Saucepan

User Tools

Site Tools

Trace: palo_alto_networks
infoblox_threat_defense:palo_alto_networks

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
infoblox_threat_defense:palo_alto_networks [2025/03/21 10:49] – created bstaffordinfoblox_threat_defense:palo_alto_networks [2025/04/08 10:01] (current) bstafford
Line 1: Line 1:
 ====== Palo Alto Networks DNS Security ====== ====== Palo Alto Networks DNS Security ======
  
-DISA STIG audit rule: [[https://stigviewer.com/stig/palo_alto_networks_alg/2023-12-20/finding/V-228839|The Palo Alto Networks security platform must not enable the DNS proxy]].+[[https://stigviewer.com/stigs|View all STIG]] 
 + 
 +DISA STIG audit rule: [[https://stigviewer.com/stigs/palo_alto_networks_alg/2024-12-19/finding/V-228839|The Palo Alto Networks security platform must not enable the DNS proxy]].
  
 Basically, DISA is staying "Don't put all your eggs in one basket". Basically, DISA is staying "Don't put all your eggs in one basket".
 +
 +<code>The Palo Alto Networks security platform can act as a DNS proxy and send the DNS queries on behalf of the clients. DNS queries that arrive on an interface IP address can be directed to different DNS servers based on full or partial domain names.
 +
 +However, unrelated or unneeded proxy services increase the attack vector surface and add excessive complexity to securing the device.</code>
infoblox_threat_defense/palo_alto_networks.1742554155.txt.gz · Last modified: by bstafford