Palo Alto Firewall and CyberSecurity Challenges

1. Month Year
June 20, 2021
Committee Member Names
Pr. LAHCEN OUGHDIR
Pr. ZAKARIA CHALH
Supervised by
Pr. MOHAMED BENSLIMANE
By
MOHAMMED EL ALAM
A project submitted in partial fulfillment
of the requirements for the degree of in
Network and Security Engineering
Palo Alto Firewall and Cybersecurity Challenges
U.S.M.B.A
University Sidi Mohammed Ben Abdellah
National School of Applied Sciences – Fez
Field Study: Information Technology

2. ii

3. iii
Foreward
First Name and Last Name of the Trainee Engineer from ENSAF :
✓ MOHAMMED EL ALAM
Project Title :
✓ Palo Alto Firewall and Cybersecurity Challenges: « Dev Networking Solution »
Host Organization :
✓ Enterprise : Dev Networking Solution
✓ Address : Casablanca
✓ Site web : http://www.devnetmaroc.com/company.php
First Name and Last Name of the project leader in the host organization :
✓ M. Ahmed LAGHFOUL
First Name and Last Name of the project supervisor at ENSAF :
✓ M. MOHAMED BENSLIMANE
Start and end date of Internship :
✓ Start date : 10/01/2021
✓ End date : 10/06/2021

4. iv
Dedicaces
To thebestof parents
No dedication can express my respects, my deep love and my gratitude.
for the sacrifices you have made for my education and well-being. I wish you
thank you for all the support and love that you have given me since my childhood and I hope
may your blessing always be with me. May this humble work be the fulfillment of
your so many wishes, the fruit of your countless sacrifices.
May God, the Most High, preserve you and grant you health, happiness and long life.
To my dearbrothersandsisters
You have always been at my side, you have never ceased to support and encourage me during all the years
of my studies, I am very grateful to you.
As a testimony of my deep tenderness and gratitude, I wish you a life full of happiness and success and may
God, the Almighty, protect and guard you.
To allmy familymembers
Please find in this work the expression of my affection.
To my friendsandcolleagues
It would be difficult for me to name all of you, you are in my heart, affectionately.

5. v
ACKNOWLEDGEMENT
My heartfelt thanks go to:
All the teaching and administrative staff of the ENSA Fez
I can only testify all my gratitude to you for the quality of the teaching that you have given me during these
two years spent at the ENSA of Fez.
Mr. Mohamed BENSLIMANE
I had the honor of being among your students and benefiting from your rich teaching, your pedagogical and
human qualities are a model for me, your dedication and your undeniable skills have always aroused my deep
respect.
I sincerely thank you for your patience and guidance during all these years and for the great honor you have
given me to accept the supervision of this work.
Mr. Ahmed LAGHFOUL
Your competence, your supervision has always aroused my admiration. I thank you for having granted me
this very enriching project for my training, for your welcome and your precious advice. Please find here, the
expression of my gratitude and my great esteem.
Dear jury members
You do me a great honor by agreeing to judge this work…

6. vi
UNDERTAKING
This is to declare That The project entitled “Palo Alto Firewall andCyber Security Challenges” is an Original
work done by undersigned, in partial fulfillment of the requirements for the degree “Master in Network
Security Engineering” at Computer Network and Security Engineering Department, University of Computer
and Information Technology, University of Science and Technology.
All the analysis, design and system development have been accomplished by the undersigned. Moreover, this
project has not been submitted to any other college or university.

7. vii
‫ملخص‬
‫عن‬ ‫المشروع‬ ‫هذا‬ ‫يتحدث‬
Palo Alto Firewall
‫فترة‬ ‫خالل‬ ‫به‬ ‫قمت‬ ‫الذي‬ ‫للعمل‬ ‫توليف‬ ‫عن‬ ‫عبارة‬ ‫التقرير‬ ‫هذا‬ ،‫السيبراني‬ ‫األمن‬ ‫وتحديات‬
" ‫شركة‬ ‫في‬ ‫تدريبي‬
Dev Networking Solutions
‫حماية‬ ‫كيفية‬ ‫معرفة‬ ‫هو‬‫المشروع‬ ‫لهذا‬ ‫العام‬ ‫الهدف‬ .‫دراستي‬ ‫نهاية‬ ‫مشروع‬ ‫من‬ ‫كجزء‬ ،"
‫األ‬ ‫تحديات‬ ‫من‬ ‫شركتنا‬
‫لشبكة‬ ‫األمنية‬ ‫والتهديدات‬ ‫السيبراني‬ ‫من‬
Networks
Palo Alto
.
‫وخاصة‬ ،‫الجودة‬ ‫وعالي‬ ‫ًا‬‫د‬‫ج‬ ‫قوي‬ ‫أمان‬ ‫هو‬ ‫اعتبارك‬ ‫في‬ ‫تضعه‬ ‫أن‬ ‫يجب‬ ‫شيء‬ ‫أول‬ ‫فإن‬ ،‫وتتقدم‬ ‫األمام‬ ‫إلى‬ ‫ما‬ ‫شركة‬ ‫تمضي‬ ‫لكي‬ ،‫ا‬ً‫ع‬‫جمي‬ ‫نعلم‬ ‫كما‬
‫أن‬ ‫قررت‬ ‫جدا؛‬ ‫واسع‬ ‫موضوع‬ ‫هو‬ ‫الشبكة‬ ‫أمن‬ .‫الشبكات‬ ‫مع‬ ‫تتعامل‬ ‫التي‬ ‫الشركات‬
‫الموضوع‬ ‫هذا‬ ‫اخترت‬ .‫ألهميته‬ ‫منه‬ ‫الصغير‬ ‫الجزء‬ ‫هذا‬ ‫أكتب‬
‫وإيجاد‬ ‫المشكلة‬ ‫هذه‬ ‫التعامل‬ ‫كيفية‬ ‫حول‬ ‫ما‬ ‫ا‬ً‫ئ‬‫شي‬ ‫أكتب‬ ‫أن‬ ‫وقررت‬ ‫شبكتهم‬ ‫اختراق‬ ‫مدى‬ ‫الحظت‬ ،‫عملي‬ ‫مكان‬ ‫في‬ ‫مشاكل‬ ‫من‬ ‫خضته‬ ‫ما‬ ‫بسبب‬ ‫ًا‬‫د‬‫عم‬
.‫لها‬ ‫حل‬
‫تأ‬ ‫أصبح‬ .‫المعلومات‬ ‫تكنولوجيا‬ ‫مجال‬ ‫في‬ ‫ا‬ً‫م‬‫مه‬ ‫ا‬ ً‫دور‬ ‫السيبراني‬ ‫األمن‬ ‫يلعب‬
‫األمن‬ ‫في‬ ‫نفكر‬ ‫عندما‬ .‫عصرنا‬ ‫تحديات‬ ‫أكبر‬ ‫أحد‬ ‫المعلومات‬ ‫مين‬
.‫يوم‬ ‫بعد‬ ‫ا‬ً‫م‬‫يو‬ ‫كبير‬ ‫بشكل‬ ‫تتزايد‬ ‫والتي‬،"‫اإللكترونية‬ ‫"الجريمة‬ ‫هو‬ ‫أذهاننا‬ ‫إلى‬ ‫يتبادر‬ ‫ما‬ ‫أول‬ ‫فإن‬ ،‫السيبراني‬
‫التداب‬ ‫هذه‬ ‫من‬ ‫الرغم‬ ‫على‬ .‫اإللكترونية‬ ‫الجرائم‬ ‫هذه‬ ‫لمنع‬ ‫الخطوات‬ ‫من‬ ‫العديد‬ ‫والشركات‬ ‫الحكومات‬ ‫تتخذ‬
‫قلق‬ ‫مصدر‬ ‫السيبراني‬ ‫األمن‬ ‫يزال‬ ‫ال‬ ،‫ير‬
‫التقرير‬ ‫هذا‬ ‫يركز‬ .‫للكثيرين‬ ‫كبير‬
‫تقنيات‬ ‫أحدث‬ ‫على‬ ‫يركز‬ ‫كما‬ .‫التقنيات‬ ‫أحدث‬ ‫في‬ ‫السيبراني‬ ‫األمن‬ ‫يواجهها‬ ‫التي‬ ‫التحديات‬ ‫على‬ ‫أساسي‬ ‫بشكل‬
‫ًا‬‫ض‬‫أي‬ ‫الحل‬ ‫هذا‬ ‫يوفر‬ .‫السيبراني‬ ‫األمن‬
:
•
‫شبكات‬ ‫توفر‬
Palo Alto Networks
‫والتحقيق‬ ‫التلقائي‬ ‫والكشف‬ ‫الوقاية‬ :‫األمنية‬ ‫احتياجاتك‬ ‫جميع‬ ‫لتلبية‬ ‫التهديدات‬ ‫إلدارة‬ ً‫ال‬‫شام‬ ً‫ال‬‫ح‬
.‫الكبيرة‬ ‫إلى‬ ‫المتوسطة‬ ‫الفئة‬ ‫من‬ ‫للعمالء‬ ‫السحابة‬ ‫على‬ ‫وقائم‬ ‫بالكامل‬ ‫دار‬ُ‫م‬ ‫إلكتروني‬ ‫أمان‬ ‫حل‬ ‫إنه‬ .‫والتكيف‬ ‫واالستجابة‬
•
Secure Gateway (managed firewall)
•
Web Protection Suite
•
Strata (Next-generation firewalls and virtualized next-generation firewalls)
•
Prisma (Cloud Security)
•
Cortex (CyberSOC)
‫المشروع‬ ‫هذا‬ ‫لمحاكاة‬ ‫واألدوات‬ ‫التقنيات‬ ‫من‬ ‫مجموعة‬ ‫استخدام‬ ‫تم‬
VMware, EVE-ng, Wireshark, Firefox, WinSCP:
VNCviewer, SecureCrt
Keywords: cyber security, cyber-crime, cyber ethics, social media, cloud computing, Threat, Asset,
Vulnerability, Exploit, Attack, Risk and Countermeasures, android apps, Iot.

8. viii
Abstract
This project talks about Palo Alto Firewall and cybersecurity challenges, this reportis a synthesis of the work
I did during my internship in the company "Dev Networking Solutions”, as part of my graduation project.
The overall objective of this project was how to protect our business from Cybersecurity challenges and
threats on Palo Alto Network Security.
as we all know that for any company to move forward and progress, the first thing the company has to take
into consideration is a very strong and good security, especially companies that deal with networking.
Network security is a very large topic of networking; I decided to write this small part of it because of the
importance of it to companies. I purposely chose this topic because of what I experienced in the place I did
my Internship (Morocco), I noticed how porous their network is and I decided to write something on how
such network porosity could be handle and find a lasting solution to it.
Cyber Security plays an important role in the field of information technology. Securing the information
have become one of the biggest challenges in the present day. Whenever we think about the cyber
security the first thing that comes to our mind is ‘cyber crimes’ which are increasing immensely day by
day. Various Governments and companies are taking many measures in order to prevent these cyber-crimes.
Besides various measures cyber security is still a very big concern to many. This paper mainly
focuses on challenges faced by cyber security on the latest technologies. It also focuses on latest about
the cyber security techniques, ethics and the trends. This solution also provides:
• Palo Alto Networks provide a holistic solution to threat management to address all your security
needs: prevent, automatically detect, investigate, respond and adapt. It is a fully-managed, cloud
cybersecurity solution for medium and large customers.
• Secure Gateway (managed firewall)
• Web Protection Suite
• Strata (Next-generation firewalls and virtualized next-generation firewalls)
• Prisma (Cloud Security)
• Cortex (CyberSOC)
A set of technologies and tools were used to simulate this project: VMware, EVE-ng, Wireshark, Firefox,
WinSCP, VNCviewer, and SecureCrt.
Keywords: cyber security, cyber-crime, cyber ethics, social media, cloud computing, Threat, Asset,
Vulnerability, Exploit, Attack, Risk and Countermeasures, android apps, Iot.

9. ix
Résumé
Ce projet parle de Palo Alto Firewall et des défis de la cybersécurité, ce rapport est une synthèse du travail
que j'ai effectué lors de mon stage dans la société "Dev Networking Solutions", dans le cadre de mon projet
de fin d'études. L'objectif général de ce projet était de savoir comment protéger notre entreprise des défis de
la cybersécurité et des menaces sur la sécurité du réseau Palo Alto Firewall.
Comme nous le savons tous, pour qu'une entreprise puisse avancer et progresser, la première chose qu'elle
doit prendre en considération est une sécurité très forte et de qualité, en particulier les entreprises qui
s'occupent de réseaux. La sécurité des réseaux est un sujet très vaste ; j'ai décidé d'en écrire cette petite partie
en raison de l'importance qu'elle revêt pour les entreprises. J'ai délibérément choisi ce sujet en raison de ce
que j'ai vécu dans le lieu où j'ai fait mon stage (Maroc), j'ai remarqué à quel point leur réseau est poreux et
j'ai décidé d'écrire quelque chose sur la façon dont une telle porosité du réseau pourrait être gérée et trouver
une solution à ce problème.
La cybersécurité joue un rôle important dans le domaine des technologies de l'information. La sécurisation de
l'information sont devenues l'un des plus grands défis de notre époque. Lorsque nous pensons à la cyber
sécurité, la première chose qui nous vient à l'esprit est la "cybercriminalité", qui augmente considérablement
de jour en jour.
Diversgouvernementset entreprisesprennentdenombreuses mesurespour prévenir ces cyber-crimes. Malgré
ces mesures, la cybersécurité reste une préoccupation majeure pour beaucoup. Ce document se concentre
principalement sur les défis rencontrés par la cybersécurité sur les dernières technologies. Il se concentre
également sur les dernières techniques, l'éthique et les tendances de cybersécurité. Cette solution fournit
également :
Palo Alto Networks fournit une solution holistique de gestion des menaces pour répondre à tous vos besoins
en matière de sécurité : prévention, détection automatique, enquête, réponse et adaptation. Il s'agit d'une
solution de cybersécurité en nuage entièrement gérée, destinée aux clients de moyenne et grande taille.
- Secure Gateway (gestion des démarreurs)
- Web Protection Suite
- Strata (Pare-feu de nouvelle génération et pare-feu de nouvelle génération virtualisés)
- Prisma (sécurité du cloud)
- Cortex (CyberSOC)
Un ensemble de technologies et d'outils ont été utilisés pour simuler ce projet : VMware, EVE-ng, Wireshark,
Firefox, WinSCP, VNCviewer et SecureCrt.
Mots clés : cybersécurité, cybercriminalité, cyberéthique, médias sociaux, cloud computing, menace, actif,
vulnérabilité, exploitation, attaque, risque et contre-mesures, applications androïdes, Iot.

10. x
Abbreviations
DDoS Distributed Denial of Service
DoS Denial of Service
DHCP Dynamic Host Configuration Protocol
DNS Domain Name System
DPI Deep Packet Inspection
HTTP Hyper Text Transfer Protocol
ICMP Internet Control Message Protocol
IDS Intrusion Detection System
IP Internet Protocol
LDAP Lightweight Directory Access Protocol
FTP File Transfer Protocol
NFS Network File System
OSI Open Systems Interconnection
SMTP Simple Mail Transfer Protocol
SSH Secure Shell
TCP Transmission Control Protocol
UDP User Datagram Protocol
VPN Virtual Private Network
VLANs Virtual Local Area Network
ACL Access Control List
AAA Authentication, Authorization, Accounting
DMZ Demilitarized Zone
IPSec Internet Protocol Security
IOS Internetwork Operating System
LAN Local Area Network
MAC Media access control
TFTP Trivial File Transfer Protocol

11. xi
IDS Intrusion Detection System
API Application Programming Interface
CLI Command Line Interface
FQDN Fully Qualified Domain Name
NAT Network Address Translation
SSL Secure Sockets Layer
WAN Wide Area Network
ISO International Organization for Standardization
NTP Network Time Protocol
AD Active Directory
BYOD Bring your own device
SSO Single Sign On

12. 1
Table of Contents
Foreward ....................................................................................................................................iii
Dedicaces.................................................................................................................................... iv
ACKNOWLEDGEMENT.............................................................................................................. v
UNDERTAKING......................................................................................................................... vi
‫ملخص‬......................................................................................................................................... vii
Abstract.................................................................................................................................... viii
Résumé....................................................................................................................................... ix
Abbreviations............................................................................................................................... x
Table of Contents.......................................................................................................................... 1
List of Figures.............................................................................................................................. 4
General Introduction...................................................................................................................... 7
CHAPTER 1: Presentation of Specifications...................................................................................... 8
1.1 Introduction......................................................................................................................... 8
1.2 Host Organization................................................................................................................. 8
1.2.1 Business Units ......................................................................................................... 8
1.3 Organization Chart................................................................................................................ 9
1.4 Services............................................................................................................................ 10
1.5 Associated company and organization.................................................................................... 10
1.6 Problem and methodology for the management of project......................................................... 12
1.6.1 Problem Definition ....................................................................................................... 12
1.6.2 Project Schedule........................................................................................................... 12
1.6.3 Project planning ........................................................................................................... 13
1.7 Conclusion ........................................................................................................................ 14
CHAPTER 2: Theoretical notions about Cyber Security Challenges.................................................... 15
2.1 Introduction....................................................................................................................... 15
2.2 Cyber Security Introduction ................................................................................................. 15
2.3 Common Network Security Terms........................................................................................ 16
2.3 Cyber Security Important..................................................................................................... 19
2.4 Cyber Security Goals.......................................................................................................... 19
2.4.1 Confidentiality............................................................................................................. 20
2.4.2 Integrity...................................................................................................................... 22

13. 2
2.4.3 Availability ................................................................................................................. 23
2.5 Types of Cyber Security ...................................................................................................... 24
2.5.1 Critical Infrastructure.................................................................................................... 24
2.5.2 Network Security.......................................................................................................... 24
2.5.3 Cloud Security............................................................................................................. 25
2.5.4 Application Security ..................................................................................................... 25
2.5.5 Internet of things (IoT) Security...................................................................................... 25
2.5.6 Developing a Cyber Security Strategy.............................................................................. 25
2.5.7 Understanding risks to critical business operations............................................................. 26
2.5.8 Integrating the strategy across departments....................................................................... 26
2.5.9 Plan for breaches ahead of time ...................................................................................... 26
2.6 Cyber Security Challenges................................................................................................... 26
2.6.1 Ransomware Evolution.................................................................................................. 27
2.6.2 Blockchain Revolution.................................................................................................. 27
2.6.3 IoT Threats.................................................................................................................. 27
2.6.4 AI Expansion............................................................................................................... 28
2.6.5 Serverless Apps Vulnerability ........................................................................................ 28
2.7 Types of Cyber Attacks....................................................................................................... 28
2.7.1 Web-based attacks........................................................................................................ 29
2.7.2 System-based attacks .................................................................................................... 35
2.8 Types of Cyber Attackers..................................................................................................... 40
2.8.1 Cyber Criminals........................................................................................................... 41
2.8.2 Hacktivists .................................................................................................................. 41
2.8.3 State-sponsored Attacker............................................................................................... 41
2.8.4 Insider Threats............................................................................................................. 42
CHAPTER 3: Requirement Engineering and Analysis ...................................................................... 43
3.1 Introduction....................................................................................................................... 43
3.2 Firewall Technologies and VPN............................................................................................ 43
3.2.1 Stateful Firewall................................................................................................................ 45
3.2.2 StatelessFirewall........................................................................................................... 46
3.2.3 Packet FilteringFirewall................................................................................................. 46
3.2.4 ProxyFirewall.............................................................................................................. 47
3.2.5 ApplicationFirewall...................................................................................................... 47
3.2.6 Personal Firewall .......................................................................................................... 48
3.2.7 TransparentFirewall...................................................................................................... 49

14. 3
3.2.8 Virtual Wire Firewall.................................................................................................... 49
3.2.9 Traditional Network Firewall ......................................................................................... 49
3.2.10 Zone-BasedFirewall.................................................................................................... 50
3.2.10 Cloud-Based Firewall ................................................................................................... 50
3.2.11 Virtual Firewall........................................................................................................... 51
3.2.12 UTMFirewall............................................................................................................. 51
3.2.13 Next-Generation Firewall (NGFW) ............................................................................... 52
3.3 VPNs................................................................................................................................ 54
3.4 Project Process................................................................................................................... 55
3.4.1 The choice of the solution.............................................................................................. 55
3.4.2 Reasons for choice........................................................................................................ 57
3.5 Palo Alto Firewall platform.................................................................................................. 58
3.5.1 Definition.................................................................................................................... 58
3.5.2 Palo Alto firewall deployment terminology....................................................................... 59
CHAPTER 4: Implementation Plan and Test ................................................................................... 62
4.1 Introduction....................................................................................................................... 62
4.1.1 Suggested Architecture.................................................................................................. 62
4.1.2 Tools for project realization and emulation....................................................................... 63
4.2 Project implementation........................................................................................................ 64
4.2.1 The topology of the project ............................................................................................ 64
4.2.2 Install and Configure Palo alto firewall and Servers........................................................... 65
4.3 Install and configure the server side....................................................................................... 65
4.3.1 Install and configure Active Directory ............................................................................. 65
4.3.2 Install and Configure DNS Server................................................................................... 66
4.3.3 Install and Configure DHCP Server................................................................................. 67
4.3.4 Install Active Directory Certificate Services ..................................................................... 68
4.3.5 Install and Configure FTP Server.................................................................................... 70
4.3.6 Install and Configure Web Application Server .................................................................. 73
4.4 Install and configure the Palo Alto Firewall Networks side........................................................ 75
4.4.1 Perform Initial Configuration on Palo Alto Firewall........................................................... 75
CHAPTER 5: Conclusion and Results...........................................................................................101
CHAPTER 6: References............................................................................................................102

15. 4
List of Figures
Figure 1: Logo of The Company Dev Networking Solutions. ............................................................... 8
Figure 2: DEVNET Organization Chart. ......................................................................................... 10
Figure 3: DEVNET Services......................................................................................................... 11
Figure 4: shows the main partners of DEVNET................................................................................ 11
Figure 5: Project Gantt................................................................................................................. 13
Figure 6: Asset............................................................................................................................ 16
Figure 7: Vulnerability................................................................................................................. 16
Figure 8: Exploit. ........................................................................................................................ 16
Figure 9: Threat. ......................................................................................................................... 17
Figure 10: Attack......................................................................................................................... 17
Figure 11: Risk. .......................................................................................................................... 18
Figure 12: Countermeasure........................................................................................................... 18
Figure 13: Security Goals. ............................................................................................................ 20
Figure 14: Confidentiality Tools.................................................................................................... 21
Figure 15: Integrity Tools............................................................................................................. 22
Figure 16: Types of Cyber Security................................................................................................ 24
Figure 17: Integrating the strategy across departments....................................................................... 26
Figure 18: Cyber Security Challenges............................................................................................. 27
Figure 19: Classification of Cyber attacks. ...................................................................................... 29
Figure 20: SQL Injection.............................................................................................................. 30
Figure 21: Identify Malware.......................................................................................................... 30
Figure 22: Cross Site Scripting...................................................................................................... 31
Figure 23: Adware....................................................................................................................... 31
Figure 24: Phishing...................................................................................................................... 32
Figure 25: Denial of Service.......................................................................................................... 33
Figure 26: Man in The Middle....................................................................................................... 34
Figure 27: Ransomware................................................................................................................ 35
Figure 28: Virus.......................................................................................................................... 35
Figure 29: Worm......................................................................................................................... 36
Figure 30: Trojan horse................................................................................................................ 37
Figure 31: Spyware...................................................................................................................... 37
Figure 32: Keyloggers.................................................................................................................. 38
Figure 33: Scareware. .................................................................................................................. 39
Figure 34: Logic Bomb. ............................................................................................................... 39
Figure 35: Botnet......................................................................................................................... 40
Figure 36: Types of Cyber Attackers. ............................................................................................. 41
Figure 37: Insider Threats............................................................................................................. 42
Figure 38: Firewall Technologies................................................................................................... 44
Figure 39: Statefull Firewall.......................................................................................................... 45
Figure 40: Packet Filtering Firewall................................................................................................ 46
Figure 41: Proxy Firewall............................................................................................................. 47
Figure 42: Application Firewall..................................................................................................... 47
Figure 43: Description of Application Firewall ................................................................................ 48
Figure 44: Personal Firewall.......................................................................................................... 48

16. 5
Figure 45: Transparent Firewall..................................................................................................... 49
Figure 46: Palo Alto V-wire Mode Firewall..................................................................................... 49
Figure 47: Traditional Network Firewall......................................................................................... 49
Figure 48: Zone-Based Firewall..................................................................................................... 50
Figure 49: Cloud-Based Firewall. .................................................................................................. 50
Figure 50: Virtual Firewall............................................................................................................ 51
Figure 51: 14 UTM Firewall. ........................................................................................................ 51
Figure 52: Next-Generation Firewall (NGFW)................................................................................. 52
Figure 53: Firewall Placement Options. .......................................................................................... 53
Figure 54: Types of VPN.............................................................................................................. 54
Figure 55: The General Feasibility Study. ....................................................................................... 55
Figure 56: Leaders Firewalls......................................................................................................... 56
Figure 57: Comparison Between the Top Firewall............................................................................ 56
Figure 58: Evaluation of Solutions................................................................................................. 57
Figure 59: Palo Alto Next Generation Firewall deployed in TAP mode................................................ 59
Figure 60: Palo Alto Next Generation Firewall deployed in V-Wire mode............................................ 60
Figure 61: Palo Alto Next Generation Firewall deployed in Layer 2 mode............................................ 60
Figure 62: Palo Alto Next Generation Firewall deployed in Layer 3 mode............................................ 61
Figure 63: Suggested Architecture.................................................................................................. 62
Figure 64: Project Tools. .............................................................................................................. 63
Figure 65: The Topology to be Implemented. .................................................................................. 64
Figure 66: Domain Controller Installation. ...................................................................................... 65
Figure 67: DNS Server Configuration............................................................................................. 66
Figure 68: Install The DHCP Service.............................................................................................. 67
Figure 69: Configure DHCP Server................................................................................................ 67
Figure 70: Figure 41: Testing DHCP Server.................................................................................... 68
Figure 71: Install The Active Directory Certificate Services............................................................... 68
Figure 72: Configure Active Directory Certificate Services................................................................ 69
Figure 73: Manage Cerificate Service GUI...................................................................................... 69
Figure 74: Microsoft Active Directory Certificate Service WEB Interface............................................ 70
Figure 75: Install FTP Service....................................................................................................... 70
Figure 76: Open URL to Access FTP Server.................................................................................... 71
Figure 77: Configure FTP Server................................................................................................... 71
Figure 78: Testing FTP Server....................................................................................................... 72
Figure 79: User Authentication to Access FTP Server. ...................................................................... 72
Figure 80: Install and Configure Appache Server.............................................................................. 73
Figure 81: The Directory of Web Application.................................................................................. 73
Figure 82: Open URL to Access Web Application............................................................................ 74
Figure 83: Testing Web Application Server..................................................................................... 74
Figure 84: Change the old password in the first login........................................................................ 76
Figure 85: User Web Interface....................................................................................................... 76
Figure 86: Configure General Settings............................................................................................ 77
Figure 87: Configure the Management Interface............................................................................... 77
Figure 88: Creates Zones.............................................................................................................. 78
Figure 89: Attach Virtual Router and Security Zone toEthernet Interface............................................. 79
Figure 90: Configure Interface....................................................................................................... 79
Figure 91: Open Virtual Router. .................................................................................................... 80
Figure 92: Configure a Static Route................................................................................................ 80

17. 6
Figure 93: Open Source NAT Policy. ............................................................................................. 81
Figure 94: Configure Source Zone. ................................................................................................ 82
Figure 95: Configure Translated Packet. ......................................................................................... 82
Figure 96: Open Destination NAT Policy........................................................................................ 83
Figure 97: Configure Static Destination NAT. ................................................................................. 83
Figure 98: Configure Original Packet. ............................................................................................ 84
Figure 99: Create Security Policy rules........................................................................................... 84
Figure 100: Configure Source Zone................................................................................................ 85
Figure 101: Configure Destination Zone. ........................................................................................ 85
Figure 102: Create Antivirus Profile............................................................................................... 87
Figure 103: Apply Antivirus Profile to Security Policy...................................................................... 87
Figure 104: Open Windows Sessions By User F.ENSA..................................................................... 88
Figure 105: Open a Fack Link on Google........................................................................................ 88
Figure 106: Testing Antivirus Profile.............................................................................................. 88
Figure 107: Create File Blocking Profile......................................................................................... 89
Figure 108: Apply File Blocking Profile to Security Policy................................................................ 89
Figure 109: Testing File Blocking Profile........................................................................................ 90
Figure 110: Create LDAP Server Profile......................................................................................... 91
Figure 111: Configure Palo Alto Networks User-ID Agent Setup........................................................ 91
Figure 112: Enable User Identification Monitored Server. ................................................................. 91
Figure 113: Create LDAP Authentication Profile.............................................................................. 92
Figure 114: Configure LDAP Authentication Profile......................................................................... 92
Figure 115: Create Group Mapping................................................................................................ 93
Figure 116: Configure Group Mapping........................................................................................... 93
Figure 117: Select which Groups You Allowed to Monitor................................................................ 93
Figure 118: Create Local Users CP_user1. ...................................................................................... 94
Figure 119: Create Local Users CP_user2. ...................................................................................... 94
Figure 120: Create Local Group CP_usergroup................................................................................ 95
Figure 121: Create Local Authentication Profile............................................................................... 95
Figure 122: Configure Local Authentication Profile.......................................................................... 95
Figure 123: Configure Captive Portal Settings. ................................................................................ 96
Figure 124: Configure Captive portal On Palo Alto Firewall. ............................................................. 96
Figure 125: Configure Interface Management Profile........................................................................ 97
Figure 126: Enable User_ID on the source Zone............................................................................... 97
Figure 127: Create Authentication Enforcement............................................................................... 98
Figure 128: Open Authentication Policy Rule.................................................................................. 98
Figure 129: Configure Authentication Policy Rule............................................................................ 99
Figure 130: Create Authentication Policy for captive Portal. .............................................................. 99
Figure 131: Captive Portal Authentication......................................................................................100
Figure 132: Testing captive Portal.................................................................................................100

18. 7
General Introduction
During my internship at Dev Networking Solutions, I had the opportunity to perform several tasks, including
Study, Design and Implementation of a security solution based on the Palo Alto firewall.
Unfortunately, my end-of-study project could not take place at my internship location, It was then that I was
inspired by the latter to develop my project.
Indeed, nowadays we are never safe from a failure or breakdown. From this point of view the implementation
of a redundant and secure network is essential.
This End of Study report will be divided into six chapters:
The first chapter consists of:
• A brief presentation of the company Dev Networking Solutions
• Problem and methodology for the management of project
The second chapter gives some theoretical notions on this project at the level of:
• Cyber Security challenges
• Cyber Security Goals
• Types of Cyber Security
• Types of Cyber Attacks
The third chapter deals with the Requirement Engineering and Analysis:
• Types of Firewalls Technologies and VPNs
• Project Process
• The Best Solution Palo Alto Firewall Platform
The fourth chapter deals with the Implementation Plan and Test:
• Suggested Architecture
• Project implementation
• Install and Configure the Palo Alto Firewall Solution
The five chapter contains a conclusion and Results:
• From the work done
• Difficulties encountered
• Results obtained
• Possible improvements
The six chapter contains a References:

19. 8
CHAPTER 1: Presentation of
Specifications
1.1 Introduction
This chapter gives an overall view of the project. It highlights the host organization and its activities, present
the general framework of the project and its planning.
1.2 Host Organization
Dev Networking Solutions is one of the leading integrators of IT (Information Technology) solutions, it was
created in 2014 to respond to and support the needs of large and medium-sized companies, by combining the
experience of these technical experts with their ability to listen, understand and support in the design,
deployment and maintenance of this infrastructure. powerful, robust and scalable.
The mission of Dev Networking Solutions is to offer the most adapted services and solutions to the most
perennial and profitable customer issues.
Dev Networking Solutions capitalizes on the feedback fromthe field drawn frommany sectors of activity and
technical environment. This allows the teams to understand the needs customers and to propose the most
adapted accompaniments and solutions and offering the best return on investment, incontexts that are always
intended to offer the best.
more specific:
1.2.1 Business Units
Today, DEVNET is structured in 3 entities (Business Units):
Network and Security Business Unit
The Networks and Security Division was involved very early on in the design and implementation of private
networks with prestigious clients. it has followed the technological evolution by constantly maintaining a
know-how and a very high level of competence.
Figure 1: Logo of The Company Dev Networking Solutions.

20. 9
Most of the engineers and technicians involved in study projects and network security deployment are
certified by the manufacturers of the equipment used and have several years of experience in the field.
Over the years, DEVNET has been able to develop partnerships with leaders in the field. worldwide in the
sector. Itis withthemthat itintervenes onall the projectsthat itdevelops. The permanenttechnologicalwatch
as well as the relations with its partners are a guarantee of the quality of the proposed solutions and of their
Adequacy with the objectives defined by the users.
Systems Integration Business Unit
Informationsystemsnow representan essential lever in the followingareasthe search for performance. These
systems cover the entire chain of company's values while integrating specificities linked to globalization
markets, which require international harmonization of standards of quality and traceability that can better
govern trade in the future.
Faced with these challenges, DEVNET anticipates by making available to companies horizontal solutions
(across the entire value chain) combined with vertical solutions (by sector of activity), this approach allows
DEVNETtocapitalize onits positioningand marketstrengthsand thus offer tothecompanies withhigh value
information systems management solutions added.
Throughits masteryof itscustomers' businesses andits know-howinprojectmanagement, DEVNETprovides
proof of its expertise throughout its intervention at the customer's site.
IT Development Business Unit
Dev Networking Solution Dev meets all your expectations in terms of Internet sites and applications (fixed
and mobile), e-commerce platforms, specific development and automated catalog management.
Our solutions Languages, Frameworks and CMS used by DEVNET:
PHP, MySQL, Zend Framework, Symfony, WordPress.
1.3 OrganizationChart
Since its creation, DEVNET has quickly established itself as the undisputed leader in its field. of the
information services integration sector on a national scale. Indeed, the expansion of DEVNET is due to the
fact that it has the human resources, materials as well as qualified administrative staff and specialized
technicians and engineers with extensive experience in the following fields the material to meet market
expectations. Figure 2. shows DEVNET's organizational chart.
As my internship was carried out in the Technical Department, which is a large department, I was able to
work in a very different department. which manages the infrastructure of the different Clients in Morocco.
This department contains several Business Units, my work during this internship was more precisely at the
within the Network and Security BU. This service supports the design of the architectures network security
and monitoring as well as solving network and security related problems.

21. 10
Figure 2: DEVNET Organization Chart.
1.4 Services
Thanks to itsglobal business model, DEVNETcanprovideits services bytype of services, but also toposition
itself as a single point of contact for everyone the following services (see Figure 3).
1.5 Associatedcompany and organization
In order to offer efficient, secure and latest generation solutions, DEVNET has developed strong strategic
partnerships, ensuring quality of service.

22. 11
Figure 3: DEVNET Services.
Unequalled. The choice of partners in its strategy is an essential step, this is why DEVNET has surrounded
itself with partners recognized for their reliability, their control and technological leadership at the global
level. Figure 4 shows the main partners of DEVNET.
Figure 4: shows the main partners of DEVNET.

23. 12
1.6 Problem and methodology for themanagement ofproject
1.6.1 Problem Definition
First of all, and as previously mentioned in the geo-introduction, the following points should be noted. This
end-of-study project is part of the deployment phase of DEVNET's Palo Alto Firewall security solution in
partnership with one of their customers. Of course, for each new technology that emerges; the propaganda of
the latter remains relatively limited at the very beginning, simply because this it is very difficult to change a
solution that is already available, especially when it is works well. Of course, even in commercial speeches,
a lot of the of benefits and improvements are cited and only then do clients go to the possibility of success of
this new solution for the case of their structure.
That said, it should also be noted that with any new technological developments, it is necessary to answer the
questions and confusions of the customers. Because in the end, a product is there to meet their needs. For our
In these cases, several questions were asked from potential DEVNET clients, among which:
- How secure are the applications and data on top of the new NGFW firewalls?
- How to migrate the existing traditional firewall to a new NGFW firewall?
- In today's architecture, you see and touch the hardware; if one day the Controller of the new Solution fails,
what about the applications? and data?
All these questions, and others, directed our thinking towards the studies and applications we wanted to
experimentandapplyinorder tobest answer thesequestions. problems. Andinorder todo so, it was necessary
to understand the technical details of the thing; but also to position oneself in the place of the final customers
and try to find answers to their questions.
1.6.2 Project Schedule
In this section, I will define the specifications for my project, allowing to define the existing needs within the
issues, and thus setting objectives throughout the process of resolving them.
As a result, the project seeks to:

24. 13
- Study of the traditional Firewall of Data Center networks
- Determine the problems and limitations of this traditional Firewall
- Study of the Palo Alto Firewall network as a solution to these limitations
- What is Palo Alto Networks Firewall?
- Designing a solution for a customer's network that focuses on Palo Alto Networks Firewall.
1.6.3 Project planning
In order to ensure the proper conduct of any project, it is very necessary to divide it into separate tasks, but
also add the time factor to them. This provides visibility on the overall progress of the project, a confidence
in but also the time to adopt preventive measures when something comes out of measure.
The figure above shows the tasks established for project planning and the corresponding Gantt chart.
during the realization of this project, several constraints hindered its perfect progress especially those related
to the hardware because we could not carry out a physical deployment of the solution on the other hand, we
carried out a deployment using a virtualized infrastructure with a VM Palo Alto simulator.
Figure 5: Project Gantt.

25. 14
In short, either with Hardware or Simulator environment, we can nevertheless experience all the
functionalities of the Palo Alto NetworkFirewallsolution in both implementations, the only difference is that
in the case of the simulator you cannot test our solution with real traffic.
1.7 Conclusion
Throughout this chapter, I have tried to best describe the overall environment around which my project took
place; by defining the framework for the internship which is the host company DEVNET but also the main
problems I faced. These last ones have strongly motivated me in order to carry out this project and to respond
to these issues. The following chapters will tackle these challenges and my proposed solutions on a more
granular level. in order to overcome them.

26. 15
CHAPTER 2: Theoreticalnotions about
Cyber Security Challenges
2.1 Introduction
Digital technologies have transformed how people socialize, shop, interact with governmentand do business.
The Internet and World Wide Web have made vast amounts of information instantly available, and
smartphones have put it at our fingertips everywhere we go. Our interaction with the physical world is now
being transformed by the Internet of Things. As many as 15 billion devices are already online; estimates for
2020 range from 26 billion2 to 50 billion3. Data storage is increasingly shifting to the Cloud, increasing its
availability and usefulness; but also increasing complexity.
Digital systems are complex because of their large and distributed nature, their many subsystems and
interconnections, and the mix of human, legal, regulatory and technological elements involved. The scale and
interactions of these systems make their outcomes and risks very difficult to predict. The gains and losses that
occur are often unanticipated, while predicted outcomes may fail to materialise.
This complexity and growth also create asymmetries between attackers and their targets, and incentives that
drive underinvestment in cybersecurity. Many of the systems underpinning today’s networks were not
designed with security in mind. As a result, current cybersecurity practice lags behind rigorous, evidence-
based standards of engineering. This leaves digital systems vulnerable, both to emerging risks and to risks
that are already well understood.
Digital systems are already central to our security, wellbeing and growth, but the threats are constantly
growing and evolving. Cybersecurity tools, processes and institutions need to catch up and keep up.
Due to the importance of network security, I chose the topic “Palo Alto Firewall and Cyber security
Challenges” as my final year project to study solutions enhancing computer security. There is no absolute
safety solution so in order to secure the information on a network, we need to construct many layers of
protection. A firewall is the outermost layer of that system. The goal of this project is to study the basic
concepts of a Palo Alto firewall, threats to computer network security, a firewall topology, how they work
and deployment a firewall product.
2.2 Cyber Security Introduction
Cybersecurity is primarily about people, processes, and technologies working together to encompass the full
range of threat reduction, vulnerability reduction, deterrence, international engagement, incident response,
resiliency, and recovery policies and activities, including computer network operations, information
assurance, law enforcement, etc.
Cybersecurity is the protection of Internet-connected systems, including hardware, software, and data from
cyber attacks. It is made up of two words one is cyber and other is security. Cyber is relatedto the technology
which contains systems, network and programs or data. Whereas security related to the protection which
includes systems security, network security and application and information security.

27. 16
It is the body of technologies, processes, and practices designed to protect networks, devices, programs, and
data fromattack, theft, damage, modificationor unauthorizedaccess. Itmayalsobe referredtoas information
technology security.
2.3 Common NetworkSecurityTerms
Asset
Asset is anything, which the organization is invested, and which is valuable to the organization. Examples:
Properties, Vehicles, Heavy Equipment, Plants, Buildings, Employees, Computers, Data, Intellectual
Properties etc. Protecting the organization's assets is the prime function of security (Physical Security or
Network Security).
Figure 6: Asset.
Vulnerability
Vulnerability can be defined a weakness in a system or its design. Every system is human created.
Chances for errors, mistakes are always there in every human created system.
Vulnerabilities are always there in Applications, Network Protocols, and Operating Systems etc.
An attacker to gain access to an organization’s network can exploit vulnerability.
Figure 7: Vulnerability.
Exploit
An Exploit can be defined as a way, method or tool which is used by an attacker, on a vulnerability, to cause
damage to the target network or system. The exploit can be software that may cause a buffer overflow or a
method of social engineering to hack a password.
Figure 8: Exploit.

28. 17
Threat
Threat can be defined as anything danger to an Asset. Threats can be accidentally triggered or intentionally
exploited.
Figure 9: Threat.
Attack
Attack can be defined as action taken by an attacker to harm an asset.
Figure 10: Attack.

29. 18
Risk
The term "Risk" can be defined as potential for loss, compromise, damage, destruction or other negative
consequence of an organization's Asset. Risk arises from a threat, multiple threats, and exploiting
vulnerability. Risk forms an adverse negative affect an organization's Asset.
Risk = Asset + Threat + Vulnerability
Countermeasure
Countermeasure is an action initiated by the organization typically security professionals to mitigate
a threat.
Figure 12: Countermeasure.
Figure 11: Risk.

30. 19
2.3 Cyber Security Important
We live in a digital era which understands that our private information is more vulnerable than ever before.
We all live in a world which is networked together, from internet banking to government infrastructure,
where data is stored on computers and other devices. A portion of that data can be sensitive information,
whether that be intellectual property, financial data, personal information, or other types of data for which
unauthorized access or exposure could have negative consequences.
Cyber-attack is now an international concern and has given many concerns that hacks and other security
attacks could endanger the global economy. Organizations transmit sensitive data across networks and to
other devices in the course of doing businesses, and cybersecurity describes to protect that information and
the systems used to process or store it.
As the volume of cyber-attacks grows, companies and organizations, especially those that deal information
related to national security, health, or financialrecords, need to take steps to protect their sensitive business
and personal information.
2.4 Cyber Security Goals
The objective of Cybersecurity is to protect information from being stolen, compromised or attacked.
Cybersecurity can be measured by at least one of three goals:
1. Protect the confidentiality of data.
2. Preserve the integrity of data.
3. Promote the availability of data for authorized users.
These goals form the confidentiality, integrity, availability (CIA) triad, the basis of all security programs.
The CIA triad is a security model that is designed to guide policies for information security within the
premises of an organization or company. This model is also referred toas the AIC (Availability, Integrity,
and Confidentiality) triad to avoid the confusion with the Central Intelligence Agency. The elements of
the triad are considered the three most crucial components of security.
The CIA criteria are one that most of the organizations and companies use when they have installed a new
application, creates a database or when guaranteeing access to some data. For data to be completely secure,
all of these security goals must come into effect. These are security policies that all work together, and
therefore it can be wrong to overlook one policy

31. 20
The CIA triad are
2.4.1 Confidentiality
Confidentiality is roughly equivalent to privacy and avoids the unauthorized disclosure of information. It
involvesthe protectionof data, providingaccess for thosewhoare allowedto see itwhile disallowingothers
from learning anything people can get it. Data encryption is a good example to ensure confidentiality.
Figure 13: Security Goals.

32. 21
Encryption
Encryption is a method of transforming information to make it unreadable for unauthorized users by using
an algorithm. The transformation of data uses a secret key (an encryption key) so that the transformed data
can only be read by using another secret key (decryption key). It protects sensitive data such as credit card
numbers by encoding and transforming data into unreadable cipher text. This encrypted data can only be
read by decrypting it. Asymmetric-key and symmetric-key are the two primary types of encryption.
Access control
Access control defines rules and policies for limiting access to a system or to physical or virtual resources.
It is a process by which users are granted access and certain privileges to systems, resources or information.
In access control systems, users need to present credentials before they can be granted access such as a
person's name or a computer's serial number. In physical systems, these credentials may come in many
forms, but credentials that can't be transferred provide the most security.
Authentication
An authentication is a process that ensures and confirms a user's identity or role that someone has. It can be
done in a number of different ways, but it is usually based on a combination of:
• something the person has (like a smart card or a radio key for storing secret keys),
• something the person knows (like a password),
• something the person is (like a human with a fingerprint).
Authentication is the necessity of every organizations because it enables organizations to keep their
networks secure by permitting only authenticated users to access its protected resources. These resources
may include computer systems, networks, databases, websites and other network-based applications or
services.
Figure 14: Confidentiality Tools.

33. 22
Authorization
Authorization is a security mechanism which gives permission to do or have something. It is used to
determine a person or system is allowed access to resources, based on an access control policy, including
computer programs, files, services, data and application features. It is normally preceded by authentication
for user identity verification. System administrators are typically assigned permission levels covering all
system and user resources. During authorization, a system verifies an authenticated user's access rules and
either grants or refuses resource access.
Physical Security
Physical security describes measures designed to deny the unauthorized access of IT assets like facilities,
equipment, personnel, resources and other properties from damage. It protects these assets from physical
threats including theft, vandalism, fire and natural disasters.
2.4.2 Integrity
Integrity refers to the methods for ensuring that data is real, accurate and safeguarded from unauthorized
user modification. It is the property that information has not be altered in an unauthorized way, and that
source of the information is genuine.
Backups
Backup is the periodic archiving of data. It is a process of making copies of data or data files to use in the
event when the original data or data files are lost or destroyed. It is also used to make copies for historical
purposes, such as for longitudinal studies, statistics or for historical records or to meet the requirements of
a data retention policy. Many applications especially in a Windows environment, produce backup files
using the .BAK file extension.
Figure 15: Integrity Tools.

34. 23
Checksums
A checksum is a numerical value used to verify the integrity of a file or a data transfer. In other words, it is
the computation of a function that maps the contents of a file to a numerical value. They are typically used
to compare two sets of data to make sure that they are the same. A checksum function depends on the entire
contents of a file. It is designed in a way that even a small change to the input file (such as flipping a single
bit) likely to results in different output value.
Data Correcting Codes
It is a method for storing data in such a way that small changes can be easily detected and automatically
corrected.
2.4.3 Availability
Availability is the property in which information is accessible and modifiable in a timely fashion by those
authorized to do so. It is the guarantee of reliable and constant access to our sensitive data by authorized
people.
Tools for Availability
• Physical Protections
• Computational Redundancies
Physical Protections
Physical safeguard means to keep information available even in the event of physical challenges. It ensure
sensitive information and critical information technology are housed in secure areas.
Computational redundancies
It is applied as fault tolerant against accidental faults. It protects computers and storage devices that serve
as fallbacks in the case of failures.

35. 24
2.5 Types ofCyber Security
Cybersecurity covers is a wide subject matter. Below, we will go through the core types of cyber securities.
A holistic strategy includes all of these aspects and overlooks none.
2.5.1 Critical Infrastructure
The critical infrastructure of the world functions as a cyber-physical hybrid.
Everything from hospitals to water purification plants to the electricitygrid are now plugged into the online
world and digitized. We gain many advantages from this super-structure. Putting a system online, however,
also creates new vulnerabilities to cyber-attacks and hacking. When a company first connects itself to the
physical and then digital world, the first infrastructure it plugs itself into is the critical infrastructure.
Company decision-makers must include this perspective into their plan on how attacks might affect their
functionality. If a company does not have a contingency plan, it should create one immediately.
2.5.2 Network Security
The security of a network protects a company against unauthorized access and intrusions. Proper security
over a network can also find and destroy internal threats to the system as well.
Effectiveimplementationof networksecurityoftenrequiressomecompromiseand trade-offs. For instance,
extra logins help to protect a company’s information from unauthorized access, but it also slows down
company productivity. One of the significant problems of network security is that it uses a lot of company
resources.
Network security tools generate huge amounts of data. Even if a network security system finds a threat, it
might slip through the cracks, ignored, due to the sheer volume of data that’s being produced. IT teams are
Figure 16: Types of Cyber Security.

36. 25
now using machine learning to automate the identification of legitimate security threats, thereby reducing
human error. But it’s far from a perfect system.
2.5.3 Cloud Security
Cloud security is a set of policies, controls, and procedures, combined with technologies that work together
to protect data, infrastructure, and cloud-based systems.
They are specific security measures which are configured to protect a customer’s privacy, guard data,
supportregulatorycompliance, andalsosets authenticationrulesfor devicesand users. This means anything
from filtering traffic, authenticating access, and configuring cloud security for specific client needs. It’s
mobile since it’s configured and managed in one location, and frees up businesses to focus resources on
other security needs.
2.5.4 Application Security
Many of the best modern hackers find web application security the weakest point to attack an organization.
It’shardto keep upwith themdue tothe proliferationof newrelationshipswithapps companies havewhich
are not yet properly vetted and secured. Application security starts with great coding, which is also
challengingtofind. After attainingsecurecodingpractices, penetrationtesting andfuzzingarethetwo other
security practices every company should begin to implement now.
2.5.5 Internet of things (IoT) Security
The IoT is an important cyber-physical system in how online systems communicate. More specifically, IoT
refers to a system of interrelated computing devices, which can be defined as mechanical and digital
machines, or objects, animals or people which are given unique identifiers (UIDs) and become digitized in
some capacity. It also refers to the distinct ability of this system to transfer data over a network without
needing human-to-human or human-to-computer interactions.
IoT will only become more critical to business as time goes on. The Internet of Things will connect
consumers in neighborhoods and neighborhoods to critical infrastructure in an unprecedented manner. In a
few years, a hacker may open up and exploit someone’s refrigerator or choose to shut down electricity to
an entire town – if we are not careful. Today, IoT devices often are shipped to consumers in an insecure
state. There are many devices that have no patching for security either, which makes them prime targets for
botnets.
2.5.6 Developing a Cyber Security Strategy
Every strategy should be custom-designed. A cybersecurity strategy that works for one company will not
necessarily be effective for another. It’s different for every entity based on their specific needs and
vulnerabilities.
However, there are some overarching themes that you can take into account regardless of your company
size, scope, or industry.

37. 26
2.5.7 Understandingrisks to critical businessoperations
Cybersecurity is continually becoming more complex. Organizations must have a ‘security vision’ about
what cybersecurity means to their operations. This includes generating an acceptable level of risk and
prioritizing areas to target for the majority of security investments.
2.5.8 Integrating the strategy across departments
A good security strategy must work across all the security measures that a company already has in place.
Companies should intervene smartly in crucial areas to close off backdoors and improve overall security.
2.5.9 Plan for breaches ahead of time
Understand that hackers are always one step ahead of the curve in security. No matter how good your
defenses may be, they will be breached at some point in time. Instead of waiting in fear for the inevitable,
prepare for it. Boost your disaster recovery and business continuity metrics so that when something does
happen, you can return to normal functionality as quickly as possible.
With the basics of cybersecurity covered, should a company now feel relaxed with their new insights into
protections? Not at all. Cybersecurity means remaining eternally vigilant in a constantly moving digital
ecosystem. The solutionsthat worktodaywillnot worktomorrow. Hackerswillhavefiguredoutsomething
else by then, and they will be at your front door with even more powerful executions.
2.6 Cyber Security Challenges
Today cybersecurityis the maincomponentof the country's overallnationalsecurityand economicsecurity
strategies. there are so many challenges related to cybersecurity. With the increase of the cyber-attacks,
every organization needs a security analyst who makes sure that their system is secured. These security
analysts face many challenges related to cybersecurity such as securing confidential data of government
organizations, securing the private organization servers, etc.
Figure 17: Integrating the strategy across departments.

38. 27
The recent important cybersecurity challenges are described below:
2.6.1 Ransomware Evolution
Ransomware is a type of malware in which the data on a victim's computer is locked, and payment is
demanded before the ransomed data is unlocked. After successful payment, access rights returned to the
victim. Ransomware is the bane of cybersecurity, data professionals, IT, and executives.
Ransomware attacks are growing day by day in the areas of cybercrime. IT professionals and business
leaders need to have a powerful recovery strategy against the malware attacks to protect their organization.
It involves proper planning to recover corporate and customers' data and application as well as reporting
any breaches against the Notifiable Data Breaches scheme. Today's DRaaS solutions are the best defence
against the ransomware attacks. With DRaaS solutions method, we can automatically back up our files,
easily identify which backup is clean, and launch a fail-over with the press of a button when malicious
attacks corrupt our data.
2.6.2 Blockchain Revolution
Blockchaintechnologyis the mostimportantinventionincomputingera. Itisthefirsttimein humanhistory
that we have a genuinely native digital medium for peer-to-peer value exchange. The blockchain is a
technology that enables cryptocurrencies like Bitcoin. The blockchain is a vast global platform that allows
two or more parties to do a transaction or do business without needing a third party for establishing trust.
It is difficult to predict what blockchain systems will offer in regards to cybersecurity. The professionals in
cybersecurity can make some educated guesses regarding blockchain. As the application and utility of
blockchain in a cybersecurity context emerges, there will be a healthy tension but also complementary
integrations with traditional, proven, cybersecurity approaches.
2.6.3 IoT Threats
IoT stands for Internet of Things. It is a system of interrelated physical devices which can be accessible
through the internet. The connected physical devices have a unique identifier (UID) and have the ability to
transfer data over a network without any requirements of the human-to-human or human-to-computer
Figure 18: Cyber Security Challenges.

39. 28
interaction. The firmware and software which is running on IoT devices make consumer and businesses
highly susceptible to cyber-attacks.
When IoT things were designed, it is not considered in mind about the used in cybersecurity and for
commercial purposes. So every organization needs to work with cybersecurity professionals to ensure the
security of their password policies, session handling, user verification, multifactor authentication, and
security protocols to help in managing the risk.
2.6.4 AI Expansion
AI short form is Artificial intelligence. According to John McCarthy, father of Artificial Intelligence
defined AI: "The science and engineering of making intelligent machines, especially intelligent computer
programs."
It is an area of computer science which is the creation of intelligent machines that do work and react like
humans. Some of the activities related to artificial intelligence include speech recognition, Learning,
Planning, Problem-solving, etc. The key benefits with AI into our cybersecurity strategy has the ability to
protect and defend an environment when the malicious attack begins, thus mitigating the impact. AI take
immediate action against the malicious attacks at a moment when a threats impact a business. IT business
leaders and cybersecurity strategy teams consider AI as a future protective control that will allow our
business to stay ahead of the cybersecurity technology curve.
2.6.5 Serverless Apps Vulnerability
Serverless architecture and apps is an application which depends on third-party cloud infrastructure or on
a back-endservice such as google cloudfunction, Amazonweb services (AWS) lambda, etc. The serverless
apps invite the cyber attackers to spread threats on their system easily because the users access the
application locally or off-server on their device. Therefore it is the user responsibility for the security
precautions while using serverless application.
The serverless apps do nothing to keep the attackers away from our data. The serverless application doesn't
helpif an attacker gains access to our datathroughavulnerabilitysuchas leaked credentials, acompromised
insider or by any other means then serverless.
We can run software with the application which provides best chance to defeat the cybercriminals. The
serverless applications are typically small in size. It helps developers to launch their applications quickly
and easily. They don't need to worry about the underlying infrastructure. The web-services and data
processing tools are examples of the most common serverless apps.
2.7 Types ofCyber Attacks
A cyber-attack is an exploitation of computer systems and networks. It uses malicious code to alter
computer code, logic or data and lead to cybercrimes, such as information and identity theft.

40. 29
We are living in a digital era. Now a day, most of the people use computer and internet. Due to the
dependency on digital things, the illegal computer activity is growing and changing like any type of crime.
Cyber-attacks can be classified into the following categories:
2.7.1 Web-based attacks
These are the attacks which occur on a website or web applications. Some of the important web-based
attacks are as follows-
Injection attacks
It is the attack in which some data will be injected into a web application to manipulate the application and
fetch the required information.
Example- SQL Injection, code Injection, log Injection, XML Injection etc.
SQL Injection
• SQL injection is a code injection technique that might destroy your database.
• SQL injection is one of the most common web hacking techniques to gain access.
• SQL injection is placement of malicious code in SQL statements, via web page input.
• SQL Injection is injection attack makes possible to execute malicious SQL statements.
• Attackers can use SQL Injection vulnerabilities to bypass application security measures.
• SQL Injection (SQLi) also used to add, modify, and delete records in the database.
• SQL injection attack exploits vulnerable cloud-based applications allow pass SQLcommands.
Figure 19: Classification of Cyber attacks.

41. 30
Malware
• Malware is a term which is short for “Malicious Software” is a file or code or application.
• Malware (Malicious Software) is any program or file, that is harmful to a computer user.
• Malicious Software typically delivered over a network that infects, explores andsteals.
• Malware (Malicious Software) can be conducts virtually any behavior an attacker wants.
• Malware (Malicious Software) is an inclusive term, for all types of malicious software.
• Malicious Software is terms for all as Viruses, Worms, Trojans, Rootkits, and Spyware.
• Malware is also terms for Adware, Scareware, Botnets, Logic Bombs, Key loggers etc.
• Many tools can identify Malware on the network such as Packet Captures to analyzing.
• In addition, tools Snort, NetFlow, IPS, Advanced Malware Protection, Cisco FirePOWER etc.
Cross Site Scripting
• XSS is term, which stand for Cross-Site Scripting Errors, are a type of coding error.
• Where a malicious party can trigger execution of software from their browser.
Figure 20: SQL Injection.
Figure 21: Identify Malware.

42. 31
• Cross-site scripting is a type of security vulnerability found in web applications.
• XSS enables attackers to inject client-side scripts into web pages viewed by other users.
• Common purpose of XSS attack is to collect cookie data such as session IDs or login info.
• XSS used to steal cookies exploited to gain access as authenticated user to a cloud-based.
• Three major categories are Reflected XSS, Stored (Persistent) XSS, and DOM-BasedXSS.
Adware
• Adware is computer term, which is stand for Advertising-Supported Malware.
• Adware works by executing advertisements to generate revenue for the hackers.
• Adware (Advertising-Supported Malware) is any type of advertising-supportedsoftware.
• Adware will play, display, or download advertisements automatically on a user's computer.
• Adware will play once the software has been installed or the application is in theuse.
Figure 22: Cross Site Scripting.
Figure 23: Adware.

43. 32
DNS Spoofing
DNS Spoofing is a type of computer security hacking. Whereby a data is introduced into a DNS resolver's
cache causing the name server to return an incorrect IP address, diverting traffic to the attacker?s computer
or any other computer. TheDNS spoofingattacks can goon for a longperiodof timewithoutbeingdetected
and can cause serious security issues.
Session Hijacking
It is a security attack on a user session over a protected network. Web applications create cookies to store
the state and user sessions. By stealing the cookies, an attacker can have access to all of the user data.
Phishing
Phishing is a type of attack which attempts to steal sensitive information like user login credentials and
credit card number. It occurs when an attacker is masquerading as a trustworthy entity in electronic
communication.
• Phishing is a type of social engineering attack often used to steal user data or info.
• Phishing is social engineering attack to steal login credentials & credit card numbers.
• Phishing is method of trying to gather personal info using deceptive e-mails & websites.
• Phishing is a cyber-attack that uses disguised email as a weapon to steal user data or info.
Figure 24: Phishing.

44. 33
Brute force
It is a type of attack which uses a trial and error method. This attack generates a large number of guesses
and validates them to obtain actual data like user password and personal identification number. This attack
may be used by criminals to crack encrypted data, or by security, analysts to test an organization's network
security.
Denial of Service
It is an attack which meant to make a server or network resource unavailable to the users. It accomplishes
this by flooding the target with traffic or sending it information that triggers a crash. It uses the single
system and single internet connection to attack a server. It can be classified into the following-
Volume-based attacks- Its goal is to saturate the bandwidth of the attacked site, and is measured in bit per
second.
Protocol attacks- It consumes actual server resources, and is measured in a packet.
Application layer attacks- Its goal is to crash the web server and is measured in request per second.
• DoS Attack is a type of attack to network server with large number of servicerequests.
• DoS Attack can cause server to crash the server & legitimate users are denied the service.
• DDoS stand for (Distributed Denial of Service) an Attack, which is one type of DoS attack.
• DDoS originating from many attacking computers from different geographical regions.
• Zombies and Botnets are mainly used in DDoS (Distributed Denial of Service) attacks.
• Both type of attack DoS and DDoS can cause the services to become unavailable to users.
• Such as Ping of Death, Smurf Attack, TCP SYN , CDP Flood, Buffer Overflow, ICMP Flood.
• Cloud is more vulnerable to DoS attacks because it is shared by many users & organizations.
Figure 25: Denial of Service.

45. 34
Dictionary attacks
This type of attackstoredthe listof acommonlyused passwordand validatedthemto getoriginalpassword.
URL Interpretation
It is a type of attack where we can change the certain parts of a URL, and one can make a web server to
deliver web pages for which he is not authorized to browse.
File Inclusion attacks
It is a type of attack that allows an attacker to access unauthorized or essential files which is available on
the web server or to execute malicious files on the web server by making use of the include functionality.
Man in the middle attacks
It is a type of attack that allows an attacker to intercepts the connection between client and server and acts
as a bridge between them. Due to this, an attacker will be able to read, insert and modify the data in the
intercepted connection.
• MITM (Man in The Middle) means man in the middle of your conversation.
• In a Man-in-The-Middle attack, attackers place themselves between two devices.
• MITM attack to intercept or modify communications between the two devices.
• MITM cyberattacks allow attackers to secretly intercept communications.
• MITM attack happens when hacker inserts themselves between a user & apps.
• Attackers have many different reasons and methods for using a MITM attack.
• MITM is used to steal something, like credit card numbers or user login credentials.
• MITM attacks involve interception of communication between two digital systems.
Figure 26: Man in The Middle.

46. 35
2.7.2 System-based attacks
These are the attacks which are intended to compromise a computer or a computer network. Some of the
important system-based attacks are as follows-
Ransomware
• Its propagate like worm but is designed to encrypt personal files on victim’s hard drive.
• Ransomware works by encrypting the hard drive and all files on a system or Computer.
• Ransomware can encrypt specific files in your system or all your files or mast boot record.
• Ransomware then asks for a payment in exchange for giving the decryption key.
• Major Ransomware like Reveton, CryptoLocker, CryptoWall, Pyeta, Nyeta, Bad Rabbit.
• More recently Ransomware 2017 WannaCry attack was lunched which destroy many PCs.
• Ransomware caused no small amount of destruction, but it caused huge destruction.
Virus
It is a type of malicious software program that spread throughout the computer files without the knowledge
of a user. It is a self-replicating malicious computer program that replicates by insertingcopies of itself into
other computer programs when executed. It can also execute instructions that cause harm to the system.
• Malicious code that attached to executable files that are often regular application.
• Viruses require some type of human or any other application interaction to activate.
• Entire category of viruses are designed to damage or destroy a system or thedata.
Figure 27: Ransomware.
Figure 28: Virus.

47. 36
Worm
It is a type of malware whose primary function is to replicate itself to spread to uninfected computers. It
works same as the computer virus. Worms often originate from email attachments that appear to be from
trusted senders.
• Worms are malware that replicate themselves and spread to infect other systems.
• Think of worms as small programs that replicate themselves in a computer network.
• A worm can travel from system to system without human or application interaction.
• When worm executes, it can replicate again & infect even more systems or computer.
• Worms destroy the files and data on user’s computer or system or Computer network.
• Worms usually target the operating system (OS) files to make them empty & destroy.
• Worms typically cause harm to the computer network and consuming the bandwidth.
Trojan horse
It is a malicious program that occurs unexpected changes to computer setting and unusual activity, even
when thecomputer shouldbe idle. Itmisleads the user of itstrue intent. Itappearsto bea normalapplication
but when opened/executed some malicious code will run in the background.
• Trojans are malicious programs that appear like regular applications or programs.
• Trojans are malicious programs that appear like media files or other computer files.
• Trojans contain a malicious payload; the payload can be anything malicious acts etc.
• Trojans payload provide backdoor that allows attackers unauthorized access to system.
• Trojans pretend to do one thing but, when loaded, actually perform anothermalicious.
• Few Trojan categories are command-shell Trojans, graphical user interface (GUI) Trojans.
• HTTP/HTTPS Trojans, document Trojans, defacement Trojans, botnet Trojans, VNCTrojans.
• Remote-Access Trojans, data-hiding Trojans, banking Trojans, DoS Trojans, FTP Trojans.
• Software-Disabling Trojans, and covert-channel Trojans are few examples of trojans.
Figure 29: Worm.

48. 37
• Remote-access Trojans (RATs) allow the attacker full control over the system or PC.
• Idea behind this type of Trojan is to hide user’s data sometimes known as ransomware.
• Security-software disablers Trojans are designed to attack and kill antivirus or firewalls.
• Denial of Service (DoS), These Trojans are designed to cause a DoS Denial of Service.
• They can be designed to knock out specific service or to bring an entire system offline.
• Trojans are dangerous, they represent a loss of confidentiality, integrity, and availability.
• Common targets of Trojans Credit card data & banking info have become huge targets.
• Passwords are always a big target of second common targets of trojans malware.
• P2P networks and file-sharing sites such as The Pirate Bay are generally unmonitored.
• And allow anyone to spread any programs they want, legitimate or not like trojans.
• Instant Messaging, Internet Relay Chat, Email attachments, and browser extension etc.
Figure 30: Trojan horse.
Spyware
• Spyware computer network term, which is common types of malware.
• Spyware monitors the activities performed by a computer user on the PC.
• The main intention of a spyware is to collect the private information of PC user.
• Spyware normally come from internet while user download freewaresoftware.
• Spyware is another form of malicious code that is similar to a Trojan horse malware.
Figure 31: Spyware.

49. 38
Keyloggers
• Keylogger is network term which is Keystroke loggers software or Hardwar.
• Software, which records all the information that is typed using a keyboard.
• Keyloggers store the gathered information and send it to the attacker.
• Attacker extract sensitive information like password or credit card details.
Rootkits
• A rootkit is a collection of software specifically designed to permit malware.
• Rootkits gathers information, into your system, Computer, or computer network.
• These work in the background so that a user may not notice anything suspicious.
• Rootkits in the background permit several types of malware to get into the system.
• The term rootkit is derived from the combination of two words – "root" and"kit".
• Root refers to the administrator account in Unix and Linux operating systems etc.
• Kit refers to programs allow threat actor to obtain unauthorized root/admin access.
Scareware
• Scareware is a type of malware, which is designed to trick victims.
• Scareware trick victims into purchasing and downloading uselesssoftware.
• Scareware trick victims into download potentially dangerous software.
• Scareware, which generates pop-ups that resemble Windows system messages.
• Scareware usually purports to be antivirus or antispyware software or malwares.
• Scareware also usually popup a firewall application or a registry cleaner.
• The messages typically say that a large number of problems such as infected files.
• The user is prompted to purchase software to fix Computer or system problems.
Figure 32: Keyloggers.

50. 39
• In reality, no problems were detected, and the suggested software contain malware.
Logic Bomb
• A Logic Bomb is malware that is triggered by a response to an event.
• Such as launching an application or when a specific date/time is reached.
• Attackers can use logic bombs in a variety of ways to destroy data or system.
• They can embed arbitrary code within a fake application, or Trojan horse.
• Logic Bomb will be executed whenever you launch the fraudulent software.
• Attackers can also use a combination of spyware and logic bombs to steal identity.
• detected, and the suggested software contain malware.
Botnet
• Basically, the word botnet is made up of two words: bot and net.
• So, Bot is short for robot and Net comes from the network.
• People who write and operate malware cannot manually log onto every computer.
• They have infected, instead they use botnets to manage a large number of systems.
• A botnet is a network of infected computers, used by the malware to spread.
• Cybercriminals use special Trojan viruses to breach the security of several users’ PCs.
• Cybercriminals take control of each computer & organize all of the infected PCs.
Figure 33: Scareware.
Figure 34: Logic Bomb.

51. 40
• Cybercriminals remotely manage and organize all infected computer bot.
Data Breach
• Data breach can involve data that was not supposed to be released to thepublic.
• Which includes financial information, personal health information & trade secrets.
• Which includes. Personally, identifiable information and other intellectual property.
• Value of the organization’s cloud-based data might be different for different people.
• Data Breach happen if organization lacks managing authentication & identity properly.
• The Businesses need to properly allocate access to data as per every user’s job role.
• One-time passwords & phone-based authentications are the two factor authentications.
• that help securing cloud services by making it tough for the attacks to steal the credentials.
Backdoors
It is a method that bypasses the normal authentication process. A developer may create a backdoor so that
an application or operating system can be accessed for troubleshooting or other purposes.
Bots
A bot (short for "robot") is an automated process that interacts with other network services. Some bots
program run automatically, while others only execute commands when they receive specific input.
Common examples of bots program are the crawler, chatroom bots, and malicious bots.
2.8 Types ofCyber Attackers
In computer and computer networks, an attacker is the individual or organization who performs the
malicious activities to destroy, expose, alter, disable, steal or gain unauthorized access to or make
unauthorized use of an asset.
As the Internet access becomes more pervasive across the world, and each of us spends more time on the
web, there is also an attacker grows as well. Attackers use every tools and techniques they would try and
attack us to get unauthorized access.
There are four types of attackers which are described below-
Figure 35: Botnet.

52. 41
2.8.1 Cyber Criminals
Cybercriminals are individual or group of people who use technology to commit cybercrime with the
intention of stealing sensitive company information or personal data and generating profits. In today's, they
are the most prominent and most active type of attacker.
Cybercriminals use computers in three broad ways to do cybercrimes-
• Select computer as their target- In this, they attack other people's computers to do cybercrime,
such as spreading viruses, data theft, identity theft, etc.
• Uses the computer as their weapon- In this, they use the computer to do conventional crime such
as spam, fraud, illegal gambling, etc.
• Uses the computer as their accessory- In this, they use the computer to steal data illegally.
2.8.2 Hacktivists
Hacktivists are individuals or groups of hackers who carry out malicious activity to promote a political
agenda, religious belief, or social ideology. According toDan Lohrmann, chief security officer for Security
Mentor, a national security training firm that works with states said "Hacktivism is a digital disobedience.
It's hacking for a cause." Hacktivists are not like cybercriminals who hack computer networks to steal data
for the cash. They are individuals or groups of hackers who work together and see themselves as fighting
injustice.
2.8.3 State-sponsored Attacker
State-sponsoredattackershave particular objectivesalignedwitheither thepolitical, commercialor military
interests of their country of origin. These type of attackers are not in a hurry. The government organizations
have highly skilled hackers and specialize in detecting vulnerabilities and exploiting these before the holes
are patched. It is very challenging to defeat these attackers due to the vast resources at their disposal.
Figure 36: Types of Cyber Attackers.