Palo Alto Meltdown & Spectre Protection Best Practice Guide

By Allen Wilkes

Technical Sales Consultant

This blog is here to provide best practice recommendations with actions that Palo Alto Networks firewall administrators can take to prevent these vulnerabilities.

What is Meltdown & Spectre?

They are two security vulnerabilities which could allow attackers to abuse ‘speculative memory’ to access privileged memory to steal your passwords, encryption keys and additional private information. The vulnerabilities are found in processors from Intel, Arm & AMD.

Palo Alto official response to the Meltdown and Spectre findings

Information about Meltdown and Spectre findings

Threat Brief: Meltdown and Spectre Vulnerabilities

Recommended Palo Alto Firewall Best Practise Configuration
Follow these steps to configure the Palo Alto Networks firewall best practise to provide as much protection as is possible to your endpoint infrastructure against Meltdown and Spectre.

1.      Application and Threats Update Schedule
Device >Dynamic Updates >Applications & threats schedule is configured to update Daily, before the office opens in each geographic location, this will ensure the latest updates are installed before the endpoints come online for the business day. If you are running PAN-OS 8.x.x you can use a 30 or 60 minute schedule.

 

2.      Vulnerability Protection Configuration
Check the configuration on each Vulnerability Protection objects and confirm simple-client-critical is Severity = critical & Action = reset-both, if your are not sure of the config, start with a fresh object, clone the strict object, rename and use.

a.      Objects >Security Profiles >Vulnerability Protection ><object name> >simple-client-critical >Severity >critical
b.      Objects >Security Profiles >Vulnerability Protection ><object name> >simple-client-critical >Action >reset-both

 

3.      Security Policy Configuration Review
Review each Security Policy and confirm or assign the correct Vulnerability Protection object. Use either Profiles or Security profile group. To meet the best practise recommendations, a Vulnerability Protection object should be assigned to every Security Policy.

Policies >Security Policies ><Rule number> >Actions >Profile Setting >Vulnerability Protection ><apply object>

Please contact us at info@teneo.net if you need any help to implement these steps.

Contact us – We’d love to help you

Teneo collects your personal data when you complete our online forms. We will use this information to provide an accurate response to your questions or requests and we will keep a record of your form completion in our CRM system. By submitting this form, you agree to us contacting you for the purpose of our response. For more information explaining how we use your personal data, please see our Privacy Policy.