
As a result, the project seeks to:

13
- Study of the traditional Firewall of Data Center networks
- Determine the problems and limitations of this traditional Firewall
- Study of the Palo Alto Firewall network as a solution to these limitations
- What is Palo Alto Networks Firewall?
- Designing a solution for a customer's network that focuses on Palo Alto Networks Firewall.
1.6.3 Project planning
In order to ensure the proper conduct of any project, it is very necessary to divide it into separate tasks, but
also add the time factor to them. This provides visibility on the overall progress of the project, a confidence
in but also the time to adopt preventive measures when something comes out of measure.
The figure above shows the tasks established for project planning and the corresponding Gantt chart.
during the realization of this project, several constraints hindered its perfect progress especially those related
to the hardware because we could not carry out a physical deployment of the solution on the other hand, we
carried out a deployment using a virtualized infrastructure with a VM Palo Alto simulator.
Figure 5: Project Gantt.

14
In short, either with Hardware or Simulator environment, we can nevertheless experience all the
functionalities of the Palo Alto NetworkFirewallsolution in both implementations, the only difference is that
in the case of the simulator you cannot test our solution with real traffic.
1.7 Conclusion
Throughout this chapter, I have tried to best describe the overall environment around which my project took
place; by defining the framework for the internship which is the host company DEVNET but also the main
problems I faced. These last ones have strongly motivated me in order to carry out this project and to respond
to these issues. The following chapters will tackle these challenges and my proposed solutions on a more
granular level. in order to overcome them.

15
CHAPTER 2: Theoreticalnotions about
Cyber Security Challenges
2.1 Introduction
Digital technologies have transformed how people socialize, shop, interact with governmentand do business.
The Internet and World Wide Web have made vast amounts of information instantly available, and
smartphones have put it at our fingertips everywhere we go. Our interaction with the physical world is now
being transformed by the Internet of Things. As many as 15 billion devices are already online; estimates for
2020 range from 26 billion2 to 50 billion3. Data storage is increasingly shifting to the Cloud, increasing its
availability and usefulness; but also increasing complexity.
Digital systems are complex because of their large and distributed nature, their many subsystems and
interconnections, and the mix of human, legal, regulatory and technological elements involved. The scale and
interactions of these systems make their outcomes and risks very difficult to predict. The gains and losses that
occur are often unanticipated, while predicted outcomes may fail to materialise.
This complexity and growth also create asymmetries between attackers and their targets, and incentives that
drive underinvestment in cybersecurity. Many of the systems underpinning today’s networks were not
designed with security in mind. As a result, current cybersecurity practice lags behind rigorous, evidence-
based standards of engineering. This leaves digital systems vulnerable, both to emerging risks and to risks
that are already well understood.
Digital systems are already central to our security, wellbeing and growth, but the threats are constantly
growing and evolving. Cybersecurity tools, processes and institutions need to catch up and keep up.
Due to the importance of network security, I chose the topic “Palo Alto Firewall and Cyber security
Challenges” as my final year project to study solutions enhancing computer security. There is no absolute
safety solution so in order to secure the information on a network, we need to construct many layers of
protection. A firewall is the outermost layer of that system. The goal of this project is to study the basic
concepts of a Palo Alto firewall, threats to computer network security, a firewall topology, how they work
and deployment a firewall product.
2.2 Cyber Security Introduction
Cybersecurity is primarily about people, processes, and technologies working together to encompass the full
range of threat reduction, vulnerability reduction, deterrence, international engagement, incident response,
resiliency, and recovery policies and activities, including computer network operations, information
assurance, law enforcement, etc.
Cybersecurity is the protection of Internet-connected systems, including hardware, software, and data from
cyber attacks. It is made up of two words one is cyber and other is security. Cyber is relatedto the technology
which contains systems, network and programs or data. Whereas security related to the protection which
includes systems security, network security and application and information security.

16
It is the body of technologies, processes, and practices designed to protect networks, devices, programs, and
data fromattack, theft, damage, modificationor unauthorizedaccess. Itmayalsobe referredtoas information
technology security.
2.3 Common NetworkSecurityTerms
Asset
Asset is anything, which the organization is invested, and which is valuable to the organization. Examples:
Properties, Vehicles, Heavy Equipment, Plants, Buildings, Employees, Computers, Data, Intellectual
Properties etc. Protecting the organization's assets is the prime function of security (Physical Security or
Network Security).
Figure 6: Asset.
Vulnerability
Vulnerability can be defined a weakness in a system or its design. Every system is human created.
Chances for errors, mistakes are always there in every human created system.
Vulnerabilities are always there in Applications, Network Protocols, and Operating Systems etc.
An attacker to gain access to an organization’s network can exploit vulnerability.
Figure 7: Vulnerability.
Exploit
An Exploit can be defined as a way, method or tool which is used by an attacker, on a vulnerability, to cause
damage to the target network or system. The exploit can be software that may cause a buffer overflow or a
method of social engineering to hack a password.
Figure 8: Exploit.

17
Threat
Threat can be defined as anything danger to an Asset. Threats can be accidentally triggered or intentionally
exploited.
Figure 9: Threat.
Attack
Attack can be defined as action taken by an attacker to harm an asset.
Figure 10: Attack.

18
Risk
The term "Risk" can be defined as potential for loss, compromise, damage, destruction or other negative
consequence of an organization's Asset. Risk arises from a threat, multiple threats, and exploiting
vulnerability. Risk forms an adverse negative affect an organization's Asset.
Risk = Asset + Threat + Vulnerability
Countermeasure
Countermeasure is an action initiated by the organization typically security professionals to mitigate
a threat.
Figure 12: Countermeasure.
Figure 11: Risk.

19
2.3 Cyber Security Important
We live in a digital era which understands that our private information is more vulnerable than ever before.
We all live in a world which is networked together, from internet banking to government infrastructure,
where data is stored on computers and other devices. A portion of that data can be sensitive information,
whether that be intellectual property, financial data, personal information, or other types of data for which
unauthorized access or exposure could have negative consequences.
Cyber-attack is now an international concern and has given many concerns that hacks and other security
attacks could endanger the global economy. Organizations transmit sensitive data across networks and to
other devices in the course of doing businesses, and cybersecurity describes to protect that information and
the systems used to process or store it.
As the volume of cyber-attacks grows, companies and organizations, especially those that deal information
related to national security, health, or financialrecords, need to take steps to protect their sensitive business
and personal information.
2.4 Cyber Security Goals
The objective of Cybersecurity is to protect information from being stolen, compromised or attacked.
Cybersecurity can be measured by at least one of three goals:
1. Protect the confidentiality of data.
2. Preserve the integrity of data.
3. Promote the availability of data for authorized users.
These goals form the confidentiality, integrity, availability (CIA) triad, the basis of all security programs.
The CIA triad is a security model that is designed to guide policies for information security within the
premises of an organization or company. This model is also referred toas the AIC (Availability, Integrity,
and Confidentiality) triad to avoid the confusion with the Central Intelligence Agency. The elements of
the triad are considered the three most crucial components of security.
The CIA criteria are one that most of the organizations and companies use when they have installed a new
application, creates a database or when guaranteeing access to some data. For data to be completely secure,
all of these security goals must come into effect. These are security policies that all work together, and
therefore it can be wrong to overlook one policy

20
The CIA triad are
2.4.1 Confidentiality
Confidentiality is roughly equivalent to privacy and avoids the unauthorized disclosure of information. It
involvesthe protectionof data, providingaccess for thosewhoare allowedto see itwhile disallowingothers
from learning anything people can get it. Data encryption is a good example to ensure confidentiality.
Figure 13: Security Goals.

21
Encryption
Encryption is a method of transforming information to make it unreadable for unauthorized users by using
an algorithm. The transformation of data uses a secret key (an encryption key) so that the transformed data
can only be read by using another secret key (decryption key). It protects sensitive data such as credit card
numbers by encoding and transforming data into unreadable cipher text. This encrypted data can only be
read by decrypting it. Asymmetric-key and symmetric-key are the two primary types of encryption.
Access control
Access control defines rules and policies for limiting access to a system or to physical or virtual resources.
It is a process by which users are granted access and certain privileges to systems, resources or information.
In access control systems, users need to present credentials before they can be granted access such as a
person's name or a computer's serial number. In physical systems, these credentials may come in many
forms, but credentials that can't be transferred provide the most security.
Authentication
An authentication is a process that ensures and confirms a user's identity or role that someone has. It can be
done in a number of different ways, but it is usually based on a combination of:
• something the person has (like a smart card or a radio key for storing secret keys),
• something the person knows (like a password),
• something the person is (like a human with a fingerprint).
Authentication is the necessity of every organizations because it enables organizations to keep their
networks secure by permitting only authenticated users to access its protected resources. These resources
may include computer systems, networks, databases, websites and other network-based applications or
services.
Figure 14: Confidentiality Tools.

22
Authorization
Authorization is a security mechanism which gives permission to do or have something. It is used to
determine a person or system is allowed access to resources, based on an access control policy, including
computer programs, files, services, data and application features. It is normally preceded by authentication
for user identity verification. System administrators are typically assigned permission levels covering all
system and user resources. During authorization, a system verifies an authenticated user's access rules and
either grants or refuses resource access.
Physical Security
Physical security describes measures designed to deny the unauthorized access of IT assets like facilities,
equipment, personnel, resources and other properties from damage. It protects these assets from physical
threats including theft, vandalism, fire and natural disasters.
2.4.2 Integrity
Integrity refers to the methods for ensuring that data is real, accurate and safeguarded from unauthorized
user modification. It is the property that information has not be altered in an unauthorized way, and that
source of the information is genuine.
Backups
Backup is the periodic archiving of data. It is a process of making copies of data or data files to use in the
event when the original data or data files are lost or destroyed. It is also used to make copies for historical
purposes, such as for longitudinal studies, statistics or for historical records or to meet the requirements of
a data retention policy. Many applications especially in a Windows environment, produce backup files
using the .BAK file extension.
Figure 15: Integrity Tools.

23
Checksums
A checksum is a numerical value used to verify the integrity of a file or a data transfer. In other words, it is
the computation of a function that maps the contents of a file to a numerical value. They are typically used
to compare two sets of data to make sure that they are the same. A checksum function depends on the entire
contents of a file. It is designed in a way that even a small change to the input file (such as flipping a single
bit) likely to results in different output value.
Data Correcting Codes
It is a method for storing data in such a way that small changes can be easily detected and automatically
corrected.
2.4.3 Availability
Availability is the property in which information is accessible and modifiable in a timely fashion by those
authorized to do so. It is the guarantee of reliable and constant access to our sensitive data by authorized
people.
Tools for Availability
• Physical Protections
• Computational Redundancies
Physical Protections
Physical safeguard means to keep information available even in the event of physical challenges. It ensure
sensitive information and critical information technology are housed in secure areas.
Computational redundancies
It is applied as fault tolerant against accidental faults. It protects computers and storage devices that serve
as fallbacks in the case of failures.

24
2.5 Types ofCyber Security
Cybersecurity covers is a wide subject matter. Below, we will go through the core types of cyber securities.
A holistic strategy includes all of these aspects and overlooks none.
2.5.1 Critical Infrastructure
The critical infrastructure of the world functions as a cyber-physical hybrid.
Everything from hospitals to water purification plants to the electricitygrid are now plugged into the online
world and digitized. We gain many advantages from this super-structure. Putting a system online, however,
also creates new vulnerabilities to cyber-attacks and hacking. When a company first connects itself to the
physical and then digital world, the first infrastructure it plugs itself into is the critical infrastructure.
Company decision-makers must include this perspective into their plan on how attacks might affect their
functionality. If a company does not have a contingency plan, it should create one immediately.
2.5.2 Network Security
The security of a network protects a company against unauthorized access and intrusions. Proper security
over a network can also find and destroy internal threats to the system as well.
Effectiveimplementationof networksecurityoftenrequiressomecompromiseand trade-offs. For instance,
extra logins help to protect a company’s information from unauthorized access, but it also slows down
company productivity. One of the significant problems of network security is that it uses a lot of company
resources.
Network security tools generate huge amounts of data. Even if a network security system finds a threat, it
might slip through the cracks, ignored, due to the sheer volume of data that’s being produced. IT teams are
Figure 16: Types of Cyber Security.

25
now using machine learning to automate the identification of legitimate security threats, thereby reducing
human error. But it’s far from a perfect system.
2.5.3 Cloud Security
Cloud security is a set of policies, controls, and procedures, combined with technologies that work together
to protect data, infrastructure, and cloud-based systems.
They are specific security measures which are configured to protect a customer’s privacy, guard data,
supportregulatorycompliance, andalsosets authenticationrulesfor devicesand users. This means anything
from filtering traffic, authenticating access, and configuring cloud security for specific client needs. It’s
mobile since it’s configured and managed in one location, and frees up businesses to focus resources on
other security needs.
2.5.4 Application Security
Many of the best modern hackers find web application security the weakest point to attack an organization.
It’shardto keep upwith themdue tothe proliferationof newrelationshipswithapps companies havewhich
are not yet properly vetted and secured. Application security starts with great coding, which is also
challengingtofind. After attainingsecurecodingpractices, penetrationtesting andfuzzingarethetwo other
security practices every company should begin to implement now.
2.5.5 Internet of things (IoT) Security
The IoT is an important cyber-physical system in how online systems communicate. More specifically, IoT
refers to a system of interrelated computing devices, which can be defined as mechanical and digital
machines, or objects, animals or people which are given unique identifiers (UIDs) and become digitized in
some capacity. It also refers to the distinct ability of this system to transfer data over a network without
needing human-to-human or human-to-computer interactions.
IoT will only become more critical to business as time goes on. The Internet of Things will connect
consumers in neighborhoods and neighborhoods to critical infrastructure in an unprecedented manner. In a
few years, a hacker may open up and exploit someone’s refrigerator or choose to shut down electricity to
an entire town – if we are not careful. Today, IoT devices often are shipped to consumers in an insecure
state. There are many devices that have no patching for security either, which makes them prime targets for
botnets.
2.5.6 Developing a Cyber Security Strategy
Every strategy should be custom-designed. A cybersecurity strategy that works for one company will not
necessarily be effective for another. It’s different for every entity based on their specific needs and
vulnerabilities.
However, there are some overarching themes that you can take into account regardless of your company
size, scope, or industry.

26
2.5.7 Understandingrisks to critical businessoperations
Cybersecurity is continually becoming more complex. Organizations must have a ‘security vision’ about
what cybersecurity means to their operations. This includes generating an acceptable level of risk and
prioritizing areas to target for the majority of security investments.
2.5.8 Integrating the strategy across departments
A good security strategy must work across all the security measures that a company already has in place.
Companies should intervene smartly in crucial areas to close off backdoors and improve overall security.
2.5.9 Plan for breaches ahead of time
Understand that hackers are always one step ahead of the curve in security. No matter how good your
defenses may be, they will be breached at some point in time. Instead of waiting in fear for the inevitable,
prepare for it. Boost your disaster recovery and business continuity metrics so that when something does
happen, you can return to normal functionality as quickly as possible.
With the basics of cybersecurity covered, should a company now feel relaxed with their new insights into
protections? Not at all. Cybersecurity means remaining eternally vigilant in a constantly moving digital
ecosystem. The solutionsthat worktodaywillnot worktomorrow. Hackerswillhavefiguredoutsomething
else by then, and they will be at your front door with even more powerful executions.
2.6 Cyber Security Challenges
Today cybersecurityis the maincomponentof the country's overallnationalsecurityand economicsecurity
strategies. there are so many challenges related to cybersecurity. With the increase of the cyber-attacks,
every organization needs a security analyst who makes sure that their system is secured. These security
analysts face many challenges related to cybersecurity such as securing confidential data of government
organizations, securing the private organization servers, etc.
Figure 17: Integrating the strategy across departments.

27
The recent important cybersecurity challenges are described below:
2.6.1 Ransomware Evolution
Ransomware is a type of malware in which the data on a victim's computer is locked, and payment is
demanded before the ransomed data is unlocked. After successful payment, access rights returned to the
victim. Ransomware is the bane of cybersecurity, data professionals, IT, and executives.
Ransomware attacks are growing day by day in the areas of cybercrime. IT professionals and business
leaders need to have a powerful recovery strategy against the malware attacks to protect their organization.
It involves proper planning to recover corporate and customers' data and application as well as reporting
any breaches against the Notifiable Data Breaches scheme. Today's DRaaS solutions are the best defence
against the ransomware attacks. With DRaaS solutions method, we can automatically back up our files,
easily identify which backup is clean, and launch a fail-over with the press of a button when malicious
attacks corrupt our data.
2.6.2 Blockchain Revolution
Blockchaintechnologyis the mostimportantinventionincomputingera. Itisthefirsttimein humanhistory
that we have a genuinely native digital medium for peer-to-peer value exchange. The blockchain is a
technology that enables cryptocurrencies like Bitcoin. The blockchain is a vast global platform that allows
two or more parties to do a transaction or do business without needing a third party for establishing trust.
It is difficult to predict what blockchain systems will offer in regards to cybersecurity. The professionals in
cybersecurity can make some educated guesses regarding blockchain. As the application and utility of
blockchain in a cybersecurity context emerges, there will be a healthy tension but also complementary
integrations with traditional, proven, cybersecurity approaches.
2.6.3 IoT Threats
IoT stands for Internet of Things. It is a system of interrelated physical devices which can be accessible
through the internet. The connected physical devices have a unique identifier (UID) and have the ability to
transfer data over a network without any requirements of the human-to-human or human-to-computer
Figure 18: Cyber Security Challenges.

28
interaction. The firmware and software which is running on IoT devices make consumer and businesses
highly susceptible to cyber-attacks.
When IoT things were designed, it is not considered in mind about the used in cybersecurity and for
commercial purposes. So every organization needs to work with cybersecurity professionals to ensure the
security of their password policies, session handling, user verification, multifactor authentication, and
security protocols to help in managing the risk.
2.6.4 AI Expansion
AI short form is Artificial intelligence. According to John McCarthy, father of Artificial Intelligence
defined AI: "The science and engineering of making intelligent machines, especially intelligent computer
programs."
It is an area of computer science which is the creation of intelligent machines that do work and react like
humans. Some of the activities related to artificial intelligence include speech recognition, Learning,
Planning, Problem-solving, etc. The key benefits with AI into our cybersecurity strategy has the ability to
protect and defend an environment when the malicious attack begins, thus mitigating the impact. AI take
immediate action against the malicious attacks at a moment when a threats impact a business. IT business
leaders and cybersecurity strategy teams consider AI as a future protective control that will allow our
business to stay ahead of the cybersecurity technology curve.
2.6.5 Serverless Apps Vulnerability
Serverless architecture and apps is an application which depends on third-party cloud infrastructure or on
a back-endservice such as google cloudfunction, Amazonweb services (AWS) lambda, etc. The serverless
apps invite the cyber attackers to spread threats on their system easily because the users access the
application locally or off-server on their device. Therefore it is the user responsibility for the security
precautions while using serverless application.
The serverless apps do nothing to keep the attackers away from our data. The serverless application doesn't
helpif an attacker gains access to our datathroughavulnerabilitysuchas leaked credentials, acompromised
insider or by any other means then serverless.
We can run software with the application which provides best chance to defeat the cybercriminals. The
serverless applications are typically small in size. It helps developers to launch their applications quickly
and easily. They don't need to worry about the underlying infrastructure. The web-services and data
processing tools are examples of the most common serverless apps.
2.7 Types ofCyber Attacks
A cyber-attack is an exploitation of computer systems and networks. It uses malicious code to alter
computer code, logic or data and lead to cybercrimes, such as information and identity theft.

29
We are living in a digital era. Now a day, most of the people use computer and internet. Due to the
dependency on digital things, the illegal computer activity is growing and changing like any type of crime.
Cyber-attacks can be classified into the following categories:
2.7.1 Web-based attacks
These are the attacks which occur on a website or web applications. Some of the important web-based
attacks are as follows-
Injection attacks
It is the attack in which some data will be injected into a web application to manipulate the application and
fetch the required information.
Example- SQL Injection, code Injection, log Injection, XML Injection etc.
SQL Injection
• SQL injection is a code injection technique that might destroy your database.
• SQL injection is one of the most common web hacking techniques to gain access.
• SQL injection is placement of malicious code in SQL statements, via web page input.
• SQL Injection is injection attack makes possible to execute malicious SQL statements.
• Attackers can use SQL Injection vulnerabilities to bypass application security measures.
• SQL Injection (SQLi) also used to add, modify, and delete records in the database.
• SQL injection attack exploits vulnerable cloud-based applications allow pass SQLcommands.
Figure 19: Classification of Cyber attacks.

30
Malware
• Malware is a term which is short for “Malicious Software” is a file or code or application.
• Malware (Malicious Software) is any program or file, that is harmful to a computer user.
• Malicious Software typically delivered over a network that infects, explores andsteals.
• Malware (Malicious Software) can be conducts virtually any behavior an attacker wants.
• Malware (Malicious Software) is an inclusive term, for all types of malicious software.
• Malicious Software is terms for all as Viruses, Worms, Trojans, Rootkits, and Spyware.
• Malware is also terms for Adware, Scareware, Botnets, Logic Bombs, Key loggers etc.
• Many tools can identify Malware on the network such as Packet Captures to analyzing.
• In addition, tools Snort, NetFlow, IPS, Advanced Malware Protection, Cisco FirePOWER etc.
Cross Site Scripting
• XSS is term, which stand for Cross-Site Scripting Errors, are a type of coding error.
• Where a malicious party can trigger execution of software from their browser.
Figure 20: SQL Injection.
Figure 21: Identify Malware.

31
• Cross-site scripting is a type of security vulnerability found in web applications.
• XSS enables attackers to inject client-side scripts into web pages viewed by other users.
• Common purpose of XSS attack is to collect cookie data such as session IDs or login info.
• XSS used to steal cookies exploited to gain access as authenticated user to a cloud-based.
• Three major categories are Reflected XSS, Stored (Persistent) XSS, and DOM-BasedXSS.
Adware
• Adware is computer term, which is stand for Advertising-Supported Malware.
• Adware works by executing advertisements to generate revenue for the hackers.
• Adware (Advertising-Supported Malware) is any type of advertising-supportedsoftware.
• Adware will play, display, or download advertisements automatically on a user's computer.
• Adware will play once the software has been installed or the application is in theuse.
Figure 22: Cross Site Scripting.
Figure 23: Adware.

32
DNS Spoofing
DNS Spoofing is a type of computer security hacking. Whereby a data is introduced into a DNS resolver's
cache causing the name server to return an incorrect IP address, diverting traffic to the attacker?s computer
or any other computer. TheDNS spoofingattacks can goon for a longperiodof timewithoutbeingdetected
and can cause serious security issues.
Session Hijacking
It is a security attack on a user session over a protected network. Web applications create cookies to store
the state and user sessions. By stealing the cookies, an attacker can have access to all of the user data.
Phishing
Phishing is a type of attack which attempts to steal sensitive information like user login credentials and
credit card number. It occurs when an attacker is masquerading as a trustworthy entity in electronic
communication.
• Phishing is a type of social engineering attack often used to steal user data or info.
• Phishing is social engineering attack to steal login credentials & credit card numbers.
• Phishing is method of trying to gather personal info using deceptive e-mails & websites.
• Phishing is a cyber-attack that uses disguised email as a weapon to steal user data or info.
Figure 24: Phishing.

33
Brute force
It is a type of attack which uses a trial and error method. This attack generates a large number of guesses
and validates them to obtain actual data like user password and personal identification number. This attack
may be used by criminals to crack encrypted data, or by security, analysts to test an organization's network
security.
Denial of Service
It is an attack which meant to make a server or network resource unavailable to the users. It accomplishes
this by flooding the target with traffic or sending it information that triggers a crash. It uses the single
system and single internet connection to attack a server. It can be classified into the following-
Volume-based attacks- Its goal is to saturate the bandwidth of the attacked site, and is measured in bit per
second.
Protocol attacks- It consumes actual server resources, and is measured in a packet.
Application layer attacks- Its goal is to crash the web server and is measured in request per second.
• DoS Attack is a type of attack to network server with large number of servicerequests.
• DoS Attack can cause server to crash the server & legitimate users are denied the service.
• DDoS stand for (Distributed Denial of Service) an Attack, which is one type of DoS attack.
• DDoS originating from many attacking computers from different geographical regions.
• Zombies and Botnets are mainly used in DDoS (Distributed Denial of Service) attacks.
• Both type of attack DoS and DDoS can cause the services to become unavailable to users.
• Such as Ping of Death, Smurf Attack, TCP SYN , CDP Flood, Buffer Overflow, ICMP Flood.
• Cloud is more vulnerable to DoS attacks because it is shared by many users & organizations.
Figure 25: Denial of Service.

34
Dictionary attacks
This type of attackstoredthe listof acommonlyused passwordand validatedthemto getoriginalpassword.
URL Interpretation
It is a type of attack where we can change the certain parts of a URL, and one can make a web server to
deliver web pages for which he is not authorized to browse.
File Inclusion attacks
It is a type of attack that allows an attacker to access unauthorized or essential files which is available on
the web server or to execute malicious files on the web server by making use of the include functionality.
Man in the middle attacks
It is a type of attack that allows an attacker to intercepts the connection between client and server and acts
as a bridge between them. Due to this, an attacker will be able to read, insert and modify the data in the
intercepted connection.
• MITM (Man in The Middle) means man in the middle of your conversation.
• In a Man-in-The-Middle attack, attackers place themselves between two devices.
• MITM attack to intercept or modify communications between the two devices.
• MITM cyberattacks allow attackers to secretly intercept communications.
• MITM attack happens when hacker inserts themselves between a user & apps.
• Attackers have many different reasons and methods for using a MITM attack.
• MITM is used to steal something, like credit card numbers or user login credentials.
• MITM attacks involve interception of communication between two digital systems.
Figure 26: Man in The Middle.

35
2.7.2 System-based attacks
These are the attacks which are intended to compromise a computer or a computer network. Some of the
important system-based attacks are as follows-
Ransomware
• Its propagate like worm but is designed to encrypt personal files on victim’s hard drive.
• Ransomware works by encrypting the hard drive and all files on a system or Computer.
• Ransomware can encrypt specific files in your system or all your files or mast boot record.
• Ransomware then asks for a payment in exchange for giving the decryption key.
• Major Ransomware like Reveton, CryptoLocker, CryptoWall, Pyeta, Nyeta, Bad Rabbit.
• More recently Ransomware 2017 WannaCry attack was lunched which destroy many PCs.
• Ransomware caused no small amount of destruction, but it caused huge destruction.
Virus
It is a type of malicious software program that spread throughout the computer files without the knowledge
of a user. It is a self-replicating malicious computer program that replicates by insertingcopies of itself into
other computer programs when executed. It can also execute instructions that cause harm to the system.
• Malicious code that attached to executable files that are often regular application.
• Viruses require some type of human or any other application interaction to activate.
• Entire category of viruses are designed to damage or destroy a system or thedata.
Figure 27: Ransomware.
Figure 28: Virus.

36
Worm
It is a type of malware whose primary function is to replicate itself to spread to uninfected computers. It
works same as the computer virus. Worms often originate from email attachments that appear to be from
trusted senders.
• Worms are malware that replicate themselves and spread to infect other systems.
• Think of worms as small programs that replicate themselves in a computer network.
• A worm can travel from system to system without human or application interaction.
• When worm executes, it can replicate again & infect even more systems or computer.
• Worms destroy the files and data on user’s computer or system or Computer network.
• Worms usually target the operating system (OS) files to make them empty & destroy.
• Worms typically cause harm to the computer network and consuming the bandwidth.
Trojan horse
It is a malicious program that occurs unexpected changes to computer setting and unusual activity, even
when thecomputer shouldbe idle. Itmisleads the user of itstrue intent. Itappearsto bea normalapplication
but when opened/executed some malicious code will run in the background.
• Trojans are malicious programs that appear like regular applications or programs.
• Trojans are malicious programs that appear like media files or other computer files.
• Trojans contain a malicious payload; the payload can be anything malicious acts etc.
• Trojans payload provide backdoor that allows attackers unauthorized access to system.
• Trojans pretend to do one thing but, when loaded, actually perform anothermalicious.
• Few Trojan categories are command-shell Trojans, graphical user interface (GUI) Trojans.
• HTTP/HTTPS Trojans, document Trojans, defacement Trojans, botnet Trojans, VNCTrojans.
• Remote-Access Trojans, data-hiding Trojans, banking Trojans, DoS Trojans, FTP Trojans.
• Software-Disabling Trojans, and covert-channel Trojans are few examples of trojans.
Figure 29: Worm.

37
• Remote-access Trojans (RATs) allow the attacker full control over the system or PC.
• Idea behind this type of Trojan is to hide user’s data sometimes known as ransomware.
• Security-software disablers Trojans are designed to attack and kill antivirus or firewalls.
• Denial of Service (DoS), These Trojans are designed to cause a DoS Denial of Service.
• They can be designed to knock out specific service or to bring an entire system offline.
• Trojans are dangerous, they represent a loss of confidentiality, integrity, and availability.
• Common targets of Trojans Credit card data & banking info have become huge targets.
• Passwords are always a big target of second common targets of trojans malware.
• P2P networks and file-sharing sites such as The Pirate Bay are generally unmonitored.
• And allow anyone to spread any programs they want, legitimate or not like trojans.
• Instant Messaging, Internet Relay Chat, Email attachments, and browser extension etc.
Figure 30: Trojan horse.
Spyware
• Spyware computer network term, which is common types of malware.
• Spyware monitors the activities performed by a computer user on the PC.
• The main intention of a spyware is to collect the private information of PC user.
• Spyware normally come from internet while user download freewaresoftware.
• Spyware is another form of malicious code that is similar to a Trojan horse malware.
Figure 31: Spyware.

38
Keyloggers
• Keylogger is network term which is Keystroke loggers software or Hardwar.
• Software, which records all the information that is typed using a keyboard.
• Keyloggers store the gathered information and send it to the attacker.
• Attacker extract sensitive information like password or credit card details.
Rootkits
• A rootkit is a collection of software specifically designed to permit malware.
• Rootkits gathers information, into your system, Computer, or computer network.
• These work in the background so that a user may not notice anything suspicious.
• Rootkits in the background permit several types of malware to get into the system.
• The term rootkit is derived from the combination of two words – "root" and"kit".
• Root refers to the administrator account in Unix and Linux operating systems etc.
• Kit refers to programs allow threat actor to obtain unauthorized root/admin access.
Scareware
• Scareware is a type of malware, which is designed to trick victims.
• Scareware trick victims into purchasing and downloading uselesssoftware.
• Scareware trick victims into download potentially dangerous software.
• Scareware, which generates pop-ups that resemble Windows system messages.
• Scareware usually purports to be antivirus or antispyware software or malwares.
• Scareware also usually popup a firewall application or a registry cleaner.
• The messages typically say that a large number of problems such as infected files.
• The user is prompted to purchase software to fix Computer or system problems.
Figure 32: Keyloggers.

39
• In reality, no problems were detected, and the suggested software contain malware.
Logic Bomb
• A Logic Bomb is malware that is triggered by a response to an event.
• Such as launching an application or when a specific date/time is reached.
• Attackers can use logic bombs in a variety of ways to destroy data or system.
• They can embed arbitrary code within a fake application, or Trojan horse.
• Logic Bomb will be executed whenever you launch the fraudulent software.
• Attackers can also use a combination of spyware and logic bombs to steal identity.
• detected, and the suggested software contain malware.
Botnet
• Basically, the word botnet is made up of two words: bot and net.
• So, Bot is short for robot and Net comes from the network.
• People who write and operate malware cannot manually log onto every computer.
• They have infected, instead they use botnets to manage a large number of systems.
• A botnet is a network of infected computers, used by the malware to spread.
• Cybercriminals use special Trojan viruses to breach the security of several users’ PCs.
• Cybercriminals take control of each computer & organize all of the infected PCs.
Figure 33: Scareware.
Figure 34: Logic Bomb.

40
• Cybercriminals remotely manage and organize all infected computer bot.
Data Breach
• Data breach can involve data that was not supposed to be released to thepublic.
• Which includes financial information, personal health information & trade secrets.
• Which includes. Personally, identifiable information and other intellectual property.
• Value of the organization’s cloud-based data might be different for different people.
• Data Breach happen if organization lacks managing authentication & identity properly.
• The Businesses need to properly allocate access to data as per every user’s job role.
• One-time passwords & phone-based authentications are the two factor authentications.
• that help securing cloud services by making it tough for the attacks to steal the credentials.
Backdoors
It is a method that bypasses the normal authentication process. A developer may create a backdoor so that
an application or operating system can be accessed for troubleshooting or other purposes.
Bots
A bot (short for "robot") is an automated process that interacts with other network services. Some bots
program run automatically, while others only execute commands when they receive specific input.
Common examples of bots program are the crawler, chatroom bots, and malicious bots.
2.8 Types ofCyber Attackers
In computer and computer networks, an attacker is the individual or organization who performs the
malicious activities to destroy, expose, alter, disable, steal or gain unauthorized access to or make
unauthorized use of an asset.
As the Internet access becomes more pervasive across the world, and each of us spends more time on the
web, there is also an attacker grows as well. Attackers use every tools and techniques they would try and
attack us to get unauthorized access.
There are four types of attackers which are described below-
Figure 35: Botnet.

41
2.8.1 Cyber Criminals
Cybercriminals are individual or group of people who use technology to commit cybercrime with the
intention of stealing sensitive company information or personal data and generating profits. In today's, they
are the most prominent and most active type of attacker.
Cybercriminals use computers in three broad ways to do cybercrimes-
• Select computer as their target- In this, they attack other people's computers to do cybercrime,
such as spreading viruses, data theft, identity theft, etc.
• Uses the computer as their weapon- In this, they use the computer to do conventional crime such
as spam, fraud, illegal gambling, etc.
• Uses the computer as their accessory- In this, they use the computer to steal data illegally.
2.8.2 Hacktivists
Hacktivists are individuals or groups of hackers who carry out malicious activity to promote a political
agenda, religious belief, or social ideology. According toDan Lohrmann, chief security officer for Security
Mentor, a national security training firm that works with states said "Hacktivism is a digital disobedience.
It's hacking for a cause." Hacktivists are not like cybercriminals who hack computer networks to steal data
for the cash. They are individuals or groups of hackers who work together and see themselves as fighting
injustice.
2.8.3 State-sponsored Attacker
State-sponsoredattackershave particular objectivesalignedwitheither thepolitical, commercialor military
interests of their country of origin. These type of attackers are not in a hurry. The government organizations
have highly skilled hackers and specialize in detecting vulnerabilities and exploiting these before the holes
are patched. It is very challenging to defeat these attackers due to the vast resources at their disposal.
Figure 36: Types of Cyber Attackers.

42
2.8.4 Insider Threats
The insider threat is a threat to an organization's security or data that comes from within. These type of
threats are usually occurred from employees or former employees, but may also arise from third parties,
including contractors, temporary workers, employees or customers.
Insider threats can be categorized below-
Malicious
Malicious threats are attempts by an insider to access and potentially harm an organization's data, systems
or IT infrastructure. These insider threats are often attributed to dissatisfied employees or ex-employees
who believe that the organization was doing something wrong with them in some way, and they feel
justified in seeking revenge.
Insiders may also become threats when they are disguised by malicious outsiders, either through financial
incentives or extortion.
Accidental
Accidental threats are threats which are accidently done by insider employees. In this type of threats, an
employeemightaccidentallydeletean importantfileor inadvertentlyshareconfidentialdatawithabusiness
partner going beyond companies policy or legal requirements.
Negligent
These are the threats in which employees try to avoid the policies of an organization put in place to protect
endpoints and valuable data. For example, if the organization have strict policies for external file sharing,
employees might try to share work on public cloud applications so that they can work at home. There is
nothing wrong with these acts, but they can open up to dangerous threats nonetheless.
Figure 37: Insider Threats.

43
CHAPTER 3: Requirement Engineering
and Analysis
3.1 Introduction
Information security is a critical need for individuals, society and all countries in the world. Since its
invention, thecomputer networkhas broughtconsiderableefficiencytoall aspects of life. allaspects of life.
In addition, users must also face the threat of all kinds of attacks from hackers. Network security includes
methods of protecting all information stored and transferred by a network of systems. transferred through
a network of systems. It is also an area of special interest and a difficult and complex job. complex at the
same time. Realityhas proventhat attackmethods aremoreadvanced and sophisticatedthan before. Reality
has proven that the methods of attack are more advanced and sophisticated than before and that hackers
aim to attack information during the storage, processing and transfer phases. Since the Internet era, more
and more computers are attacked by viruses, Trojans and also by various types of TCP/IP protocol
injections.
In the age of information explosion, hackers are growing at a faster rate than ever before on all scales. A
firewallis notonly software(such as a firewallonthe Windows operatingsystem) but can also be hardware
dedicated to network security. A firewall as dedicated hardware helps network computers to analyze data,
ensuring that malicious software cannot enter the system. It also allows administrators to control activities
on user computers, filter and restrict access to data and transfer data from inside to outside and vice versa.
to transfer data from inside to outside and vice versa.
3.2 FirewallTechnologies and VPN
Firewallis acomputer networksecuritysystem designed topreventunauthorizedaccess toor froma private
network. It can be implemented as hardware, software, or a combination of both. Firewalls are used to
preventunauthorizedInternetusersfromaccessingprivatenetworksconnectedto theInternet. Allmessages
are entering or leaving the intranet pass through the firewall. The firewall examines each message and
blocks those that do not meet the specified security criteria.
• The word firewall commonly describes a system or device.
• Firewall isplaced between a trusted network and an untrusted network.
• A firewall issecurity devicesused to stop or mitigateunauthorized access.
• The only trafficallowed on thenetwork isdefined viafirewall policies.
• Firewall grantsor rejectsaccessto trafficflowsbetween untrusted & trusted zone.
• A firewall monitorsincoming and outgoing networkrelated traffic.
• Firewall decidesto allow or block specifictrafficbased on defined set of security rules.
• A firewall can be hardware, software, or both or can beCloud-based firewall.
• The first generation of firewall technologyconsisted of packetfilters.
• The second generation of firewall started with application layers.

44
• The third generation of firewall had “Stateful” filters inspection.
• Firewalls are relied upon to secure home and corporate networks from any attacks
Top 10 PopularCompaniesNetworkSecurity
Figure 38: Firewall Technologies.

45
3.2.1 Stateful Firewall
• It maintains thestate of connection when packet is travelling for the appliance.
• StateFull Firewall maintain thestateof connection in thestatetable of Firewall.
• After adding information in statetable, it forwardsthepacket to thedestination.
• When it receivethe reply-packet, it match thepacket information tostate-table.
• If Firewall receivethereply packet if match packet isaccepted otherwisedro
Figure 39: Statefull Firewall.

46
3.2.2 StatelessFirewall
• Stateless Firewallswatch network trafficand restrict or block packets.
• Stateless Firewallsrestrict or block packet based on sourceand destination addresses.
• Stateless Firewallsalso restrict or block packet basedon other staticvalues.
• Stateless Firewallsarenot ‘aware’ of trafficpatternsor dataflows.
• A stateless firewall filter, also known as an Access ControlList (ACL).
• Stateless Firewall does not statefullyinspect traffic.
• It evaluates packet contents statically and does not keep track of connection state.
• An example of a packet filtering firewall is the Extended ACL on CiscoRouters.
3.2.3 Packet FilteringFirewall
• In Packet, filtering packetsarefiltered using Access-List (ACL).
• Packet Filtering Firewall vulnerable to IPspoofing.
• Cisco IOS use Standard or Extended ACL, Named ACL etc to filter thetraffic.
• Limits info isallowed into anetwork based on thedestination and sourceaddress
Figure 40: Packet Filtering Firewall.

47
3.2.4 Proxy Firewall
• Proxy Firewall worksasaproxy for clients.
• No direct communication occursbetween theclient and thedestination server.
• Takes requests from aclient, putsthat client on hold for amoment.
• Makes the requests as if it isits own request out to thefinal destination.
• Memory and disk intensiveat theproxy server.
• Could potentially beasingle point of failurein thenetwork.
3.2.5 ApplicationFirewall
• Application Firewall that worksat layersthree3 through Layer seven7.
• Application Firewall checksfor known information suchassource& destination address.
• Application Firewall check for known port aswell aschecksfor application specific content.
• Application Firewall ismoreprocessor intensivebut havevery tight control.
• Application Firewall istheability to analyzetraffic all theway up to theapplication layer.
Figure 41: Proxy Firewall.
Figure 42: Application Firewall.

48
3.2.6 PersonalFirewall
• A Personal Firewall istypically asoftware application that isinstalled on an endpoint device.
• Personal Firewall protect the device itself from unauthorized intrusions.
• Most operating systems have integrated personal firewalls.
• Personal Firewallsprotect asinglehost only.
• Personal Firewallscontrol trafficarriving at and leaving individual hosts.
• Personal Firewallshavethe ability to permit and deny traffic based on theapplication.
• Personal Firewallshave also theability to define policiesfor different classesof network.
Figure 43: Description of Application Firewall
Figure 44: Personal Firewall.

49
3.2.7 TransparentFirewall
• It worksat layer 2, or it forwardstheframesbased on destination MAC.
• It has the capabilities to filter thetrafficfrom layer 2 to layer 7.
• Transparent Firewall isinvisibleto devices on both sidesof aprotected network.
• Transparent modedoes not support dynamicrouting protocols.
3.2.8 Virtual Wire Firewall
• Virtual Wirelogically bindstwo Ethernet interfacestogether.
• Virtual Wireallowing for all trafficto passbetween theinterfaces.
• Virtual Wire, also known V-Wire, deployment options use Virtual Wireinterfaces.
• A virtual Wirerequiresno changesto adjacent network devices.
• A Virtual Wire interface supports App-ID, User-ID, Content-ID, NAT anddecryption.
• Virtual Wireistypically used when no switching or routing isneeded.
3.2.9 Traditional NetworkFirewall
• Traditional firewalls work at the network/transportlayer.
• Allow or block trafficbased on criteria such asan IP addressand/or port.
Figure 45: Transparent Firewall.
Figure 46: Palo Alto V-wire Mode Firewall.
Figure 47: Traditional Network Firewall.

50
3.2.10 Zone-BasedFirewall
• Zone Based Firewall isthe most advanced method of aStateful Firewall.
• Zone Based Firewall is available on Cisco IOS Routers.
• The idea behind ZBF is that we do not assign access-lists to interfaces.
• In ZBF, different zones created & assigned Interfaces to differentzones.
• In Zone Based Firewall security policies assigned to traffic between zones.
3.2.10 Cloud-Based Firewall
• Cloud Firewallsaresoftware-based, cloud deployed networkdevices.
• Cloud Firewallsbuilt to stop or mitigateunwanted access to privatenetworks.
• As Cloud Firewallsanew technology, they aredesigned for modern businessneeds.
• Cloud Firewalls are sit within online application environments to stop any attacks.
• Firewall-as-a-service (FWaaS), Security-as-a-service (SECaaS) are the examples.
Figure 48: Zone-Based Firewall.
Figure 49: Cloud-Based Firewall.

51
3.2.11 Virtual Firewall
• Virtual firewall isafirewall serviceor an application for virtualized environment.
• Virtual firewall providespacket filtering within avirtualized environment.
• Virtual firewallsarecommonly used to protect virtualized environmentsonly.
• Virtual firewall isoften deployed asasoftwareappliancein virtual environment.
• A virtual firewall managesand controlsincoming and outgoing traffic.
• It worksin conjunction with switchesand servers similar to a physical firewall.
3.2.12 UTM Firewall
• The term UTMfirewall or simply UTM(Unified Threat Management) istheterminology.
• It is given to hardwareor softwaredevice capable of assembling varioussecurityfunctions.
• Such as packet filtering, proxy, IDS & IPS, protectionagainst malware, application control.
• UTM providesmultiplesecurity features& services in singledevice or service onnetwork.
• UTM includes functions such as anti-virus, anti-spam, content filtering, & web filteringetc.
• UTM (Unified Threat Management) Firewall is not consider Next-GenerationFirewall.
Figure 50: Virtual Firewall.
Figure 51: 14 UTM Firewall.

52
3.2.13 Next-Generation Firewall (NGFW)
• NGFWperformstherole of a traditional firewall and addsNGIPS features.
• All NGFWsoffer two key featuresApp Awareness& Control & IDAwareness.
• Next-Generation Firewall provide deep-packet inspection.
• Next-Generation Firewall add application-level inspection & Intrusion Prevention.
• Next-Generation Firewall provides all traditional IPSfeatures.
• Next-Generation Firewall allow/block traffic based on specificapplication.
• Next-Generation Firewall allow/block traffic based onuser information.
• Next-Generation Firewall provide both IPS& application control functions.
Basic firewall filtering is recommended at every trust boundary, externally and internally, throughoutthe enterprise
network in data center, Perimeter or edge etc .
Figure 52: Next-Generation Firewall (NGFW).

53
Figure 53: Firewall Placement Options.

54
3.3 VPNs
A VPN stands for virtual private network. It is a technology which creates a safe and an encrypted
connection on the Internet from a device to a network. This type of connection helps to ensure our sensitive
data is transmitted safely. It prevents our connection from eavesdropping on the network traffic and allows
the user to access a privatenetworksecurely. This technologyis widely used inthe corporateenvironments.
A VPN works same as firewall like firewall protects data local to a device wherever VPNs protects data
online. To ensure safe communication on the internet, data travel through secure tunnels, and VPNs user
used an authentication method to gain access over the VPNs server. VPNs are used by remote users who
need to access corporate resources, consumers who want to download files and business travellers want to
access a site that is geographically restricted.
Figure 54: Types of VPN.

55
3.4 Project Process
Before starting a project, it is first necessary to have a clear vision of the project as well as having a well
detailed planning of all its stages, in order to facilitate its management, avoid future problems and have a
result that satisfies the client and respects the quality standards quality standards determined in the
specifications.
the feasibility study.
Figure 55: The General Feasibility Study.
Accordingtothe data inthe tableabove the projectusuallyhas 3main requirements, the hardware, software
and knowledge requirements, according to the solutions indicated in the same table, we can say that the
project is generally feasible
3.4.1 The choice of thesolution
There are several firewall solutions, but in this review, I will only compare the most used and known
software solutions in the security market.

56
Figure 57: Comparison Between the Top Firewall.
Figure 56: Leaders Firewalls.

57
Figure 58: Evaluation of Solutions.
From my evaluation, we can see that Palo alto Firewall is the most powerful solution, with a weighted
evaluation score of 4.35 out of 5, then the other firewalls. (The study is based on evaluation criteria see the
Figures).
3.4.2 Reasons for choice
The Palo Alto Networks next-generation firewalls provide granular control over the traffic allowed to
access your network. The primary features and benefits include:
• Application-based policy enforcement (App-ID™)
Access control according to application type is far more effective when application identification
is based on more than just protocol and port number. The App-ID service can block high risk
applications, as well as high risk behavior, such as file-sharing, and traffic encrypted with the
Secure Sockets Layer (SSL) protocol can be decrypted and inspected.
• User identification (User-ID™)
The User-IDfeatureallows administratorstoconfigureand enforcefirewallpoliciesbased on users
and user groups instead of or in addition to network zones and addresses. The firewall can
communicate with many directory servers, such as Microsoft Active Directory, eDirectory,
SunOne, OpenLDAP, and most other LDAP-based directory servers to provide user and group
information to the firewall. You can then use this information for secure application enablement
that can be defined per user or group. For example, the administrator could allow one organization
to use a web-based application but not allow any other organizations in the company to use that
same application. You can also configure granular control of certaincomponents of an application
based on users and groups (see User Identification).
• Threat prevention
Threat prevention services that protect the network from viruses, worms, spyware, and other
malicious traffic can be varied by application and traffic source (see Objects > Security Profiles).
• URL filtering
—Outbound connections can be filtered to prevent access to inappropriate web sites (see Objects
> Security Profiles > URL Filtering).
• Traffic visibility

58
Extensive reports, logs, and notification mechanisms provide detailed visibility into network
application traffic and security events. The Application Command Center (ACC) in the web
interfaceidentifiesthe applicationswiththe most trafficandthehighest securityrisk (see Monitor).
• Networking versatility and speed
The Palo Alto Networks firewall can augment or replace your existingfirewall and can be installed
transparently in any network or configured to support a switched or routed environment.
Multigigabit speeds and a single-pass architecture provide these services to you with little or no
impact on network latency.
• GlobalProtect
The GlobalProtect™ software provides security for client systems, such as laptops that are used in
the field, by allowing easy and secure login from anywhere in the world.
• Fail-safe operation
Highavailability(HA) supportprovidesautomaticfailover intheeventof any hardwareor software
disruption (see Device > Virtual Systems).
• Malware analysis and reporting
The WildFire™ cloud-based analysis service provides detailed analysis and reporting on malware
thatpasses throughthefirewall. IntegrationwiththeAutoFocus™ threatintelligenceserviceallows
you to assess the risk associated with your network traffic at organization, industry, and global
levels.
3.5 Palo Alto Firewallplatform
3.5.1 Definition
Palo Alto Networks, Inc. (NYSE: PANW) is an American multinational cybersecurity company with
headquarters in Santa Clara, California. Its core products are a platform that includes
advanced firewalls and cloud-based offerings that extend those firewalls to cover other aspects of security.
The company serves over 70,000 organizations in over 150 countries, including 85 of the Fortune 100. It is
home to the Unit 42 threat research team and hosts the Ignite cybersecurity conference.
Palo Alto Networks® next-generation firewalls safely enable applications and prevent modern threats by
inspecting all traffic—applications, threats, and content—and tying it to the user, regardless of location or
device type. The application, content, and user—the elements that run your business—become integral
components of your Security policy. This allows you to align security with your key business initiatives.
With our next-generation security platform, you reduce response times to incidents, discover unknown
threats, and streamline security network deployment.
• Safely enable applications, users, and content by classifying all traffic, determining the business
use case, and assigning policies to allow and protect access to relevant applications.
• Prevent threats by eliminating unwanted applications to reduce your threat footprint and apply
targeted Security policy rules to block known vulnerabilityexploits, viruses, spyware, botnets, and
unknown malware (APTs).

59
• Protectyour datacenters throughthe validationof applications, isolationof data, controlover rogue
applications, and high-speed threat prevention.
• Secure public and private cloud computing environments with increased visibility and control;
deploy, enforce, and maintain Security policy rules at the same pace as your virtual machines.
• Innovations of Palo Alto Firewall are App-ID, User-ID and Content-ID.
• Palo Alto Next-Generation firewall named Gartner Cool Vendor from the Year 2008 to 2020.
3.5.2 Palo Alto firewall deployment terminology
The most four Methods of Deployment for a Palo Alto Networks NGFW:
TAP Mode: Should only be used for Proof of Concept (POC) when gathering information to be fed via
SPAN/Mirror port. This method does not see the direction of the traffic and is not useful beyond POC.
The advantage of this deployment model is that it allows organizations to closely monitor traffic to their
servers or network without requiring any changes to the network infrastructure.
Duringthe configurationof SPAN itisimportanttoensurethe correct SPANsource and SPANDestination
ports are configured while also enabling Tap mode at the Firewall.
Tap mode offers visibility of application, user and content, however, we must be mindful that the firewall
is unable to control the traffic as no security rules can be applied in this mode. Tap mode simply offers
visibility in the ACC tab of the dashboard. The catch here is to ensure that the tap interface is assigned to a
security zone.
Figure 59: Palo Alto Next Generation Firewall deployed in TAP mode.
Virtual Wire mode : is located below layers 2 and 3 and the NGFW is invisible to the network, it is a
simple, ‘bump in the wire.
Virtual Wire, also know as V-Wire, deployment options use Virtual Wire interfaces. The great thing
about V-Wire deployment is that the firewall can be inserted into an existing topology without requiring
any changes to the existing network topology.
The V-Wire deployment options overcome the limitations of TAP mode deployment, as engineers are
able to monitor and control traffic traversing the link. A Virtual Wire interface supports App-ID, User-
ID, Content-ID, NAT and decryption

60
Figure 60: Palo Alto Next Generation Firewall deployed in V-Wire mode.
Layer 2 : Switch mode - same as above, the NGFW is visible to the network
In Layer 2 deployment mode the firewall is configured to perform switching between two or more
network segments. Traffic traversing the firewall is examined, as per policies, providing increased security
and visibility within the internal network.
In this mode the firewall interfaces are capable of supporting Access or Trunk Links (802.1Q trunking) and
do not participate in the Spanning Tree topology. Any BPDUs received on the firewall interfaces are
directly forwarded to the neighboring Layer 2 switch without being processed. Routing traffic between
VLAN networksor other networkscan be achieved viaa defaultGateway which is usuallya Layer 3 switch
supporting InterVLAN routing, a Firewall security appliance, or even Router-on-a-Stick design.
Figure 61: Palo Alto Next Generation Firewall deployed in Layer 2 mode.
Layer 3 : Routing mode deployment - the problem with this is that the network ‘sees’ the NGFW
Layer 3 deployment mode is a popular deployment setup. In this mode the firewall routes traffic between
multiple interfaces, each of which is configured with an IP address and security zone. The Firewall
interfaces can also be configured to obtain their IP address via a DHCP server and can be used to manage
the security appliance.
The diagram under shows a typical Layer 3 deployment setup where the Firewallroutes and controls traffic
between three different IP networks. Similar to other setup methods, all traffic traversing the Firewall is
examined and allowed or blocked according to the security policies configured.

61
Figure 62: Palo Alto Next Generation Firewall deployed in Layer 3 mode.

62
CHAPTER 4: Implementation Plan and
Test
4.1 Introduction
After completing the theoretical concept, we move on to implement the Solution which is our main task.
Throughout the chapter, we focus on the different configurations required to ensure the security of our
business from the cyber security challenges to the networks. This is essentially the same as setting up the
Palo Alto Firewall platform, switch, web server. In this part of the reportwe will try to show the maximum
possible of actual work performed using the network simulation and virtualization solution. It requires
consider that all of this work is done through an installation process, parameterization and configuration a
bit long, therefore, this chapter will not include all the technical work steps, but only the key steps of
configuration and testing of operation of the main project tasks, to avoid report extension.
4.1.1 SuggestedArchitecture
Figure 63: Suggested Architecture.
The following topology represents what is realized in this project, the EVE-NG launches and operates the
network equipment (FIREWALL, servers, switch.) The EVE-NG operates in order to have a topology that

63
integrates the network side with the system side. In order to implement our solution, we need six virtual
machines.
4.1.2 Tools for project realization and emulation
EVE-NG PRO platform is ready for today’s IT-world requirements. It allows enterprises, e-learning
providers/centers, individuals and group collaborators to create virtual proof of concepts, solutions and
training environments.
EVE-NG PRO is the first clientless multivendor network emulation software that empowers network and
securityprofessionals withhugeopportunitiesinthe networkingworld. Clientlessmanagement optionswill
allowEVE-NGPROtobeas thebest choice for Enterpriseengineerswithout influenceof corporatesecurity
policies as it can be run in a completely isolated environment.
Figure 64: Project Tools.

64
4.2 Project implementation
4.2.1 The topology of the project
Figure 65: The Topology to be Implemented.
The required equipment is
Switch: A network switch is a multiport network bridge that uses MAC addresses to forward data at
the data link layer (layer 2) of the OSI model. Some switches can also forward data at the network
layer (layer 3) by additionally incorporating routing functionality.
The required virtual machines will be used to install
Windows server: the Active Directory server which contains the information of the users of the domain
"isycomp.ma", at the same time it plays the role of the topology certification authority and the main DNS
server.
The second Windows Server contains web server.
The third Windows Server contains FTP server.
Palo alto Firewall to secure our network from cyber security.
Windows 10: represents the client machine from inside that wants to access the network and test the rules
on Palo alto firewall.
Windows 7: represents the Pentest machine from outside that wants to access the network and test the rules
on Palo alto firewall.

65
4.2.2 Install and Configure Palo alto firewall and Servers
Before we start configuring the three main components of the solution, we should go through the
preparation of the environment in which the solution will be deployed This includes Primarily for:
• Install and configure the domain controller.
• Install and configure DNS server
• Install and configure the certificate server (CA)
• Install and configure the web server and FTP server
• Install and integrate the palo alto firewall platform
• Attach palo alto firewall to the domain controller
• Install and configure the palo alto firewall features
4.3 Installand configurethe server side
4.3.1 Install and configure Active Directory
Active Directory is a directory service, or domain controller, that allows you to reference and organize
objects such as user accounts or authorizations using domain authorizations, using domain groups. The
information can thus be centralized in a reference directory to facilitate network administration.
The domain is the basic unit responsible for grouping objects that share the same name space. Therefore,
our domain is based on a DNS system.
The DNS server and the Active Directory controller are two roles to be added to Windows Server.
Figure 66: Domain Controller Installation.

66
The domain name we have chosen is: isycomp.ma
The use of Active directory is important for the authentication process, hence the Palo Alto Firewall
communicates with Active Directory to authenticate users (domain members) who want to access the
network and visitors to authenticate by captive portal.
4.3.2 Install and Configure DNS Server
Figure 67: DNS Server Configuration.
The DNS server is an essential elementinour project, itallowsnetworkclientstoknow theActiveDirectory
server on which they must authenticate, also, it plays the classic role of translating domain names into IP
addresses. This figure represents the different DNS records of the project topology.

67
4.3.3 Install and Configure DHCP Server
Figure 68: Install The DHCP Service.
Figure 69: Configure DHCP Server.

68
A DHCP server (or DHCP service) is a server (or service) that delivers IP addresses to devices that connect
to the network. In fact, most of the time, the network cards of these devices are waiting for an IP address
allowing them to communicate on the network. At the same time as it sends the address, the DHCP service
sends some additional information concerning the network to which the host which receives this address is
connected.
4.3.4 Install Active Directory Certificate Services
Figure 70: Figure 41: Testing DHCP Server.
Figure 71: Install The Active Directory Certificate Services.

69
Before clients communicate with servers and the firewall or Active Directory, they must ensure that these
servers are trusted by verifying the digital certificates received from these servers.
This service is accessible via a WEB interface at the following address:
https://192.168.10.200/certsrvor https://localhost/certsrv.Theaddress192.168.10.200isthe address of the
Windows server. The following screenshot represents the
Web interface of the service.
Figure 73: Manage Cerificate Service GUI.
Figure 72: Configure Active Directory Certificate Services.

70
Figure 74: Microsoft Active Directory Certificate Service WEB Interface.
4.3.5 Install and Configure FTP Server
Figure 75: Install FTP Service.

71
Figure 77: Configure FTP Server.
Figure 76: Open URL to Access FTP Server.

72
Figure 79: User Authentication to Access FTP Server.
Figure 78: Testing FTP Server.

73
We have an FTP server in DMZ and we are publishing it an Internet.
File transfer protocol (FTP) is a set of rules that computers follow for the transferring of files from one
system to another over the internet. It may be used by a business to transfer files from one computer system
to another, or websites may use FTP to upload or download files from a website's server.
4.3.6 Install and Configure Web Application Server
Figure 81: The Directory of Web Application.
Figure 80: Install and Configure Appache Server.

74
Figure 82: Open URL to Access Web Application
Figure 83: Testing Web Application Server.

75
we have a web application server in DMZ and we are publishing it an Internet.
A web server is a combination of software and hardware that uses the HTTP protocol or other related
protocols to respond to requests from clients on the network. The main task of the web server is to deliver
the requested content, and the server achieves this by actually storing, processing and retrieving web pages
for users.
4.4 Installand configurethe Palo Alto FirewallNetworks side
We can use the following user interfaces to manage the Palo Alto Networks firewall:
• Use the Web Interface to perform configuration and monitoring tasks with relative ease. This
graphical interface allows you to access the firewall using HTTPS (recommended) or HTTP and it
is the best way to perform administrative tasks.
• Use the Command Line Interface (CLI) to perform a series of tasks by entering commands in rapid
succession over SSH (recommended), Telnet, or the console port. The CLI is a no-frills interface
that supports two command modes, operational and configure, each with a distinct hierarchy of
commands and statements. When you become familiar with the nesting structure and syntax of the
commands, the CLI provides quick response times and administrative efficiency.
• Use the XML API to streamline your operations and integrate with existing, internally developed
applications and repositories. The XML API is a web service implemented using HTTP/HTTPS
requests and responses.
• Use Panorama to perform web-based management, reporting, and log collection for multiple
firewalls. The Panorama web interface resembles the firewall web interface but with additional
functions for centralized management.
I will manage Palo alto Firewall on my project by the first user Web Interface
4.4.1 Perform Initial Configuration on Palo Alto Firewall.
By default, the firewall has an IP address of 192.168.1.1 and a username/password of admin/admin. For
security reasons, you must change these settings before continuing with other firewall configuration tasks.
You must perform these initial configuration tasks either from the MGT interface, even if you do not plan
to use this interface for your firewall management, or using a direct serial connection to the console port on
the firewall.
• Gather the required information fromyour network administrator.
• address for MGT port
• Netmask
• Default gateway
• DNS server address
Set a secure password for the admin account.
Select Device > Administrators Select > the admin role.
Enter the current default password and the new password.
Click Ok to save your settings.

76
Figure 85: User Web Interface.
Figure 84: Change the old password in the first login.

77
Configure the MGT interface.
Select Device Setup Interfaces and edit the Management interface.
Configure the address settings for the MGT interface using one of the following methods:
• To configure static IP address settings for the MGT interface, set the IP Type to Static and enter
the IP Address, Netmask, and Default Gateway.
• To dynamically configure the MGT interface address settings, set the IP Type to DHCP Client. To
use this method, you must Configure the Management Interface as a DHCP Client.
Figure 86: Configure General Settings.
Figure 87: Configure the Management Interface.

78
Segment the network using interfaces and zones.
Traffic must pass through the firewall in order for the firewall to manage and control it. Physically, traffic
enters and exits the firewall through interfaces. The firewall determines how to act on a packet based on
whether the packet matches a Security policy rule. At the most basic level, each Security policy rule must
identify where the traffic came from and where it is going. On a Palo Alto Networks next-generation
firewall, Security policy rules are applied between zones. A zone is a grouping of interfaces (physical or
virtual) that represents a segment of your network that is connected to, and controlled by, the firewall.
Because traffic can only flow between zones if there is a Security policy rule to allow it, this is your first
lineof defense. The moregranular thezonesyou create, thegreater controlyouhave over access tosensitive
applications and data and the more protection you have against malware moving laterally throughout your
network. For example, you might want to segment access to the database servers that store your customer
data into a zone called Customer Data. You can then define security policies that only permit certain users
or groups of users to access the Customer Data zone, thereby preventing unauthorized internal or external
access to the data stored in that segment.
Create Zones
Let’s configure three zones names Inside,DMZ and Outside. Go to Network> Zone>Add, Give the name
Inside, select Type to be Layer3 and click OK. Create the same way other Zone Outside and DMZ.
Figure 88: Creates Zones.

79
Configure Interfaces
Go to Network>Interfaces Click on ethernet1/1 interface change Interface Type: Layer3, set
Virtual Router: default, set Security Zone: Outside , Click on IPv4 tab Assign IP Address:
192.168.135.131/24 and Click OK.
Figure 89: Attach Virtual Router and Security Zone to Ethernet Interface.
Figure 90: Configure Interface.

80
Configure Routing.
Configuring a static Route
Each interface must be given virtual router. Network>Virtual Router>default we will add static
routing. Static Routes>IPv4>Add we will go by choosing interface> ethernet1/1(as Outside), put
192.168.135.2 as the next hop due to our topology.
Figure 91: Open Virtual Router.
Figure 92: Configure a Static Route.

81
Configure NAT/PAT
This section describes Network Address Translation (NAT) and how to configure the firewall for NAT.
NAT allows you to translate private, non-routable IPv4 addresses to one or more globally-routable IPv4
addresses, thereby conserving an organization’s routable IP addresses. NAT allows you to not disclose the
real IP addresses of hosts that need access to public addresses and to manage traffic by performing port
forwarding. You can use NAT to solve network design challenges, enabling networks with identical IP
subnets to communicate with each other. The firewall supports NAT on Layer 3 and virtual wire interfaces.
If you use private IP addresses within your internal networks, you must use NAT to translate the private
addresses to public addresses that can be routed on external networks. In PAN-OS, you create NAT policy
rules that instruct the firewall which packet addresses and ports need translation and what the translated
addresses and ports are.
Configuring Source NAT/PAT
Source NAT is typically used by internal users to access the Internet; the source address is translated and
thereby kept private.
Let’s configure NAT using Dynamic IP and Port means translate all local LAN to only one IP
address. I will NAT my Inside LAN 192.168.10.0/24 to 192.168.135.131 IP address of WAN.
Policies > NAT > Add Let’s name it Inside-To-Outside.
Go to Original Packet and fill since, traffic coming from Inside (192.168.10.0/24 is in Inside) then
destination zone Outside (since 192.168.135.131 is going to Internet), destination interface is
ethenret1/1 outgoing Interface. Set Service to any.
Then let’s go to Translated Packet, Translation Type: Dynamic IP And Port, Address Type:
Interface Address, Interface: our WAN interface ethernet 1/1 and IP Address: WAN IP. OK
Figure 93: Open Source NAT Policy.

82
Figure 94: Configure Source Zone.
Figure 95: Configure Translated Packet.
Configuring Destination NAT/PAT
Destination NAT is performed on incoming packets when the firewall translates a destination address to a
different destination address; for example, it translates a public destination address to a private destination
address. Destination NAT also offers the option to perform port forwarding or port translation.
we have two public servers in DMZ we need to publish it:
Steps for Destination NAT
Create Address object of Translated IP (192.168.135.131)
Create Address object for DMZ-Server 192.168.10.200/32and 192.168.20.30/32
Create Destination NAT policy rule.
Create Security Policy for Outside TO DMZ.
Test the connection from Remote-PC of Internet.

83
Here Source & Translated IP both belongs to Outside zone, so Outside zone is used twice in
Destination Network Address Translation (DNAT).
Policies > NAT > Add , give any name our case Name: Outside-To-DMZ-Server, Original Packet
Source zone: Outside, Destination Zone : Outside, Destination Interface: ethernet1/1, Service:
any, Destination Address: extra Public IP address for DMZ translation, Translated Packet
Translation Type: Static IP, Translated Address: our DMZ-Server real private IP click OK
Figure 96: Open Destination NAT Policy.
Figure 97: Configure Static Destination NAT.

84
Figure 98: Configure Original Packet.
Now, create a Security Policy to allow access from Outside zone to DMZ zone.
Policies > Security > Add, Give the name to your Security Policy (Outside-To-DMZ), Add Source
Zone (Outside), Add Destination Zone (DMZ), Allow access, in our case allowing all traffic.
Application: Any, Service/URL Category: application-default, Action:Allow
Figure 99: Create Security Policy rules.

85
Figure 100: Configure Source Zone.
Figure 101: Configure Destination Zone.
Configure Content ID and Security Policy.
Now that you defined some zones and attached them to interfaces, you are ready to begin creating your
Security Policy. The firewall will not allow any traffic to flow from one zone to another unless there is a
Security policy rule that allows it. When a packet enters a firewall interface, the firewall matches the
attributes in the packet against the Security policy rules to determine whether to block or allow the session
based on attributes such as the source and destination security zone, the source and destination IP address,
the application, user, and the service. The firewall evaluates incoming traffic against the Security policy
rulebase from left to right and from top to bottom and then takes the action specified in the first Security
rule that matches (for example, whether to allow, deny, or drop the packet). This means that you must order
the rules in your Security policy rulebase so that more specific rules are at the top of the rulebase and more
general rules are at the bottom to ensure that the firewall is enforcing policy as expected.
Even though a Security policy rule allows a packet, this does not mean that the traffic is free of threats. To
enable the firewall to scan the traffic that it allows based on a Security policy rule, you must also attach

86
Security Profiles—including URL Filtering, Antivirus, Anti-Spyware, File Blocking, and WildFire
Analysis—to each rule (the profiles you can use depend on which Subscriptions you purchased). When
creating your basic Security policy, use the predefined security profiles to ensure that the traffic you allow
into your network is being scanned for threats. You can customize these profiles later as needed for your
environment.
Use the following workflow set up a very basic Security policy that enables access to the network
infrastructure, to data center applications, and to the internet. This enables you to get the firewall up and
running so that you can verify that you have successfully configured the firewall. However, this initial
policy is not comprehensive enough to protect your network. After you verify that you successfully
configured the firewall and integrated it into your network, proceed with creating a Best Practice Internet
Gateway Security Policy that safely enables application access while protecting your network from attack.
Profile Setting
Every Palo Alto Networks next-generation firewall comes with predefined Antivirus, Anti-Spyware, and
Vulnerability Protection profiles that you can attach to Security policy rules. There is one predefined
Antivirus profile, default, which uses the default action for each protocol (block HTTP, FTP, and SMB
traffic and alert on SMTP, IMAP, and POP3 traffic). There are two predefined Anti-Spyware and
Vulnerability Protection profiles:
To specify the checking done by the default security profiles, select individual Antivirus, AntiSpyware,
Vulnerability Protection, URL Filtering, File Blocking, Data Filtering, WildFire Analysis
and GTP Protection profiles. To specify a profile group rather than individual profiles, select
Profile Type Group and then select a profile group from the Group Profile drop-down. Security
profiles are evaluated only for rules that have an allow action.
Create Antivirus Profile
Use the Antivirus Profiles page to configure options to have the firewall scan for viruses on the defined
traffic. Set the applications that should be inspected for viruses and the action to take when a virus is
detected. The default profile inspects all of the listed protocol decoders for viruses, generates alerts for
Simple Mail Transport Protocol (SMTP), Internet Message Access Protocol (IMAP), and Post Office
Protocol Version 3 (POP3), and takes the default action for other applications (alertor deny), depending on
the type of virus detected. The profile will then be attached to a Security policy rule to determine the traffic
traversing specific zones that will be inspected.
To create custom Antivirus Profiles, select Objects> Security Profiles> Antivirus, Add newprofile
And Apply Anti-virus Profile to Security Profile Rule (Inside-to-Outside).

87
Figure 102: Create Antivirus Profile.
Figure 103: Apply Antivirus Profile to Security Policy.

88
Figure 104: Open Windows SessionsBy User F.ENSA.
Figure 105: Open a Fack Link on Google.
Figure 106: Testing Antivirus Profile.

89
Create File Blocking Profile
File Blocking Profiles allow you to identify specific file types that you want to want to block or monitor.
For most traffic (including traffic on your internal network) you will want to block files that are known to
carry threats or that have no real use case for upload/download. Currently, these include batch files, DLLs,
Java class files, help files, Windows shortcuts (.lnk), and BitTorrent files. Additionally, to provide drive-
by download protection, allow download/upload of executables and archive files (.zip and .rar), but force
users to acknowledge that they are transferring a file so that they will notice that the browser is attempting
to download something they were not aware of. For policy rules that allow general web browsing, be more
strict with your file blocking because the risk of users unknowingly downloading malicious files is much
higher. For this type of traffic you will want to attach a more strict file blocking profile that also blocks
portable executable (PE) files.
Lets create File BlockingProfile for PDF filesSelectObjects>Security Profiles>File Blockingand
Click Add a profile. Enter a Name and Description for the file blocking profile. And Configure the
file blockingoptions, Add and define a rule forthe profile.Apply File BlockingProfile to Security
Profile Rule Inside-To-Outside.
Figure 107: Create File Blocking Profile.
Figure 108: Apply File Blocking Profile to Security Policy.

90
Figure 109: Testing File Blocking Profile.
Configure User ID and Integrate Active Directory with Palo Alto
User-ID™ enables you to identify all users on your network using a variety of techniques to ensure that
you can identify users in all locations using a variety of access methods and operating systems, including
Microsoft Windows, Apple iOS, Mac OS, Android, and Linux®/UNIX. Knowing who your users are
instead of just their IP addresses enables:
Improved visibility into application usage based on users gives you a more relevant picture of network
activity.
User and group information must be directly integrated into the technology platforms that secure modern
organizations. Knowing who is using the applications on your network, and who may have transmitted a
threat or is transferring files, strengthens security policies and reduces incident response times. User-ID, a
standard feature on Palo Alto Networks next-generation firewalls, enables you to leverage user information
stored in a wide range of repositories
User-ID on Palo Alto Firewall is a feature which helps to integrate an active directory with Palo Alto to
map username with user activity instead of only IP address. In this lesson, we will learn to enable User-ID
on Palo Alto Firewall. So, let’s get started.
User-ID configuration will be done in below steps-
• Create Server and Authentication Profile
• Configure User Identification
• Enable User-ID on Zone

91
Create LDAP Server Profile
Go to Select Device > Server Profiles > LDAP create a LDAP Server Profile.
Figure 110: Create LDAP Server Profile.
Figure 111: Configure Palo Alto Networks User-ID Agent Setup.
Figure 112: Enable User Identification Monitored Server.

92
Create LDAP Authentication Profile
Go to Device > Authentication Profile click Add and create new LDAP authentication Profile.
Figure 113: Create LDAP Authentication Profile.
Figure 114: Configure LDAP Authentication Profile.

93
Create Group Mapping
Device > User Identification > Group Mapping Settings Click Add give any name.
Figure 115: Create Group Mapping.
Figure 116: Configure Group Mapping.
Figure 117: Select which Groups You Allowed to Monitor.

94
Configure Captive Portal on Palo Alto Firewall Networks.
The Captive Portal is used to create a user-to-IP mappings on the Palo Alto Networks firewall. The portal
is triggered based on the Captive Portal policies for http and/or https traffic only and is triggered only for
the IP addresses without existing user-to-IP mapping. For user authentication, a local database can be used,
RADIUS, Kerberos, or LDAP server. Once identified, user-based policies can be applied to the user’s
traffic. While captive portal is most commonly used in a Layer 3 routed environment,
Creating Users for Captive Portal Authentication on Palo Alto Firewall
We need a user database in order to configure the Captive Portal. You can use the Local User
database as well as AD authentication for the Captive Portal authentication.
Go to Devices >> Local User Database >> Users and click on Add.
Figure 118: Create Local Users CP_user1.
Figure 119: Create Local Users CP_user2.
Creating Group for Captive Portal Authentication on Palo Alto Firewall
If you want to configure the Users Group, Access the Device >> Local User Database >> User
Groups and click on Add assign Group Name and add the users create before.

95
Figure 120: Create Local Group CP_usergroup.
Now, need to configure Authentication profile for the local users already created. Access the
Devices >> Authentication Profile and click on Add. Give a user-friendly name to this
authentication profile. Since we are using Local Database for users, so select Local Database in
the type field. Now, click on Advanced Tab. Under the Allow List select the users/ users group
want to configure Captive Portal
Figure 121: Create Local Authentication Profile.
Figure 122: Configure Local Authentication Profile.

96
Configure the Captive Portal on Palo Alto Firewall
Now, we will configure the Captive Portal on Palo Alto NG Firewall. Go to Device >> User
Identification >> Captive Portal Settings and click on the gear icon. Click on Enable Captive
Portal. Define the Idle Timer out and Timer. Select the authentication Profile, we created. You
can configure the Captive Portal in two different modes, i.e. Transparent and Redirect. In
Redirect Mode, you can define either the webserver IP address or an IP address that is created
on the firewall itself. In this example, I am configuring the captive portal in Redirect Mode. I am
using my LAN interface IP address i.e. 192.168.10.150 in Redirect Host, so the firewall will
redirect any traffic to the LAN Gateway for Captive Portal login page. Leave the other settings
to default.
Figure 123: Configure Captive Portal Settings.
Figure 124: Configure Captive portal On Palo Alto Firewall.

97
Configure Interface Management Profile
Go to the Network tab > Network Profiles > Interface Mgmt Enable Response Pages & User-ID
under Interface Mgmt. Interface Mgmt Profile should be applied at required interface.
Figure 125: Configure Interface Management Profile.
Verify that User ID is enabled on the source zone for the traffic. Go to Network > Zones > Inside.
Figure 126: Enable User_ID on the source Zone.

98
Create Authentication Enforcement
Go to Objects >Authentication Click Add Create Authentication Enforcement and attach
Authentication Profile which created previous.
Figure 127: Create Authentication Enforcement.
Configuring the Authentication Policy for Captive Portal
Now, we need to create an Authentication Policy, which forces the Inside Users to authenticate
before accessing the Internet. Go to Policies >> Authentication and click on Add. Give a name to
this authentication Policy.
In the Source tab, select the Source Zone and IP Addresses. I am using Inside as a source zone.
In the User tab, select the unknown users for source users. Now, in the Destination tab, select
the Destination Zone. You can also define the Destination Address as well. I am using Outside as
a destination zone.
Triggers Captive Portal for both http and https connections. To trigger Captive Portal for https,
SSL decryption must be setup.
Now, access the Actions tab, and select default-web-form or the one we created Web-Auth
before in the Authentication Enforcement field
Figure 128: Open Authentication Policy Rule.

99
Verification and Monitoring Logs
Now, we will try to access Internet from one of my LAN Inside systems. If all the configuration is
perfect, you will see the Palo Alto Captive Portal page. You must log in using valid credentials in
order to get internet access.
Figure 129: Configure Authentication Policy Rule.
Figure 130: Create Authentication Policy for captive Portal.

100
Figure 131: Captive Portal Authentication.
Figure 132: Testing captive Portal.

101
CHAPTER 5: Conclusion and Results
Computer security is a vast topic that is becoming more important because the world is becoming highly
interconnected, withnetworksbeingusedtocarryoutcriticaltransactions. Cyber crimecontinuesto diverge
down different paths with each New Year that passes and so does the security of the information. The latest
and disruptive technologies, along with the new cyber tools and threats that come to light each day, are
challenging organizations with not only how they secure their infrastructure, but how they require new
platforms and intelligence to do so. There is no perfect solution for cyber crimes but we should try our level
best to minimize them in order to have a safe and secure future in cyber space.
In today’s computer-dominated society, the practice of securing and administrating computer systems &
enterprisenetworksbecomecriticalandchallenging. Theimportanceof systems administrationandsecurity
management has grown with the ever-increasing number of devices, software, users, and new technologies.
In this paper, we present the design and implementation of a Network Security design project named Palo
Alto Firewall and Cybersecurity challenges Attack, Detection and Defense Simulation. This project helps
people apply knowledge learned in the classroom, gain a better understanding and more hands-on
experience on Internet security. Future jobs include implementing an Internet Worm Farm, configuring a
HoneyPot system, and setting up a QoS-based intrusion defense system.
The overall goal of this project was to create a budget conscious security plan after a thorough
analysis of the enterprise. Readers will be able to draft, organize and create a comprehensive
security plan by following the recommendations presented. The plan will be comprised of all the
necessary components of a thorough enterprise analysis such as: preliminary security assessment,
security requirements, security plan, security plan policies, and security procedures. Basic and
affordable security monitoring recommendations are also presented to get an enterprise headed in
the proper direction to create a culture of security minded employees to survive current and
emerging network security threats

102
CHAPTER 6: References
[1] EVE-ng Platform Online Documentation
https://www.eve-ng.net/
[2] Windows Server 2012 Online Documentation
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-
2012-r2-and-2012/hh801901(v=ws.11)
[3] Active Directory Online Documentation
https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/active-directory-domain-
services
[4] Domain Name System (DNS) Server Online Documentation
https://docs.microsoft.com/en-us/windows-server/networking/dns/dns-top
[5] File Transfer Protocol (FTP) Server Online Documentation
https://docs.microsoft.com/en-us/iis/web-hosting/configuring-servers-in-the-windows-
web-platform/guide-to-deploy-ftp-and-publish-with-vwd
[6] Apache Web Server Online Documentation
https://httpd.apache.org/docs/2.4/platform/windows.html
[7] Palo Alto Firewall Online Documentation
https://blog.paloaltonetworks.com/category/technical-documentation/
[8] Palo Alto Firewall training course on Udemy
https://www.udemy.com/course/palo-alto-firewall-pcnse-training/
[9] Palo Alto Firewall Training course on cbtnuggets
https://www.cbtnuggets.com/it-training/cyber-security/ngfw
[10] Facebook Group for sharing knowledge about Palo Alto Firewall
https://www.facebook.com/groups/paloaltoforarab
[11] Palo Alto Firewall Training course on Alphorm
https://www.alphorm.com/tutoriel/formation-en-ligne-palo-alto-installation-et-
configuration-de-base

My Final Year Project

More Related Content

What's hot (20)

Similar to My Final Year Project (20)

Recently uploaded (20)

My Final Year Project