Firewall 7.1 – Install, Configure, and Manage (EDU-101) – Certificate of Completion
Augmented Reality has Arrived: Time to Embrace the Opportunities
Consumers – mindful of this year’s Pokémon Go phenomenon – are recognizing AR’s potential benefits, a surefire indicator that the marketplace will respond quickly.
In ISACA’s annual IT Risk/Reward Barometer—a two-pronged survey that examines both consumer and IT/business perspectives—the majority of consumers see clear benefits of AR-enhanced devices in everyday life and work. For now, though, a disconnect exists, as only 21 percent of global business and technology professionals are convinced that the benefits of AR outweigh the risks.
The hesitance of many professionals to embrace AR – technology that superimposes a computer-generated overlay on a user’s view of the real world – is both understandable and predictable since it is still in the early stages. With the emergence of any new technology, the attack surface increases. AR-related privacy and security concerns are legitimate, especially when factoring in a proliferation of Internet of Things (IoT) devices. Concerted attention from device manufacturers and security professionals is a must.
Yet this natural caution must not keep enterprises from keeping up with the competitive landscape. Of critical importance, one in four enterprises has a way to detect pictures, posts and videos tagged or geotagged to their business locations and advertisements. That means there are best practices to learn from as enterprises look to move forward securely while incorporating components of AR.
While the resounding popularity of Pokémon Go alerted consumers and enterprises to the buzz that AR can generate, the potential applications of AR in the workplace are numerous. Adoption figures to be especially swift from a marketing standpoint as organizations learn to leverage AR for signage, social media and other purposes.
Enterprises can realize the benefits of AR and overcome potential barriers through some of the following steps:
- Extend social media monitoring to AR platforms. Leverage and extend current social media policies and monitoring to augmented reality platforms. Social media is a key source of information for many augmented viewing apps.
- Consider how AR can improve your business. Training, diagnostics and marketing are three areas with particularly strong potential.
- Review your governance framework and update your policies. Incorporate use of AR as part of the business into organizational policies and procedures—including BYOD (bring your own device) and privacy policies. 63% of organizations do not have a policy to address AR in the workpalace.
- Build security into every part of the process. Security is a crucial component of AR initiatives that helps ensure confidence in the data.
While AR is a new concept for many, some industries have drawn upon aspects of it for years, such as the airline industry’s use of flight simulators to train pilots on new equipment. As AR becomes more popular and more affordable, it is inevitable that more industries invest in the technology. Since today’s smartphones are capable of running AR apps, adoption could be swift and even viral, as Pokémon Go demonstrated. According to Slice Intelligence, millennials accounted for more than half the paying population of Pokémon Go during launch week, but now are only 44 percent of buyers as other age groups also gain interest.
Business and technology professionals will become more comfortable with that reality the more that they explore AR. On that front, there is much progress to be made. The IT Risk/Reward Barometer shows that only 3 percent of professionals have used AR applications for business use within the past year and only 16 percent have done so for personal purposes.
The business community will be well-served to accelerate their exposure because consumers have spoken – AR is in demand. Now it is up to security professionals to address the risks so that consumers and enterprises alike can benefit from this promising technology.
Rob Clyde, CISM, ISACA Board Director and Executive Advisor at BullGuard Software
[ISACA Now Blog]
Note to Customers Regarding BlackNurse Report
On Thursday, November 10, 2016, TDC Security Operations Center in Denmark published a report stating they had noticed several low-volume ICMP attacks in their customers’ networks. TDC named this type of attack BlackNurse.
The security of our customers is our top priority. We have conducted an investigation into this issue and to date have found that Palo Alto Networks Next-Generation Firewall customers can only be affected in very specific, non-default scenarios that contravene best practices.
Attack details
A traditional ICMP flood attack sends ICMP requests to the target in a large volume. BlackNurse, on the other hand, is an ICMP attack that sends a low volume of ICMP Type 3 (Destination Unreachable) Code 3 (Port Unreachable) requests to the target. BlackNurse is a form of Denial-of-Service (DoS) attack and the TDC report claims that it has the potential to disrupt the target organization’s operations.
Impact
1) Palo Alto Networks Next-Generation Firewalls drop ICMP requests by default, so unless you have explicitly allowed ICMP in a security policy, your organization is not affected and no action is required.
2) If you have explicitly allowed ICMP in a security policy and have implemented our best practices for flood protection, your organization is not affected and no action is required.
3) If you have explicitly allowed ICMP in a security policy and have not implemented our best practices for flood protection, your organization’s firewalls may experience higher CPU and memory usage, which may slow down the firewall’s response. Please refer to the best practices listed below.
Recommendations
For protection against BlackNurse, we recommend that customers implement the following best practices. Specifically, please follow the below steps from the page Configure DoS Protection Against Flooding of New Sessions in the PAN-OS 7.1 Administrator’s Guide:
- Configure a DoS Protection profile for flood protection. Because flood attacks can occur over multiple protocols, the recommended best practice is to activate protection for all flood types in the DoS Protection profile. However, to protect against BlackNurse, the following types of flood protection are required:
- ICMP Flood
- ICMPv6 Flood
- Configure a DoS protection policy rule that specifies the criteria for matching the incoming traffic.
- Commit the configuration.
For more, please refer to the step-by-step instructions listed on the Configure DoS Protection Against Flooding of New Sessions page in the PAN-OS 7.1 Administrator’s Guide.
For customers using a version of PAN-OS prior to 6.1, please see the PAN-OS Administrator’s Guide for your organization’s software version listed on our Technical Documentation page and refer to the steps listed under the section ‘Threat Prevention’ > About Security Profiles > DoS Protection.
Note that firewall DoS protection is included as part of PAN-OS and does not require any software subscriptions.
Should you have any questions or need assistance with implementing these best practices, please don’t hesitate to contact our support team at support.paloaltonetworks.com.
[Palo Alto Networks Research Center]
