Update: 02/10/2021 If you are using threat DB version 8373-6537, the default action now is reset-server.
The main objective of Cybersecurity professionals, is to reduce the attack surface, on network connected devices (computers, IoT, hvac, smart UPSs, smart power strips, etc.). Cybersecurity professionals often assume that devices that have no internet connectivity will never be compromised by a hacker. The NAT slipstreaming cyberattack proves this wrong.
“NAT Slipstreaming allows an attacker to remotely access ANY TCP/UDP service bound to ANY system behind a victim’s NAT, bypassing the victim’s NAT/firewall (remote arbitrary firewall pinhole control), all it takes is the victim’s computer to visit the attacker’s website”.
Once the victim’s computer visits the website, the attacker’s servers start to scan your network to identify the network connected devices. If your devices have not been patched to mitigate vulnerabilities, the attackers will exploit these to take control over them and cause havoc. – Sammy Kamkar (discovered the attack method).
Requirements
In order to protect your network you will need to meet the following requirements:
You will need to build or use an existing security policy.
You will need to build or use an existing “vulnerability protection” security profile
STEPS TO CONFIGURE A PALO ALTO FIREWALL TO PROTECT FROM THE “NAT SLIPSTREAM” ATTACK METHOD
- Click on vulnerability protection profile name you want to edit.
- Go to the exceptions tab.
- Click on the exceptions tab.
- Type slipstream.
- Change the action from alert to drop, or reset-server or client.
How to protect your network
There are several ways you can protect your network from the “NAT Slipstreaming” threat.
- Update your web browser to the latest version.
- Make sure you are inspecting east / west traffic to identify and block threats on your Palo Alto firewall.
- Build user based security policies.
- Build application (layer7) based security policies.
- Segment your network and have multiple security zone
Consider Donating to allow me to make more useful videos for you and keep this space (your space) ad free. When you donate I will provide a discount code in my training store. Go to the discount page here. |
Comments
Post a Comment