This document provides instructions for configuring User-ID on a Palo Alto Networks firewall to map users to IP addresses and enumerate users and groups from an Active Directory server. It discusses using the User-ID agent and agentless methods. For agent-based mapping, it describes installing the agent, configuring permissions, and adding the agent to the firewall. For agentless mapping, it covers configuring the firewall and a service account. It also provides information on integrating User-ID with Microsoft NPS and DHCP through a script to automatically map authenticated wireless users.
1. Select the RECEIVE option to retrieve the ServerPac order. You will need to specify where the order resides - on a server, file system, or tape.
2. The dialog will generate JCL to download the order from the specified location using FTP or access it from the file system.
3. The RECEIVE job will unpack and expand the order files on the driving system.
4. Once complete, the order is ready for installation using the other options in the ServerPac dialog.
Mamma, da grande voglio essere un Penetration Tester HackInBo 2016 WinterSimone Onofri
L'interesse per la Sicurezza delle Informazioni e della Sicurezza IT è in continua crescita. In un mondo dove l'informazione è una risorsa chiave della nostra vita lavorativa e non, la protezione delle informazioni e delle varie tecnologie che la gestiscono sono aspetti fondamentali. Dai tempi di "How to became a Hacker" e dell"Hacker's Manifesto", molti hacker diventano un consulenti che aiutano le organizzazione private e/o pubbliche Un mondo con diverse sfumature di grigio, questioni etiche e morali. Grazie anche all'influeza di film come Wargames o Matrix e telefilm come Mr. Robot, in molti sono interessati ad essere Security Consultant, Penetration Tester, Security Researcher (che non sono esattamente la stessa cosa). Il talk è una riflessione per destreggiarsi e ragionare su domande tipiche come: quali certificazioni? Quali corsi? Quali sono le competenze? L'approccio da usare? La strada da percorrere?
This document discusses how IBM's QRadar security intelligence platform can enable service providers to extend security capabilities to customers through multi-tenancy and software-as-a-service (SaaS) delivery models. It describes QRadar's multi-tenant capabilities that allow a single deployment to securely support multiple customer domains. It also introduces the QRadar Master Console, which provides centralized monitoring and management across multiple QRadar systems. Finally, it discusses how service providers can deploy QRadar in the cloud through IBM Security Intelligence on Cloud to minimize costs and offer an operating expense model.
HCL Notes and Nomad Troubleshooting for Dummiespanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-nomad-troubleshooting-for-dummies/
The number of systems IT and support have to handle is growing faster and faster, while headcounts in those departments struggle to keep pace. This means less and less time to deal with any single system (like Notes), which leads to reduced operational efficiency. On top of that, newer personnel is often also unfamiliar with the HCL stack.
Come and join Christoph Adler on April 18 who will condense their whopping 20+ years of field experience with HCL Notes and Nomad troubleshooting into a single webinar. Get an eye-opening boost in knowledge and skills – whether you are an inquiring beginner or a seasoned admin. Benefit from real uses cases we encountered in the wild to learn how you can quickly and easily deal with many common situations and find out what to do if you can’t solve it on your own.
What you will learn
- Learn how to react fast and what to do when things go wrong with Notes or Nomad, and how to isolate and/or reproduce the issue.
- Understand where to look for information (logs, NSDs, etc.), how to easily collect it, and how to interpret what you find.
- Accelerate time to resolution when escalating to HCL support by having all the right things in hand from the start.
Running or planning on deploying a large ClearPass cluster? See what others are doing in larger environments to improve their deployments This session is designed to help customers that run the largest and most demanding networks learn how to deal with multiple locations, 100k+ endpoints, and strict SLA’s. Come to this session to discuss architecture for distributed deployments and how to better design your install for high performance, high availability needs. This is the one session where we’ll include the most experienced ClearPass team members for what will be a highly interactive session.
Oracle Enterprise Manager (EM) provides complete lifecycle management for the cloud - from automated cloud setup to self-service delivery to cloud operations. In this session you’ll learn how to take control of your cloud infrastructure with EM features including Consolidation Planning and Self-Service provisioning with Metering and Chargeback. Come hear how Oracle is expanding its management capabilities into the cloud!
(As presented by Adeesh Fulay at Oracle Technology Network Architect Day in Chicago, October 24, 2011.)
1. Select the RECEIVE option to retrieve the ServerPac order. You will need to specify where the order resides - on a server, file system, or tape.
2. The dialog will generate JCL to download the order from the specified location using FTP or access it from the file system.
3. The RECEIVE job will unpack and expand the order files on the driving system.
4. Once complete, the order is ready for installation using the other options in the ServerPac dialog.
Mamma, da grande voglio essere un Penetration Tester HackInBo 2016 WinterSimone Onofri
L'interesse per la Sicurezza delle Informazioni e della Sicurezza IT è in continua crescita. In un mondo dove l'informazione è una risorsa chiave della nostra vita lavorativa e non, la protezione delle informazioni e delle varie tecnologie che la gestiscono sono aspetti fondamentali. Dai tempi di "How to became a Hacker" e dell"Hacker's Manifesto", molti hacker diventano un consulenti che aiutano le organizzazione private e/o pubbliche Un mondo con diverse sfumature di grigio, questioni etiche e morali. Grazie anche all'influeza di film come Wargames o Matrix e telefilm come Mr. Robot, in molti sono interessati ad essere Security Consultant, Penetration Tester, Security Researcher (che non sono esattamente la stessa cosa). Il talk è una riflessione per destreggiarsi e ragionare su domande tipiche come: quali certificazioni? Quali corsi? Quali sono le competenze? L'approccio da usare? La strada da percorrere?
This document discusses how IBM's QRadar security intelligence platform can enable service providers to extend security capabilities to customers through multi-tenancy and software-as-a-service (SaaS) delivery models. It describes QRadar's multi-tenant capabilities that allow a single deployment to securely support multiple customer domains. It also introduces the QRadar Master Console, which provides centralized monitoring and management across multiple QRadar systems. Finally, it discusses how service providers can deploy QRadar in the cloud through IBM Security Intelligence on Cloud to minimize costs and offer an operating expense model.
HCL Notes and Nomad Troubleshooting for Dummiespanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-nomad-troubleshooting-for-dummies/
The number of systems IT and support have to handle is growing faster and faster, while headcounts in those departments struggle to keep pace. This means less and less time to deal with any single system (like Notes), which leads to reduced operational efficiency. On top of that, newer personnel is often also unfamiliar with the HCL stack.
Come and join Christoph Adler on April 18 who will condense their whopping 20+ years of field experience with HCL Notes and Nomad troubleshooting into a single webinar. Get an eye-opening boost in knowledge and skills – whether you are an inquiring beginner or a seasoned admin. Benefit from real uses cases we encountered in the wild to learn how you can quickly and easily deal with many common situations and find out what to do if you can’t solve it on your own.
What you will learn
- Learn how to react fast and what to do when things go wrong with Notes or Nomad, and how to isolate and/or reproduce the issue.
- Understand where to look for information (logs, NSDs, etc.), how to easily collect it, and how to interpret what you find.
- Accelerate time to resolution when escalating to HCL support by having all the right things in hand from the start.
Running or planning on deploying a large ClearPass cluster? See what others are doing in larger environments to improve their deployments This session is designed to help customers that run the largest and most demanding networks learn how to deal with multiple locations, 100k+ endpoints, and strict SLA’s. Come to this session to discuss architecture for distributed deployments and how to better design your install for high performance, high availability needs. This is the one session where we’ll include the most experienced ClearPass team members for what will be a highly interactive session.
Oracle Enterprise Manager (EM) provides complete lifecycle management for the cloud - from automated cloud setup to self-service delivery to cloud operations. In this session you’ll learn how to take control of your cloud infrastructure with EM features including Consolidation Planning and Self-Service provisioning with Metering and Chargeback. Come hear how Oracle is expanding its management capabilities into the cloud!
(As presented by Adeesh Fulay at Oracle Technology Network Architect Day in Chicago, October 24, 2011.)
Experiences are everything and Juniper knows this. From when a user engages with an app on their smartphone to when a workload is generated in the cloud to pick up the request, we know that every point of contact along the way impacts the user’s experience, from client to cloud. Learn more about what Juniper has recently announced in this SlideShare!
This document provides an overview of Active Directory (AD) in Windows Server 2019. It describes what AD is, when and why it is used, and how to configure and manage it. Key components of AD are discussed such as domains, organizational units, group policy, backups. AD services like certificate services, domain services, and federation services are also summarized. The document provides best practices for using group policy and designing the AD structure.
The document is a study guide for the Aruba-Certified Mobility Professional (ACMP) 6.1 exam. It covers topics like product knowledge, firewall roles and policies, operations, planning and design, RFProtect, troubleshooting, and applications and solutions. The guide provides details on each topic area, sample exam questions, and notes that preparation includes familiarity with related Aruba courseware and materials.
Fast. Dangerous. Always in control.
Learn the dirty secrets of the Notes Client and how you can turn them into golden features that will make you shine. You will leave the workshop equipped with new knowledge for your next Notes Client deployment and/or optimization project. You will be able to get better Notes client performance and stability by using less of the system resources, like CPU, Memory and File I/O – just because of the right tailor-made configuration of the Notes client for your very own system requirements. Get geared up for your next Notes V11 deployment with the best-practice tips to get Notes Clients deployed, configured, maintained and ‘finally’ loved by your users.
Don’t forget, IBM Notes V11 is not far away from being released.
Preparing your enteprise for Hybrid AD Join and Conditional AccessJason Condo
In the presentation learn what you need to do in AD FS, Active Directory, and Azure Active Directory to leverage domain joined machines in conditional access policies to O365 services.
Active Directory Domain Services (AD DS) is an identity and access management solution that stores information about users and groups, authenticates identities using Kerberos authentication, and controls access. It consists of an Active Directory data store, domain controllers that perform authentication and other services, domains, forests, trees, and functional levels. Installing AD DS requires permissions, network configuration, server requirements, and following the installation process which can be done in advanced mode or from installation media. Domain controller roles include global catalog servers and operations masters, and time synchronization is provided by the PDC emulator and Windows Time service.
In this presentation, we will cover ArubaOS’ AP Fast Failover feature, extended controller capacities, how to configure High Availability and several deployment models. Check out the webinar recording where this presentation was used: http://community.arubanetworks.com/t5/Wireless-Access/Technical-Webinar-Recording-Slides-ArubaOS-High-availability/td-p/286231
Register for the upcoming webinars: https://community.arubanetworks.com/t5/Training-Certification-Career/EMEA-Airheads-Webinars-Jul-Dec-2017/td-p/271908
6 pan-os software update & downgrade instructionMostafa El Lathy
The document provides instructions for updating and downgrading PAN-OS software. It explains that major releases have new features and fixes, minor releases have new features and fixes, and maintenance releases only have fixes. It notes you must upgrade in order of major, minor and maintenance releases and cannot skip versions. The instructions provide a step-by-step process for upgrading from 6.0.1 to 7.1.6 and downgrading from 7.1.6 to 6.0.1.
IBM Lotus Domino Domain Monitoring (DDM)Austin Chang
This document provides an overview of Lotus Domino Server Domain Monitoring (DDM) for administrators. DDM allows administrators to monitor servers in their domain through configurable probes that check for issues and automate corrective actions. It discusses the key components of DDM including the server collection hierarchy, monitoring configuration, probes, and filters. It also provides examples of how to set up monitoring for common scenarios like database compaction, replication, and system resources.
Introduction to Zabbix - Company, Product, Services and Use CasesZabbix
About Zabbix Software:
Zabbix is an enterprise-class open source distributed monitoring solution designed to monitor and track performance and availability of network servers, devices, services and other IT resources.
Zabbix is an all-in-one monitoring solution that allows users to collect, store, manage and analyze information received from IT infrastructure, as well as display on-screen, and alert by e-mail, SMS or Jabber when thresholds are reached.
Zabbix allows administrators to recognize server and device problems within a short period of time and therefore reduces the system downtime and risk of system failure. The monitoring solution is being actively used by SMBs and large enterprises across all industries and almost in every country of the world.
The document discusses guest access configuration using ArubaOS captive portal capabilities. It describes the captive portal authentication process which uses initial and post-authentication roles to redirect users to a login page after getting an IP address. Guest provisioning allows non-IT staff to create guest accounts using the internal database for authentication. Amigopod provides additional advanced guest management features while the base ArubaOS supports basic functionality with authentication to a single controller's internal database.
VMware Cloud Foundation - PnP presentation 8_6_18 EN.pptxBradLai3
VMware is introducing new pricing and packaging for VMware Cloud Foundation. Key changes include:
- Four editions of VCF (Basic, Standard, Advanced, Enterprise) that include bundled discounts on components.
- Upgrade bundles are available for customers with existing licenses to complete their VCF licensing.
- Pricing will be updated to reflect new editions of NSX that are now included in each VCF edition. The Basic edition will now include NSX DC Professional, and the Enterprise edition will include NSX DC ENT+ and NSX Hybrid Connect at no additional cost.
- There are new sales accelerators of 1.5x when sold with Dell EMC VxRack SDDC and
Dell EMC OpenManage idrac9 server power capping Mark Maclean
This document provides a 3-step guide to enable and set power capping on an iDRAC 9 controller using the RACADM CLI and GUI. It explains that power capping requires an iDRAC Enterprise license and the values are included in the server configuration profile. Administrators can use the RACADM CLI to enable and set the wattage cap or view it in the GUI. The document also provides examples of how power capping values appear in the server configuration profile file.
Prowler: Cloud Security Assessment, Auditing, Hardening, Compliance and Forensics Readiness Tool
Prowler helps to assess, audit and harden your AWS account configuration and resources. It also helps to check your configuration with CIS recommendations, and check if your cloud infrastructure is GDPR compliance or if you are ready for a proper forensic investigation. It is a command line tool that provides direct and clear information about configuration status related to security of a given AWS account, it performs more than 80 checks.
Session from NCUG. Stockholm 12.06.2019.
Basic Domino Performance Tuning. Ideas how to improve performance, statistics how to get information that we have issues and how to fix them
Cyber Security Layers - Defense in Depth
7P's, 2D's & 1 N
People
Process
Perimeter
Physical
Points (End)
Network
Platform
Programs (Apps)
Database
Data
This document provides a roadmap for IBM QRadar. Key points include:
1. The security intelligence strategy focuses on security for cloud, customer success, cognitive and analytics capabilities, and new security operations tools.
2. Recent additions to QRadar in the past 12 months include an ecosystem, app, and integration builder; new dashboards; and IBM QRadar Advisor with Watson.
3. Upcoming enhancements involve new administration and operations tools, deeper endpoint threat detection, QRadar Network Insights, defending against DNS attacks, securing the cloud, continued innovation with QRadar Advisor and Watson, and improvements to QRadar UBA.
4. The QRad
Trust relationships allow secure communication between domains by authenticating objects in one domain for use in another. There are default trusts between parent and child domains as well as forest root domains. Other trusts can be manually created. Forest-to-forest trusts allow transitive trust relationships between Windows Server 2003 or later forests.
The document provides examples and explanations of network address translation (NAT) configurations on Palo Alto Networks next-generation firewalls. It shows how NAT policies work with security policies to translate source and destination IP addresses and apply firewall rules. The first example demonstrates static destination NAT to map any internal address to a single public address. The second example uses source NAT to map a DMZ subnet to an internal address. Flow charts illustrate how the firewall evaluates zones, NAT rules, security rules and applies address translations at each step.
The document discusses authentication methods for Palo Alto Networks firewalls, including PAP, CHAP, MS-CHAP, EAP, SAML, and RADIUS VSA. It provides details on configuring two-factor authentication for GlobalProtect using Duo Security, including creating a RADIUS server, authentication profile, and selecting the profile for GlobalProtect portal and gateway. The document concludes with notes on a live demo of the 2FA configuration.
Experiences are everything and Juniper knows this. From when a user engages with an app on their smartphone to when a workload is generated in the cloud to pick up the request, we know that every point of contact along the way impacts the user’s experience, from client to cloud. Learn more about what Juniper has recently announced in this SlideShare!
This document provides an overview of Active Directory (AD) in Windows Server 2019. It describes what AD is, when and why it is used, and how to configure and manage it. Key components of AD are discussed such as domains, organizational units, group policy, backups. AD services like certificate services, domain services, and federation services are also summarized. The document provides best practices for using group policy and designing the AD structure.
The document is a study guide for the Aruba-Certified Mobility Professional (ACMP) 6.1 exam. It covers topics like product knowledge, firewall roles and policies, operations, planning and design, RFProtect, troubleshooting, and applications and solutions. The guide provides details on each topic area, sample exam questions, and notes that preparation includes familiarity with related Aruba courseware and materials.
Fast. Dangerous. Always in control.
Learn the dirty secrets of the Notes Client and how you can turn them into golden features that will make you shine. You will leave the workshop equipped with new knowledge for your next Notes Client deployment and/or optimization project. You will be able to get better Notes client performance and stability by using less of the system resources, like CPU, Memory and File I/O – just because of the right tailor-made configuration of the Notes client for your very own system requirements. Get geared up for your next Notes V11 deployment with the best-practice tips to get Notes Clients deployed, configured, maintained and ‘finally’ loved by your users.
Don’t forget, IBM Notes V11 is not far away from being released.
Preparing your enteprise for Hybrid AD Join and Conditional AccessJason Condo
In the presentation learn what you need to do in AD FS, Active Directory, and Azure Active Directory to leverage domain joined machines in conditional access policies to O365 services.
Active Directory Domain Services (AD DS) is an identity and access management solution that stores information about users and groups, authenticates identities using Kerberos authentication, and controls access. It consists of an Active Directory data store, domain controllers that perform authentication and other services, domains, forests, trees, and functional levels. Installing AD DS requires permissions, network configuration, server requirements, and following the installation process which can be done in advanced mode or from installation media. Domain controller roles include global catalog servers and operations masters, and time synchronization is provided by the PDC emulator and Windows Time service.
In this presentation, we will cover ArubaOS’ AP Fast Failover feature, extended controller capacities, how to configure High Availability and several deployment models. Check out the webinar recording where this presentation was used: http://community.arubanetworks.com/t5/Wireless-Access/Technical-Webinar-Recording-Slides-ArubaOS-High-availability/td-p/286231
Register for the upcoming webinars: https://community.arubanetworks.com/t5/Training-Certification-Career/EMEA-Airheads-Webinars-Jul-Dec-2017/td-p/271908
6 pan-os software update & downgrade instructionMostafa El Lathy
The document provides instructions for updating and downgrading PAN-OS software. It explains that major releases have new features and fixes, minor releases have new features and fixes, and maintenance releases only have fixes. It notes you must upgrade in order of major, minor and maintenance releases and cannot skip versions. The instructions provide a step-by-step process for upgrading from 6.0.1 to 7.1.6 and downgrading from 7.1.6 to 6.0.1.
IBM Lotus Domino Domain Monitoring (DDM)Austin Chang
This document provides an overview of Lotus Domino Server Domain Monitoring (DDM) for administrators. DDM allows administrators to monitor servers in their domain through configurable probes that check for issues and automate corrective actions. It discusses the key components of DDM including the server collection hierarchy, monitoring configuration, probes, and filters. It also provides examples of how to set up monitoring for common scenarios like database compaction, replication, and system resources.
Introduction to Zabbix - Company, Product, Services and Use CasesZabbix
About Zabbix Software:
Zabbix is an enterprise-class open source distributed monitoring solution designed to monitor and track performance and availability of network servers, devices, services and other IT resources.
Zabbix is an all-in-one monitoring solution that allows users to collect, store, manage and analyze information received from IT infrastructure, as well as display on-screen, and alert by e-mail, SMS or Jabber when thresholds are reached.
Zabbix allows administrators to recognize server and device problems within a short period of time and therefore reduces the system downtime and risk of system failure. The monitoring solution is being actively used by SMBs and large enterprises across all industries and almost in every country of the world.
The document discusses guest access configuration using ArubaOS captive portal capabilities. It describes the captive portal authentication process which uses initial and post-authentication roles to redirect users to a login page after getting an IP address. Guest provisioning allows non-IT staff to create guest accounts using the internal database for authentication. Amigopod provides additional advanced guest management features while the base ArubaOS supports basic functionality with authentication to a single controller's internal database.
VMware Cloud Foundation - PnP presentation 8_6_18 EN.pptxBradLai3
VMware is introducing new pricing and packaging for VMware Cloud Foundation. Key changes include:
- Four editions of VCF (Basic, Standard, Advanced, Enterprise) that include bundled discounts on components.
- Upgrade bundles are available for customers with existing licenses to complete their VCF licensing.
- Pricing will be updated to reflect new editions of NSX that are now included in each VCF edition. The Basic edition will now include NSX DC Professional, and the Enterprise edition will include NSX DC ENT+ and NSX Hybrid Connect at no additional cost.
- There are new sales accelerators of 1.5x when sold with Dell EMC VxRack SDDC and
Dell EMC OpenManage idrac9 server power capping Mark Maclean
This document provides a 3-step guide to enable and set power capping on an iDRAC 9 controller using the RACADM CLI and GUI. It explains that power capping requires an iDRAC Enterprise license and the values are included in the server configuration profile. Administrators can use the RACADM CLI to enable and set the wattage cap or view it in the GUI. The document also provides examples of how power capping values appear in the server configuration profile file.
Prowler: Cloud Security Assessment, Auditing, Hardening, Compliance and Forensics Readiness Tool
Prowler helps to assess, audit and harden your AWS account configuration and resources. It also helps to check your configuration with CIS recommendations, and check if your cloud infrastructure is GDPR compliance or if you are ready for a proper forensic investigation. It is a command line tool that provides direct and clear information about configuration status related to security of a given AWS account, it performs more than 80 checks.
Session from NCUG. Stockholm 12.06.2019.
Basic Domino Performance Tuning. Ideas how to improve performance, statistics how to get information that we have issues and how to fix them
Cyber Security Layers - Defense in Depth
7P's, 2D's & 1 N
People
Process
Perimeter
Physical
Points (End)
Network
Platform
Programs (Apps)
Database
Data
This document provides a roadmap for IBM QRadar. Key points include:
1. The security intelligence strategy focuses on security for cloud, customer success, cognitive and analytics capabilities, and new security operations tools.
2. Recent additions to QRadar in the past 12 months include an ecosystem, app, and integration builder; new dashboards; and IBM QRadar Advisor with Watson.
3. Upcoming enhancements involve new administration and operations tools, deeper endpoint threat detection, QRadar Network Insights, defending against DNS attacks, securing the cloud, continued innovation with QRadar Advisor and Watson, and improvements to QRadar UBA.
4. The QRad
Trust relationships allow secure communication between domains by authenticating objects in one domain for use in another. There are default trusts between parent and child domains as well as forest root domains. Other trusts can be manually created. Forest-to-forest trusts allow transitive trust relationships between Windows Server 2003 or later forests.
The document provides examples and explanations of network address translation (NAT) configurations on Palo Alto Networks next-generation firewalls. It shows how NAT policies work with security policies to translate source and destination IP addresses and apply firewall rules. The first example demonstrates static destination NAT to map any internal address to a single public address. The second example uses source NAT to map a DMZ subnet to an internal address. Flow charts illustrate how the firewall evaluates zones, NAT rules, security rules and applies address translations at each step.
The document discusses authentication methods for Palo Alto Networks firewalls, including PAP, CHAP, MS-CHAP, EAP, SAML, and RADIUS VSA. It provides details on configuring two-factor authentication for GlobalProtect using Duo Security, including creating a RADIUS server, authentication profile, and selecting the profile for GlobalProtect portal and gateway. The document concludes with notes on a live demo of the 2FA configuration.
Palo Alto Networks - инновационная платформа сетевой безопасности ядром которой является next generation firewall, на базе уникальной, разработанной PA Networks технологии App-ID, обеспечивает безопасность сети на уровне приложений, пользователей и контента с использованием как физической так и виртуальной архитектуры. Решения сетевой защиты PAN соответствуют самым высоким требованиям к сетевой безопасности, как по производительности так и по функциональности, и являются безусловными лидерами отрасли, что подтверждено отчетами Gartner, количеством пользователей и растущим объемом продаж компании.
PALO ALTO presentation used during the SWITCHPOINT NV/SA Quarterly Experience...SWITCHPOINT NV/SA
Palo Alto Networks is a cybersecurity company founded in 2005 that has grown significantly, reaching over $928 million in revenue in FY2015. The cyber threat landscape has evolved rapidly to include unknown malware, evasive command and control techniques, zero-day exploits, and attacks on a wide range of platforms and applications. Palo Alto Networks' next-generation security platform aims to prevent threats across the organization using techniques like application identification, user identification, content scanning, a single pass architecture, cloud-based threat analysis, endpoint protection, and correlation of threats and intelligence. The platform aims to address limitations of legacy security that relied on individual point products without coordination or prevention abilities.
Palo alto networks next generation firewallsCastleforce
The document summarizes Palo Alto Networks next-generation firewalls which can identify applications, users, and content to provide visibility and granular control. This helps address challenges of uncontrolled use of internet applications in enterprises. The firewalls can see through ports and protocols to classify over 900 applications using techniques like App-ID, User-ID, and Content-ID. This gives IT unprecedented control over network activities.
This document discusses security and compliance solutions from Palo Alto Networks and AWS. It begins with an overview of how AWS infrastructure and services provide security capabilities. Palo Alto Networks' VM-Series next-generation firewall on AWS is then introduced as a way to identify and control applications across all ports within an AWS deployment. The final section discusses how Warren Rogers, a fuel delivery company, achieved PCI compliance by using Palo Alto Networks' GlobalProtect VPN, VM-Series firewall, and other services on AWS. This allowed them to securely connect remote devices, filter credit card data, and simplify their network and access management.
User Expert forum Wildfire configurationAlberto Rivai
This document provides an overview of Palo Alto Networks' Wildfire malware protection solution. It describes the lifecycle of network attacks, the anatomy of a network compromise, and how Wildfire uses a public cloud to rapidly identify and control threats across all applications and attack vectors. The document also details Wildfire's architecture and security measures, performance impact, configuration options, file analysis capacities, licensing, and how to integrate Wildfire with firewall policies and view analysis results and statistics.
Cisco Wireless LAN Controller Palo Alto Networks Config GuideAlberto Rivai
The document provides a configuration guide for integrating Cisco WLC 5500, Kiwi Syslogd, and Palo Alto Networks PAN-OS 6.1 to collect user authentication syslog messages from the Cisco WLC and map users to IP addresses in PAN-OS for use in security policies. It outlines configuring the Cisco WLC to send SNMP traps containing authentication information to Kiwi Syslogd, and Kiwi Syslogd to convert and forward the traps to the PAN-OS syslog receiver. It then details the necessary configuration steps in PAN-OS to define a syslog filter to parse and extract the user and IP address from the incoming syslog messages.
The document discusses the results of analyzing network traffic across 60 enterprises. It found that HTTP has become the universal protocol and video consumes the most bandwidth. Most common threats exploit popular applications. Next generation firewalls are needed that can identify applications, users, and threats to better manage risks and allow business benefits of internet applications.
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...BAKOTECH
This document provides an overview of Palo Alto Networks and its next-generation firewall and security platform. Some key points:
- Palo Alto Networks was founded in 2005 and provides firewalls, threat prevention, and network security. Its next-generation firewalls use application identification and single-pass processing to identify and control applications.
- Traditional port-based firewalls cannot effectively control encrypted traffic or new applications. Palo Alto Networks firewalls identify applications regardless of port or encryption using App-ID.
- The document outlines Palo Alto Networks' solutions like WildFire malware analysis service and Traps advanced endpoint protection to prevent both known and unknown threats across the network, endpoint, and cloud.
Palo Alto Networks Next-Gen Firewall PANOS 5.0 integration guide with Cisco SecureACS 4 using VSA attributes.
the second section talks about how to integrate Yubikey with Palo Alto Networks firewall
Palo Alto Networks Application Usage and Risk Report - Key Findings for Hong ...Palo Alto Networks
Key findings from Palo Alto Networks Application Usage and Risk Report, December 2011 (Hong Kong Only).
The slides provides insight into application activity that is based on network application assessments that show what is really happening on corporate networks.
Palo Alto Networks Application Usage and Risk Report - Key Findings for ANZPalo Alto Networks
Key findings from Palo Alto Networks Application Usage and Risk Report, December 2011 (Australia and New Zealand).
The slides provides insight into application activity that is based on network application assessments that show what is really happening on corporate networks.
This document provides an overview of Amazon Virtual Private Cloud (VPC), including that it provides a virtual network dedicated to an AWS account. It describes how VPCs are logically isolated, and how to configure VPCs by selecting IP ranges, creating subnets, configuring network gateways and more. It also discusses security aspects like security groups and network access control lists, and networking aspects such as IP addresses, route tables, elastic IP addresses, and network interfaces.
Cross-device tracking with Google Analytics - Thomas Danniau @ gaucBEThe Reference
Once upon a time, we only used one PC to visit a website. After a while we were using several computers and browsers to visit the same websites. A few years ago we also started using smartphones and tablets to explore the www … We are still guessing and trying to get a grip on the customer journey between all these devices. But hooray! The time that we can measure, estimate and understand the cross device usage has arrived! Learn how to understand and setup cross device measurement. What did we learn from it and what are the benefits to understand the cross device behavior of your customers?
This document provides a summary of specifications and features for various Palo Alto Networks platform models - PA-4060, PA-4050, PA-4020, PA-2050, PA-2020, and PA-500. It includes details on their throughput and capacity for firewall, threat prevention and IPSec VPN, as well as hardware specifications and key features supported across all platforms such as application identification, policy-based controls, SSL/IPSec VPN, file/data filtering, and high availability.
Modern Malware by Nir Zuk Palo Alto Networksdtimal
Modern malware has evolved into sophisticated attacks orchestrated by nation states and organized crime. These attacks follow a five step process: 1) baiting end-users through spear phishing, 2) exploiting vulnerabilities, 3) downloading backdoors, 4) establishing back channels of communication, and 5) exploring and stealing data. Traditional anti-malware protection is insufficient as it only protects parts of the attack process and signatures are developed too slowly. A new approach is needed that protects all stages of attack through real-time analysis, automated signature generation within an hour, network segmentation, and blocking unknown applications and traffic to stop modern malware.
This document provides an overview of FlexPod converged infrastructure solutions from Cisco and NetApp. It summarizes the evolution of IT and how FlexPod addresses challenges around commodity IT, new opportunities, and business impact. It then provides details on FlexPod Express, a low-cost standardized solution, and FlexPod Datacenter, a feature-rich standardized solution. Components, features, protocols, and validations are described for each solution.
This document provides an overview of Central Log Management at the University of Cape Town. It discusses Splunk and the ELK stack for collecting, analyzing, and monitoring machine data from various sources. Splunk is featured for its collection, search, reporting, and alerting capabilities. The ELK stack deployed at UCT includes Logstash to process logs from firewalls and send them to Elasticsearch for storage and querying in Kibana for visualization. Shipper and indexer configurations are shown for ingesting Palo Alto firewall logs into Elasticsearch.
Microsoft identity platform and device authorization flow to use azure servic...Sunil kumar Mohanty
Microsoft Identity platform allows users to sign in to input-constrained devices. It leverages MASL for Java (MSAL4J) from an app that does not have the capability of providing interactive authentication experience. The user visits a web page in their browser to login in. Once login success, the device will able to get access token and able to perform actions on the authorized Azure resources. In this article the access token will be used to publish message to azure service bus.
The document summarizes several key Java EE services including resource management, Java Naming and Directory Service (JNDS), security services, and transaction services. Resource management is implemented using resource pooling and activation/deactivation. Security services provide declarative security using roles and securing both EJBs and web components requires defining a security domain, login/error pages, and security declarations in deployment descriptors. Transactions services allow distributed transactions across multiple resources.
Actor Model Import Connector for Microsoft Active Directoryprotect724rkeer
This document provides instructions for installing and configuring the Actor Model Import Connector for Microsoft Active Directory. It allows extracting user identity information from an Active Directory LDAP and populating ArcSight ESM with Actor resources. Key steps include importing the CA certificate, installing the connector, setting up the import user in ESM, performing an initial import of actor data, and accessing advanced parameters. The connector supports Active Directory on Windows Server 2003 and 2008.
This document provides instructions for integrating Buzzient social media monitoring and engagement software with Oracle CRM On Demand. It outlines prerequisites, configuration steps, and a basic workflow. Key steps include adding custom fields to contacts, leads, and service requests in CRM On Demand; creating custom web applets and tabs; downloading and sharing web service definition language (WSDL) files; and testing the integration. The integration enables monitoring social media conversations, automatically creating leads and service requests from social posts, and allowing agents to respond directly within CRM On Demand.
A story that explains how we accessed the administrator dashboard by chaining together a series of issues - from user registration bypass, to Vertical Privilege Escalation
Ddns management system user's manual v1.0 20120301Eason Lai
The document provides instructions for configuring Dynamic DNS (DDNS) service for Hikvision devices using the Hikvision DDNS Management System. It describes:
1) Configuring DDNS locally on the device through the device menu or via Internet Explorer.
2) Obtaining the device's serial number which is required for DDNS setup.
3) Registering the device with the DDNS Management System by entering the device alias, serial number and port number. The system will then display the device's dynamic IP address and allow remote access.
This document summarizes the analysis of Windows event log files. It discusses how to view event logs using the Event Viewer and export logs. It also describes using log parsing tools like Log Parser Lizard and Log Parser 2.2 to query error, warning and other event types from system logs. Specific event IDs are analyzed, like DCOM errors, service failures, DNS issues and hard disk errors. Methods to resolve issues causing these events are provided.
This document introduces best practices for managing users, identity attributes and entitlements in a typical "corporate" environment:
1. The focus is on organizations with 1,000 to 10,000 internal users, such as employees or contractors. They may be corporations or non-profit organizations such as government, healthcare or military entities.
2. Users in these environments are normally provisioned physical assets, such as a cubicle, desk, chair, phone, PC and building access badge.
3. Users in these environments are also provisioned logical access, such as an Active Directory login account, Exchange mail folder, Windows home directory and a variety of application security entitlements.
The objective of this document is to identify business processes that drive changes to users and entitlements in an organization that fits this description and to offer best practices for each process.
Organizations that are able to adopt best practices processes will benefit both from optimized change management and from reduced total cost associated with automating their processes on an identity and access management (IAM) platform.
The document discusses SAP BASIS and security administration. It describes SAP security components including authorization concepts using user IDs, profiles, and authorizations. It outlines the process for security configuration in SAP, including user authentication, creating and assigning authorization profiles, auditing and monitoring, and administration and maintenance. The key aspects of security configuration are creating activity groups to generate authorization profiles, auditing user access and changes, and monitoring default profiles and users.
1. The document outlines the steps to set up an ODI Agent in Oracle Data Integrator 11g, including editing the odiparams.bat file to set the repository connection information, generating an encrypted password string, and specifying details when creating a new physical agent in the topology.
2. It also describes how to create a corresponding logical agent mapped to the physical agent, and how to start the agent from the command line and test the connection.
3. The key steps are to configure the repository connection details in odiparams.bat, create a new physical agent specifying its name and other properties, then create a linked logical agent to represent it in the logical architecture.
ArcSight Actor Model Import Connector for Microsoft Active Directory Configur...Protect724tk
The document provides instructions for installing and configuring the HP ArcSight Actor Model Import Connector for Microsoft Active Directory. It describes importing the CA certificate, installing the connector, configuring parameters, setting up the actor model import user in ESM, optional filtering configuration, and performing the initial import of actor data from Active Directory into ESM.
Cloud Analyst is a simulation tool that allows users to model real-time data center operations like load balancing and resource monitoring. It can save simulation configurations as XML files and export live results to PDF. To run a simulation, users define user bases, data centers, virtual machine allocations, and network characteristics. They then download Cloud Analyst, extract the files, click run.bat to launch the dashboard. From there, they can configure the simulation, run it, and view results and statistics in the main window. Key features include ease of use, configurable simulations, graphical output, and saving experiment results.
The document provides instructions for customizing the Amigopod captive portal to include a customer's logo and wireless usage policy. It describes uploading these custom assets through the Content Manager. It then explains how to configure the Guest Manager and create a new web login page that displays the custom logo and requires acceptance of the usage policy. An example terms.html file for the policy is provided in an appendix.
Complex architectures for authentication and authorization on AWSBoyan Dimitrov
In this talk we discuss key architecture patterns for designing authentication and authorization solutions in complex microservices environments. We focus on the key advantages and capabilities of AWS Cognito User Pools and Federated Identities and explore how this service can address the challenges of implementing client to service, service to service and service to infrastructure auth.
In addition, we discuss patterns and best practices around building a highly available and resilient decentralised authorization solution in a microservices environment based on fine-grained permissions and end to end automation.
Obiee 11g security creating users groups and catalog permissionsRavi Kumar Lanke
This document provides instructions for creating users, groups, and configuring catalog permissions in Oracle Business Intelligence (OBIEE) 11g. It involves the following high-level steps:
1. Create users and groups in the Oracle WebLogic Server administration console
2. Assign roles to the groups using the Fusion Middleware Control console
3. Set permissions on OBIEE catalogs for the new users and groups to control access
This document provides details of all Sage CRM patch releases for version 7.2. Installing the most recent 7.2 patch (E) ensures that you get all of the fixes included in earlier patches (if applicable).
รายละเอียดเพิ่มเติ่มและโปรแกรม Sage CRM 7.2 Patch E Download กรุณาติดต่อ
ตัวแทนจำหน่าย Sage Software ในประเทศไทย
Sundae Solutions Co., Ltd.
โทร 026348899
Email: support@sundae.co.th
URL: http://www.sundae.co.th
This document provides guidance on configuring two-factor authentication for the IBM Security SiteProtector system using various plug-ins, including RADIUS, certificates/smart cards, LDAP, and default passwords. It includes code examples for setting up authentication using a RADIUS token protocol or smart card with user principal name mapping. Requirements and considerations are discussed for smart card usage, certificate validation, and property encryption.
This document is a comprehensive analysis of all the ways that Identity and Access Management (IAM) solutions can be run in and integrate with cloud computing systems.
Both cloud computing and IAM are relatively new, so the first part of this document defines key concepts and terminology. Next, assumptions that clarify the scope of this document in terms of network topology and functionality are presented and finally a comprehensive list of architectural scenarios are presented, along with an analysis of the costs, risks and benefits of each scenario.
Similar to User id installation and configuration (20)
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceIndexBug
Imagine a world where machines not only perform tasks but also learn, adapt, and make decisions. This is the promise of Artificial Intelligence (AI), a technology that's not just enhancing our lives but revolutionizing entire industries.
GraphRAG for Life Science to increase LLM accuracyTomaz Bratanic
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
Best 20 SEO Techniques To Improve Website Visibility In SERPPixlogix Infotech
Boost your website's visibility with proven SEO techniques! Our latest blog dives into essential strategies to enhance your online presence, increase traffic, and rank higher on search engines. From keyword optimization to quality content creation, learn how to make your site stand out in the crowded digital landscape. Discover actionable tips and expert insights to elevate your SEO game.
“An Outlook of the Ongoing and Future Relationship between Blockchain Technologies and Process-aware Information Systems.” Invited talk at the joint workshop on Blockchain for Information Systems (BC4IS) and Blockchain for Trusted Data Sharing (B4TDS), co-located with with the 36th International Conference on Advanced Information Systems Engineering (CAiSE), 3 June 2024, Limassol, Cyprus.
HCL Notes and Domino License Cost Reduction in the World of DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
Infrastructure Challenges in Scaling RAG with Custom AI modelsZilliz
Building Retrieval-Augmented Generation (RAG) systems with open-source and custom AI models is a complex task. This talk explores the challenges in productionizing RAG systems, including retrieval performance, response synthesis, and evaluation. We’ll discuss how to leverage open-source models like text embeddings, language models, and custom fine-tuned models to enhance RAG performance. Additionally, we’ll cover how BentoML can help orchestrate and scale these AI components efficiently, ensuring seamless deployment and management of RAG systems in the cloud.
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
Full-RAG: A modern architecture for hyper-personalizationZilliz
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Speck&Tech
ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune.
Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile.
BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).
2. Contents
1.
IP – User Mapping ........................................................................................................................... 3
a.
IP - User Mapping ( with UID Agent ) .......................................................................................... 3
Create service account, configure account permission and install UID agent ............................... 3
Configure User-ID agent in the firewall .......................................................................................... 7
b.
IP – User Mapping ( Agentless ) .................................................................................................. 8
Create service account and configure account permission ............................................................ 8
Configure UID in the firewall......................................................................................................... 10
2.
User enumeration ......................................................................................................................... 13
3. IP – User Mapping through User-ID API............................................................................................ 15
3.1 User-ID agent API, Microsoft NPS, Microsoft DHCP integration ................................................ 15
Lab Diagram .................................................................................................................................. 16
Installation .................................................................................................................................... 16
UIDConfig.xml variables description ............................................................................................. 24
3.2
User-ID agentless API, Microsoft NPS, Microsoft DHCP integration .................................... 24
3. User Identification in PAN-OS 4.1 encompasses two primary functions:
•
•
Mapping of those users to their current IP addresses
Enumeration of users and their associated group membership.
1. IP – User Mapping
a. IP - User Mapping ( with UID Agent )
The first section is to map users to their current IP addresses. This section uses UID agent to perform
the function.
Create service account, configure account permission and install UID agent
1. create service account ( example Labuid ) in the DC
2. Login to any computer that is a member of the domain, you do not need to install the UID
agent in the AD server or Domain controller.
3. Login with an account that have local administrator permission
4. add Labuid to be a member of local Administrator group
5. download UID agent
6. run command prompt as administrator
7. install from command prompt
8. By default, the agent will be configured to log in as the user who installed the .msi file. In the
screen shot that follows, you will see that the “Labuid” account that installed the agent is
4. now the agent service account. Use the “Edit” button on the configuration window to
change the service account to a restricted user account if desired.
9. Allow the Agent account to log on the member server as a service. On the member server
open the “Local Security Policy” mmc.
10. Under the “Local Policies” > “User Rights Assignments” add the service account to the “Log
in as a Service” option
11. For Win2K8, Add the service account user to the “Event Log Reader” and “Server Operator”
built in local security groups in the domain.
12. For Win2K3, the user right “Manage auditing and security log” must be given to that
account. Edit the Default Domain Controller Security Policy, found under Programs -> Admin
Tools. Drill down to Security Settings -> Local Policies -> User Rights Assignment. You will see
the screen below.
5. In the right-hand pane, locate the user right “Manage auditing and security log”. Double click that
entry. You will see that only Administrators have that user right.
Click Add User or Group.
Enter the username of the account you just created, and click on Check Names to confirm that
account exists. The account name will become underlined.
6. 13. Make sure that the service is running in Services window.
14. To check if you have configured the UID agent correctly, go to Start -> Palo Alto Networks ->
User-ID Agent and open the UID agent GUI, go to Discovery Tab, you will see the Domain
Controller listed.
15. To check if the UID agent successfully reads the event viewer and discovers the username go
to Monitoring tab.
7. 16. Next step is adding the UID agent in the firewall.
Configure User-ID agent in the firewall
17. Login to the firewall
18. Go to Device tab
19. Then User Identification node, click User-ID Agents sub-tab
20. Click Add, and then enter the name, IP address and port (default 5007). Click OK then hit
commit.
21. You will see the green button when the UID agent successfully connected to the firewall.
8. 22. To verify that the firewall receive the User-IP mapping, ssh to the firewall and execute the
below command
admin@PA-200> show user ip-user-mapping all
b. IP – User Mapping ( Agentless )
The IP – User Mapping function that was performed by the User-ID agent, can be replaced by an
agentless User-ID. Agentless User-ID allow server to be run from the PAN device.
The login which works on the User-ID agent - most likely will not work on the Agentless. (Additional
permission are needed)
Create service account and configure account permission
1.
Create the service account in AD. This is utilized on the device. Be sure the user is part of the
Distributed COM Users, Server Operators and Event Log Readers groups.
9. 2.
3.
4.
Device uses WMI Authentication. you must modify the CIMV2 security properties on the AD server the
device connects to.
Run wmimgmt.msc (on the domain controller server) on the command prompt to open the console and
select properties as shown below.
Select the Security tab of the WMI Control Properties and drill down to the CIMV2 folder. Select this
folder and click the Security button. Add the service account from step 1. In this case, it's
panrunner@nike.local. For this account, check off both Enable Account and Remote Enable.
10. 5.
After you’ve completed the permission setting for UID account , you need to setup the UID
configuration in the firewall.
Configure UID in the firewall
6. Login to the firewall GUI
7. Go to Device tab -> User Identification select User Mapping sub-tab
8.
Under Server Monitoring, click Add and add IP address of the server to be monitored.
11. 9.
Click Edit on the Palo Alto Networks User ID Agent Setup
10. Be sure to configure with domainusername format for username under WMI Authentication tab along
with valid credentials for that user.
11.
12.
13.
14.
Enable Server Monitor options (enable security log/enable session) accordingly.
Client probing is enabled by default so disable if desired.
Click Commit
Confirm connectivity via GUI and/or CLI as shown below.
13. 2. User enumeration
The second section is to configure Enumeration of users and their associated group membership.
Before a security policy can be written for groups of users, the relationships between the users and
the groups they are members of must be established. This information is retrieved from an LDAP
directory, such as Active Directory or eDirectory. The firewall or an agent will access the directory
and search for group objects. Each group object will contain a list of user objects that are members.
This list will be evaluated and will become the list of users and groups available in security policy and
authentication profiles. The only method of retrieving this data if through LDAP queries from the
firewall. An agent system can be configured to proxy the firewall LDAP queries if the topology
requires that.
1. Login to the firewall through GUI
2. Go to Device tab then Server Profile -> LDAP then click Add
3. List the directory servers that you want the firewall to use in the server list. You need to
provide at least one server; two or more are recommended for failover purposes. The
standard LDAP port for this configuration is 389.
4. Enter the name of the domain in the “Domain” field. The domain name should be a
Netbios name
5. Select a directory “Type”. Based on the selected directory type, the firewall can populate
default values for attributes and objectclasses used for user and group objects in the
directory server.
6. Enter the base of the LDAP directory in the “Base” field. For example, if your Active
Directory Domain is “acme.local”, your base would be “dc=acme,dc=local”, unless you
want to leverage an Active Directory Global Catalog.
7. Enter a user name for a user with sufficient permission to read the LDAP tree. In an
Active Directory environment, a valid username for this entry could be the “User
Principal Name”, e.g. “administrator@acme.local” but also the users distinguished name,
e.g. “cn=Administrator,cn=Users,dc=acme,dc=local”.
8. Enter and confirm the authentication password for the user account that you entered
above.
9. In case you have difficulties identifying your directory base DN, you can simply follow
these steps:
14. a. Open the Active Directory Users and Groups management console on your
domain controller.
b. Select “Advanced features” in the “View” menu of the management console.
c. Select the top of your domain object and select “Properties”.
d. Navigate to the “Attribute Editor” in the properties window and scroll to the
“distinguishedName” attribute.
e. Copy the content of this attribute into the LDAP Server configuration “Base”
field in the firewall management UI.
Group Mapping Settings
After the LDAP server has been configured, you need to configure how groups and users are
retrieved from the directory and which users groups are to be included in policies.
In order to create a new group mapping entry, navigate to the “Device > User Identification”
menu and create a new entry under the “Group Mapping Settings” tab.
In this configuration, you specify which LDAP server profile is going to be used to identify users
and groups.
• Select the “LDAP Server Profile” you configured earlier in the “LDAP Server Profile” section
in the drop-down list under “Server Profile”.
All LDAP Attributes and ObjectClasses will be pre-populated based on the directory server type
you selected in the “LDAP Server Profile”. Under normal circumstances, you should not have to
modify any of these attributes. Please refer to the Palo Alto Networks Administrator’s Guide for
customizations of these attributes.
The default update interval for changes in user groups is 3600 seconds (1 hour). You can
customize this value to a shorter period if needed.
15. Go to Group include list tab, leave this blank if you want to include ALL groups, or select the groups
that you want to be mapped.
3. IP – User Mapping through User-ID API
3.1 User-ID agent API, Microsoft NPS, Microsoft DHCP integration
Pre-requisite
-
Microsoft 2008 Server 64 Bit
Microsoft NPS
Microsoft DHCP server
Palo Alto Networks UID Agent
-
Scripts from https://github.com/cesanetwan/scripts/tree/master/paloalto
-
At least 1 Windows server running IAS/NPS
-
The server running the Palo-Alto User-ID Agent must have IP connectivity
-
The Palo-Alto User-ID Agent must have the User-ID XML API enabled
-
As a convention, the script should be stored in a DFS share for replication purposes ie
%domainname%scripts
-
The script needs to be configured to trigger on a Windows Event 6272
-
The User-ID timeout set in the Palo-Alto User ID Agent must be less than the session
timeout on the wireless controller
16. -
Task must be configured to run under the designated sync account for the content filter at
sites
-
Said account must be granted log on as service, log on as batch job rights, in addition to
full permissions to read, write and modify to the installation directory of the Palo-Alto User
ID Agent, and additionally be a member of the "DHCP Users" builtin group in Active
Directory
-
The ignore_user_list and UIDConfig.xml must be present in the installation directory of
the Palo-Alto User ID Agent, and customised to the sites configuration as per the
samples in this repository
-
The scheduled task should be configured to queue new instances should the task be
running when a new instance is called, and modified to fit the template provided in this
repository
This integration script was provided and developed by the guys from Catholic Education SA, mainly
Gareth Hill. Their link can be found https://github.com/cesanetwan/scripts/wiki/CEFilter-UIDRADIUS-script
The CESA UID RADIUS script is a means of enumerating 802.1x authorised users to the PaloAlto Networks User-ID Agent such that the appropriate filtering policies are applied automatically,
allowing for a seamless user-experience with Palo Alto Networks NGFW and User-ID.
Lab Diagram
Installation
The below steps are to be used for the above sample diagram. Please change the variables according
to the instruction at https://github.com/cesanetwan/scripts/wiki/CEFilter-UID-RADIUS-script
1. Copy the below file UIDRADIUSScript.vbs to C:WindowsSYSVOLdomainscripts ( note
that this can be changed to any location )
17. UIDRADIUSScript.vb
s
2. Copy the below file UIDConfig.xml to C:Program Files (x86)Palo Alto NetworksUser-ID
Agent
UIDConfig.xml
3. Create a scheduled task to trigger on Windows Event 6272
22. Right click on the event and click export task to XML
Edit the tasks XML to reflect the example XML file below
User-id.xml
Importantly, the Triggers and the Exec sections
<Triggers>
<EventTrigger>
<Enabled>true</Enabled>
23. <Subscription><QueryList><Query Id="0" Path="Security"><Select
Path="Security">*[System[Provider[@Name='Microsoft-Windows-Security-Auditing'] and
EventID=6272]]</Select></Query></QueryList></Subscription>
<ValueQueries>
<Value name="SubjectUserName">Event/EventData/Data[@Name='SubjectUserName']</Value>
<Value
name="CallingStationID">Event/EventData/Data[@Name='CallingStationID']</Value>
</ValueQueries>
</EventTrigger>
</Triggers>
Exec Section
<Exec>
<Command>C:WindowsSystem32cscript.exe</Command>
<Arguments>C:WindowsSYSVOLdomainscriptsUIDRADIUSScript.vbs "$(SubjectUserName)"
$(CallingStationID)</Arguments>
</Exec>
Then delete the original task and import the modified XML.
Type in your username and password
24. Enable the task
Test by authenticating user through 802.1x, you should then see 802.1x authenticated user appear
in the User-ID agent monitoring tab.
UIDConfig.xml variables description
<?xml version="1.0" encoding="UTF-8"?>
<user-id-script-config>
<domain>LAB</domain> - the domain of the site in question
<LogFormat>DHCP</LogFormat> - The log format - valid values are NPS, IAS and DHCP, for
the various methods of processing this information, in this example we’re using DHCP
<AgentServer>192.168.6.3</AgentServer> - server the UID agent is installed on
<AgentPort>5008</AgentPort> - port the User-ID XML API is listening on
<Debug>1</Debug> - a debug flag (not implemented yet)
<DHCPServer>main.lab.com</DHCPServer> - the DHCP Server at the site in question, used to
do remote queries if there are 2 NPS servers at a site
</user-id-script-config
3.2
User-ID agentless API, Microsoft NPS, Microsoft DHCP integration (
Work in progress )
Pre-requisite
-
Microsoft 2008 Server 64 Bit
Microsoft NPS
Microsoft DHCP server
Palo Alto Networks PANOS 5.0
Scripts from https://github.com/cesanetwan/scripts/tree/agentle/paloalto
Agentless branch
-
At least 1 Windows server running IAS/NPS
-
The Palo-Alto Networks firewall must run PANO 5.0
-
As a convention, the script should be stored in a DFS share for replication purposes ie
%domainname%scripts
-
The script needs to be configured to trigger on a Windows Event 6272
25. Revision History
Date
12 April 2013
Revision
1.0
Comment
Draft
References
https://github.com/cesanetwan/scripts/wiki/CEFilter-UID-RADIUS-script
https://live.paloaltonetworks.com/docs/DOC-3664
https://live.paloaltonetworks.com/docs/DOC-3120
https://live.paloaltonetworks.com/docs/DOC-1807