Palo Alto Meltdown & Spectre Protection Best Practice Guide
January 11, 2018
Share this article
This blog is here to provide best practice recommendations with actions that Palo Alto Networks firewall administrators can take to prevent these vulnerabilities.
What is Meltdown & Spectre?
They are two security vulnerabilities which could allow attackers to abuse ‘speculative memory’ to access privileged memory to steal your passwords, encryption keys and additional private information. The vulnerabilities are found in processors from Intel, Arm & AMD.
Palo Alto official response to the Meltdown and Spectre findings
Recommended Palo Alto Firewall Best Practise Configuration
Follow these steps to configure the Palo Alto Networks firewall best practise to provide as much protection as is possible to your endpoint infrastructure against Meltdown and Spectre.
1. Application and Threats Update Schedule
Device >Dynamic Updates >Applications & threats schedule is configured to update Daily, before the office opens in each geographic location, this will ensure the latest updates are installed before the endpoints come online for the business day. If you are running PAN-OS 8.x.x you can use a 30 or 60 minute schedule.
2. Vulnerability Protection Configuration
Check the configuration on each Vulnerability Protection objects and confirm simple-client-critical is Severity = critical & Action = reset-both, if your are not sure of the config, start with a fresh object, clone the strict object, rename and use.
3. Security Policy Configuration Review
Review each Security Policy and confirm or assign the correct Vulnerability Protection object. Use either Profiles or Security profile group. To meet the best practise recommendations, a Vulnerability Protection object should be assigned to every Security Policy.
Cookies are small files containing information that enables a website to recognise you. They’re downloaded to the device you use when you visit a website and sent back to that website each time you re-visit, or sent to another website that recognises the same cookie.
Strictly necessary cookies include session cookies and persistent cookies. Session cookies keep track of your current visit and how you navigate the site. They only last for the duration of your visit and are deleted from your device when you close your Internet browser. Persistent cookies last after you’ve closed your Internet browser and enable our website to recognise you as a repeat visitor and remember your actions and preferences when you return.
These cookies are strictly necessary and should always be enabled so we can save your preferences for cookie settings.
Third Party Cookies
Third party cookies include performance cookies and targeting cookies. Performance cookies collect information about how you use a website, e.g. which pages you go to most often, and if you get error messages from web pages. These cookies don’t collect information that identifies you personally as a visitor, although they might collect the IP address of the device you use to access the site. Targeting cookies collect information about your browsing habits. They are usually placed by advertising networks such as Google. The cookies remember that you have visited a website and this information is shared with other organisations such as media publishers.
Keeping these cookies enabled helps us to improve our website and display content that is more relevant to you and your interests across the Google content network.
Please enable Strictly Necessary Cookies first so that we can save your preferences!