Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Palo Alto Networks ALG Security Technical Implementation Guide
SRG-NET-000192-ALG-000121
The Palo Alto Networks security platform must block phone home traffic.
The Palo Alto Networks security platform must block phone home traffic.
An XCCDF Rule
Details
Profiles
Prose
The Palo Alto Networks security platform must block phone home traffic.
Medium Severity
<VulnDiscussion>A variety of Distributed Denial of Service (DDoS) attacks and other attacks use "botnets" as an attack vector. A botnet is a collection of software agents (referred to as "bot"), residing on compromised computers. Attacks are orchestrated by a "bot herder" to command these agents to launch attacks. Part of the command and control communication between the controller and the bots is a message sent from a bot that informs the controller that it is operating. This is referred to as a "phone home" message. On the Palo Alto Networks security platform, a security policy can include an Anti-spyware Profile for “phone home” detection (detection of traffic from installed spyware). The device has two pre-configured Anti-spyware Profiles; Default and Strict. The Default Anti-spyware Profile sends an alert for detected phone-home traffic for all severity levels except the low and informational severity threat levels, while the Strict Anti-spyware Profile blocks phone-home traffic for the critical, high, and medium severity threat levels. Phone home traffic must either be blocked or intercepted by the DNS Sinkholing feature. Therefore, a custom Anti-spyware Profile or the Strict Anti-spyware Profile must be used instead of the Default Anti-spyware Profile. Note that there are specific implementation requirements for DNS Sinkholing to operate properly; refer to the Palo Alto Networks documentation for details.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>