Palo Alto Networks ALG Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The Palo Alto Networks security platform must not enable the DNS proxy.
The Palo Alto Networks security platform can act as a DNS proxy and send the DNS queries on behalf of the clients. DNS queries that arrive on an interface IP address can be directed to different DN...Rule Medium Severity -
SRG-NET-000132-ALG-000087
Group -
SRG-NET-000164-ALG-000100
Group -
SRG-NET-000192-ALG-000121
Group -
SRG-NET-000192-ALG-000121
Group -
The Palo Alto Networks security platform must block phone home traffic.
A variety of Distributed Denial of Service (DDoS) attacks and other attacks use "botnets" as an attack vector. A botnet is a collection of software agents (referred to as "bot"), residing on compro...Rule Medium Severity -
SRG-NET-000192-ALG-000121
Group -
SRG-NET-000202-ALG-000124
Group -
The Palo Alto Networks security platform must deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception).
A deny-all, permit-by-exception network communications traffic policy ensures that only those connections that are essential and approved are allowed. As a managed boundary interface between netwo...Rule Medium Severity -
SRG-NET-000213-ALG-000107
Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.