• Samba เป็น Software ที่ช่วยให้สามารถ Share File และเครื่องพิมพ์บน Linux ให้กับระบบปฏิบัติการ Windows:

    • เจาะลึก Snoc กับบริการ Cloud สำหรับป้องกัน DDoS โดยเฉพาะ ที่ทุกองค์กรควรให้ความสนใจ:

    • Snoc เปิดตัว Solution Version 3.0 พร้อมให้บริการ Web Application Firewall และ DDoS Protection:

    • เผย...ตลาดมืด Online รับยิง DDoS!!:

    • นิ่งไปสามวิ! DDoS ติดโผ Datacenter Outage:

    • จะรู้ได้อย่างไรว่าเรากำลังถูกโจมตีแบบ DDoS:

    • Introduction, Build the DDoS response plan with Checklist, How do you know when they DDoS you!, DDoS Mitigation Technique:

    • App VS Volume รู้ยัง! ตัวไหนโดนงัดมาใช้บ่อยสุด:

    • Attack of the year 2014: รู้ยัง! ว่าตัวไหนน:

    • X-Forwarded-For (XFF):

    • TCP 3-Way Handshake:

    • www.icez.net/blog/69510/ddos-tcp-fin-flood

    • th.wikipedia.org/wiki/อินเทอร์เน็ตบอต

    • URL vs URI:

    • Basic Cryptography - Digital Certificate & SSL:

    • Cache คืออะไร:

    • Penetration Tester:
      • app.cybrary.it/browse/course/comptia-linux-plus
      • app.cybrary.it/browse/course/comptia-security
      • app.cybrary.it/browse/course/ethical-hacking
      • EC-Council CHFI

    • Security Operations Center (SOC) Analyst - Add below:
      • app.cybrary.it/browse/course/comptia-network-plus
      • app.cybrary.it/browse/course/comptia-casp

    • Cyber Security Engineer - Add below:
      • app.cybrary.it/browse/course/comptia-cloud-plus
      • app.cybrary.it/browse/course/cisco-ccna
      • app.cybrary.it/browse/course/comptia-cysa-2018
      • app.cybrary.it/browse/course/cissp
      • app.cybrary.it/browse/course/cism
      • app.cybrary.it/browse/course/project-management-professional
      • app.cybrary.it/browse/course/isc2-certified-cloud-security-professional-ccsp

    • www.facebook.com/longhackz

    • หลักแห่งการออกแบบระบบอย่างมั่นคงปลอดภัย (Secure Design Principles):

    • Example Attacks:
      • blog.endace.com/2013/08/27/ddos-attacks-on-port-0-does-it-mean-what-you-think-it-does
      • www.techtalkthai.com/blacknurse-dos-attack-server-firewalls
      • notebookspec.com/ทำความรู้จักกับ-distributed-denial-of-service-ddos/36287
      • arit.rmutsv.ac.th/th/blogs/80-sql-injection-คืออะไร-757
      • www.thaicert.or.th/downloads/presentations/20150507_Seminar_Dataone_.pdf

    Palo Alto:

    • PA-200, PA-3000, PA-5000, and PA-7000 models are the Palo Alto Networks next-generation firewall models.

    • Control and data planes are found in Palo Alto Networks single-pass platform architecture.

    • The strength of the Palo Alto Networks firewall is its Single-Pass Parallel Processing (SP3) engine.

    • PA-5280 new firewall model was introduced with PAN-OS® 8.1 with double the data-plane memory.

    • Palo Alto Networks firewall are built with a dedicated out-of-band management port that has Labeled MGT by default, Passes only management traffic for the device and cannot be configured as a standard traffic port, and Administrators use the out-of-band management port for direct connectivity to the management plane of the firewall attributes.

    • Can revert the candidate configuration to the running configuration, Clicking Save creates a copy of the current candidate configuration, and Choosing Commit updates the running configuration with the contents of the candidate configuration.

    • Firewall administrator accounts can be individualized for user needs, granting or restricting permissions as appropriate.

    • Firewall administration can be done using web interface, Panorama, command line interface, or XML API.

    • Service routes can be used to configure an in-band port to access external services.

    • Virtual routers provide support for static routing and dynamic routing using OSPF, RIPv2, and BGP protocols.

    • Layer 3, Tap, and Virtual Wire interface types are valid on a Palo Alto Networks firewall.

    • Intrazone traffic is allowed by default but interzone traffic is blocked by default.

    • A Virtual Wire (vwire) interface sometimes called a Bump in the Wire or Transparent In-Line, no support for routing or device management, and support NAT, Content-ID, and User-ID.

    • A Layer 3 interface can be configured as dual stack with both IPv4 and IPv6 addresses.

    • Source Zone, Username, URL, and Application items are possible network traffic match criteria in a Security policy on a Palo Alto Networks firewall.

    • Universal type of Security policy rules is the default rule type.

    • The intrazone-default and interzone-default rules can be modified.

    • dynamic IP, dynamic IP/Port, and static are names of valid source NAT translation types.

    • Logging on intrazone-default and interzone-default Security policy rules is disabled by default.

    • Logs can be forwarded to Email, Syslog, Panorama, or SNMP the Remote Logging Destinations.

    • A log can be exported to CSV format.

    • A Report Group must be sent as a scheduled email. It cannot be downloaded directly.

    • A SaaS application that formally approve for use on network is sanctioned of application.

    • only one firewall actively processes traffic, no increase in session capacity and throughput, and supports Virtual Wire, Layer 2, and Layer 3 deployments attributes describe an active/passive HA firewall configuration.

    • configuration synchronization, heartbeats, and hellos are types of traffic flow across the HA Control link.

    • On a firewall with dedicated HA ports, Data link describes the function of the HA2 port.

    • A Backup Control link helps prevent split-brain operation in a firewall HA cluster.

    • heartbeats and hellos, internal health checks, link and path groups are failure detection methods in a firewall HA cluster.

    • A Security policy rule displayed in italic font indicates The rule is disabled condition.

    • A Server Profile enables a firewall to locate a server with remote user accounts server type.

    • An Antivirus Security Profile specifies Actions and WildFire Actions. WildFire Actions enable to configure the firewall to perform Block traffic when a WildFire virus signature is detected operation.

    • An Interface Management Profile can be attached to Layer 3 and Loopback interface types.

    • App-ID running on a firewall identifies applications using Program heuristics, Application signature, and Known protocol decoders methods.
  • 4 Comments sorted by
    • Finding URLs matched to the not-resolved URL category in the URL Filtering log file might indicate that should take Validate connectivity to the PAN-DB cloud action.

    • If a DNS sinkhole is configured, any sinkhole actions indicating a potentially infected host are recorded in Threat log type.

    • If there is an HA configuration mismatch between firewalls during peer negotiation, NON-FUNCTIONAL will the passive firewall enter.

    • In s Security Profile, The traffic responder is reset and For UDP sessions, the connection is dropped action does a firewall take when the profiles action is configured as Reset Server.

    • In an HA configuration, networks, objects, and policies components are synchronized between the pair of firewalls.

    • In an HA configuration, path monitoring and heartbeats failure detection methods rely on ICMP ping.

    • On a firewall that has 32 Ethernet ports and is configured with a dynamic IP and port (DIPP) NAT oversubscription rate of 2x, 128K is the maximum number of concurrent sessions supported by each available IP address (2x64K layer 4 protocol ports).

    • SSL Inbound Inspection requires that the firewall be configured with server's digital certificate and private key components.

    • The User-ID feature is enabled per firewall security zone.

    • The WildFire Portal website supports upload files to WildFire for analysis, report incorrect verdicts, and view WildFire verdicts operations.

    • dataplane and control/management plane are the separate planes that make up the PAN-OS architecture.

    • Pre-Logon, User-Logon, and On-demand are connection methods for the GlobalProtect agent.

    • untrusted and expired certificate checking are benefits of attaching a Decryption Profile to a Decryption policy no-decrypt rule.

    • When SSL traffic passes through the firewall, Security policy component is evaluated first.

    • GlobalProtect Portal does a GlobalProtect client connect to first when trying to connect to the network.

    • Continue action in a File Blocking Security Profile results in the user being prompted to verify a file transfer.

    • Continue, Block, Override, and Alert actions can be applied to traffic matching a URL Filtering Security Profile.

    • Tab, Layer 2, and Layer 3 interface types require configuration changes to adjacent network devices.

    • It determines which firewall services are accessible from external devices describes a function provided by an Interface Management Profile.

    • There is a single, per-firewall password is a URL Filtering Profile override password.

    • file traversing the firewall, email attachments, and URL links found in email components can be sent to WildFire for analysis.

    • Virtual Wire, Layer 2, and Layer 3 interface types can control or shape network traffic.

    • Default gateway, Netmask, and IP address MGT port configuration settings are required in order to access the WebUI from a remote subnet.

    • .dll and .exe file types can be sent to WildFire for analysis if a firewall has only a standard subscription service.

    • dynamic update antivirus, WildFire antivirus, and dynamic update threat signatures are type of content update have to be scheduled for download on the firewall.

    • GlobalProtect user mapping method is recommended for a highly mobile user base.

    • GlobalProtect clientless VPN provides secure remote access to web applications that use HTML5, JavaScript, and HTML technologies.

    • URL Filtering, Threat Prevention, and WildFire® subscription services are included as part of the GlobalProtect cloud service.

    • 20 is the maximum number of WildFire® appliances that can be grouped in to a WildFire®
      appliance cluster.

    • The decryption broker feature is supported by PA-7000, 3200, and 5200 Palo Alto Networks firewall series.

    • Dropbox, Google, and YouTube HTTP header insertion types are predefined.

    • VM-50 Lite VM-Series model was introduced with the release of PAN-OS® 8.1.

    • docs.paloaltonetworks.com/pan-os/7-1/pan-os-admin/policy/use-case-pbf-for-outbound-access-with-dual-isps

    What should be considered when buying a firewall?:
    1. Interface Port: 1G/10G, UTP/SFP
    2. Throughput: Firewall, SSL-VPN

    •  ทำความรู้จักกับ Palo Alto Networks NGFW:

    • คู่มือการใช้งาน FortiGate:


    • Attacking systems by exploiting otherwise unknown and unpatched vulnerabilities is also known as Zero-day exploits.

    • Political, social, or moral disagreements are the primary motivations of the "Hacktivist".

    • Command & Control (C&C) Server is central component necessary to form a botnet.

    • Phishing is it called when a fraudulent email masquerades as a legitimate communication in an attempt to get a user to reveal sensitive information.

    • Intimidation through disruption and damage is the goal of the "Cyber Terrorist".

    • Notoriety is the motivation of the bad actor known as the "Explorer".

    • Ideology is the motivation of the "Cyber Terrorist".

    • Money is the motive of the "Cyber Criminal".

    • Ransomware is the name of the malware that takes over a computer system and holds hostage the disk drives or other data.

    • The political interest of their country's government is the primary motivation of the "Cyber Warrior".

    • More complicated and more expensive does implementing multiple security point products from multiple vendors affect managing an environment.

    • Internally to the CIO's company, Productivity is reduced is the overall impact when a cyber attack causes extended downtime, and employees' time is diverted to post-attack activities.

    • On average, CIOs have the shortest tenures among C-level executives.

    • Regulatory fines related to serious breaches can be characterized in They can be enormous and seriously impact the bottom line way.

    • Implementing cyber security is becoming a regular topic between CIOs, the other C-level executives, and the board of directors.

    • Controlling the Information Technology (IT) resources of a company is the primary responsibility of a CIO.

    • Analyze and design the IT infrastructure so that it aligns with those business goals a CIO will do once they understand the company's business goals and priorities.

    • When investments are made in IT infrastructure, Show how these investments deliver measurable results should a CIO do next.

    • When the general public learns of a serious breach, An erosion of trust leading to a decline in business with the breached company is their likely reaction.

    • A CIO must work closely with the other C-level executives To understand the company's business goals and priorities.
    • The role of CISO is relatively new present.

    • In many of the breaches, tens of millions of credit cards become compromised, and personally identifiable information for millions of individuals are stolen. Class-action lawsuits is one result.

    • Thought leadership, partnership development, and customer engagement are ways CISOs often expected to represent the company.

    • Originally, the role of CISO was mostly concerned with Compliance topic.

    • It must be secured and protected just the same can be said for a company's data that resides outside their buildings.

    • A concrete assessment of information risk and value do the other C-level executives want from a CISO.

    • Huge fines is the result of these breaches becoming the targets of government regulators.

    • Shadow IT is the term for when departments or individuals go outside the corporate policies and spin up their own applications, utilize unapproved or uncoordinated SaaS services, or otherwise allow what may be key information assets to be stored out of our control.

    • The loss of customer trust and lasting damage to brand reputation results from the loss of control of customers' personally identifiable information.

    • Scattered all over the place are the information assets in a typical company today.

    • A CFO's responsibility is to manage financial risk, and that covers All the information and data in the company.

    • Being trustworthy with customer data is now a part of Building brand loyalty outcome.

    • A CFO treat intangible assets such as intellectual property, trade secrets, manufacturing methods, and the information about customers does Just as responsible for the financial risks to those information assets as any others.

    • Looking into the past, a CFO will create Reporting on the prior financial performance of the company.

    • Since it uses information from every corner of the business, Accurate and trustworthy information does a company's Enterprise Resource Planning (ERP) system require to help the CFO understand what's happening now, and plan for the future.

    • From having to re-state the data, to being found in violation of financial regulations are the consequences if a CFO's reports are not accurate.

    • Access to good information does a CFO rely on to create forecasts of what will happen to the company in the future.

    • To manage the finances and the financial risks of the company is the primary responsibility of a CFO.

    • Cyber threats poses one of the greatest risks to the financial value of a company's information assets.

    • Analyzes the financial impact role does a CFO play in new business initiatives, product launches and/or new service offerings.

    • Launch a browser or app manually, then log into their website to investigate the issue should do if get an unsolicited email from an otherwise trusted source that says to click a link.

    • Two-factor authentication uses the combination of "something know" with "Something have" elements.

    • Many cyber attacks exploit unpatched vulnerabilities is the risky to keep using old, unsupported / no longer supported/updated operating systems.

    • Set up regular backups action can be taken in advance to help protect data from corruption from malware.

    • Use different passwords for each system or website is the recommendation for passwords on all the systems and websites that use.

    • A password manager tool can use to help "remember" all passwords.

    • To prevent spammers from learning that have seen one of their emails, Set email client to not automatically download the images in email messages.

    • When receive an unsolicited email, Don't open the attachment should do if it has an attachment.

    • If the bad guys break into one of the password, they have password for all of them is a security problem if use the same password for all the systems and websites.

    • On a regular basis should change passwords.

    • SaaS mean Software as a Service.

    • Cloud computing is The practice of using a network of remote servers hosted on the internet to store, manage, and process data, rather than a local server or a personal computer.

    • Google Cloud, Azure, and AWS are the cloud service vendors with the Fortinet Security Fabric integrates.

    • The reason that drove organizations from the traditional network architecture to the cloud was The cost savings that are realized when moving from owning expensive hardware that is only partially utilized to renting only when needed.

    • Virtualization was the technology that made cloud computing possible.

    • When a customer's data and services are moved to the cloud, ultimately The customer has the responsibility for security.

    • Basic cloud security can be achieved by native cloud security tools. Customers are sometimes not aware of the limitations of native cloud security tools is a potential problem should customers rely solely.

    • The attributes identified with an MPLS network:
      • Data packets are assigned a label and each label is associated with a pre-determined path through the network.
      • The data-center is the only conduit to the internet.

    • The weaknesses of SD-WAN:
      • Multiple access points to the internet exposes the network to more points of attack.
      • There is no built-in defense against advanced cyber-attacks.

    • The traditional network that supported multiple geographic locations used dedicated high-speed lines to send data between HQ and its branches. An attribute of this type of network is The data line was not shared with other organizations.

    • Scalability was a major weakness of the traditional network that MPLS solved.

    • FortiGate is the name of the Fortinet product that provides both SD-WAN and NGFW security.

    • The principal architectural difference between MPLS and SD-WAN as it affects latency is In an MPLS network only the data-center has direct internet access, while in an SD-WAN network there are multiple access points.

    • With the rise of the Internet, The rate increased tremendously that new malware variants appear.

    • Anti-virus software were the early forms of endpoint security products known as.

    • An endpoint devices are Smartphone, Laptop, and IoT device.

    • Go beyond simple signature comparisons must modern endpoint solutions do to be effective today.

    • Modern endpoint solutions must identify existing, known and Unknown threats.

    • Compare the signature of the file with a list of known virus signatures method did the early antivirus products use to detect malware.

    • Reasons why should care about the security of endpoint devices:
      • The endpoints hold valuable data.
      • The endpoints can be a way to access other important data and devices on the network.

    • FortiGuard Labs is the name of Fortinet's threat intelligence service.

    • Sand-boxing security technology was created to detect the unknown threats that, for example, don't appear in lists of known malware signatures.

    • Beyond sand-boxing, Artificial Intelligence (AI) and Machine Learning technologies are being developed by the vendors' threat intelligence services.

    • The one-to-one malware signature matching method no longer worked security challenge was created when the malware authors began to make malware that morphs into different forms.
  • Lab:

    Palo Alto 1:
    1. Management (MGMT):
      Network > Interfaces > Ethernet > ethernet1/1-2 >
       - Interface Type: Layer3
       - Virtual Router: default
       - IPv4 > Static > x.223.40.139/24
       - Advanced > Management Profile > Add > Name: mgmt, Tick HTTPS, Ping, SSH

      Delete Virtual Wires

      Zones > Add >
       - Name: WAN
       - Type: layer3
       - Interface: ethernet1/1-2


    2. Default Route:
      Virtual Router > default > Static Routes > Add
       - Name: WAN1
       - Destination:
       - Interface: ethernet1/1
       - Next Hop: IP Address: x.223.40.254
       - Metric: like router cost prefer lower

      > ping source x.223.40.139 host
      > ping source x.246.236.100 host

      Change password:
      Device > Administrators

    3. Sub-interface:
      Network > Interfaces > Ethernet > ethernet1/3 >
       - Interface Type: Layer3
       - Virtual Router: default

      Network Profiles > Interface Mgmt > Add >
       - Name: Lan
       - Tick: Ping, HTTPS

      Choose ethernet1/3 > Add Subinterface >
       - Interface Name ethernet1/3.40
       - Tag: 40
       - Virtual Router: default
       - IPv4 > Static >
       - Advanced > Management Profile: Lan

      Zones > Add >
       - Name: EN
       - Type: Layer3
       - Add: Interface ethernet1/3.40

      DHCP > Add >
       - Interface: ethernet1/3.40
       - Mode: auto
       - Add: > Options >
       - Gateway:
       - Subnet Mask:
       - Primary DNS:
       - Secondary DNS:

    4. Route back:
      Virtual Routers > Static Routes > Add >
       - Name: 4
       - Destination:
       - Interface: ethernet1/3.40
       - Next Hop: None

    5. NAT:
      Objects > Add >
       - Name: EN
       - Type: IP Netmask,

      Policies > NAT > Add >
       - Name: internet > Original Packet >
       - Source Zone: EN
       - Destination Zone: WAN
       - Source Address: EN > Translated Packet >
       - Translation Type: Dynamic IP & Port
       - Address Type: Interface Address
       - Interface: ethernet1/1
       - IP Address: x.223.40.139

    6. Policy Based Routing/Forwarding (PBR/PBF):
      to access internet via WAN2 & Monitor WAN Links:
      Policy Based Forwarding > Add >
       - Name: internet
    Cr: BenGy@ProEn B-)
    • The various vendors do share their threat information with other vendors Because it's not the threat information that sets vendors apart, it's what they can do with it.

    • The threat intelligence service catalogs the knowledge about existing or emerging attacks, including the specific mechanisms of the attack, the evidence that the attack has happened. This is also known by Indicators of Compromise term.