A client is concerned about web shell attacks against their servers.
Which profile will protect the individual servers?
A client is concerned about web shell attacks against their servers.
Which profile will protect the individual servers?
Web shell attacks involve a malicious script being uploaded to a web server, giving attackers control over the server. The most effective profile to protect individual servers from such attacks is the Anti-Spyware profile. This profile is specifically designed to detect and prevent web shell activity as part of its spyware signatures. Therefore, it is the most suitable option for protecting servers against web shell attacks.
Web shell attacks are part of the Spyware Signatures. https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/threat-prevention/threat-signatures
Yes, should be A, Anti-Spryware.
Yes, should be A
A is correct
Anti-spyware signature - A option - PHP Webshell - https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000004OVvCAM&lang=en_US%E2%80%A9#:~:text=Question%0AWhy%20is%20Anti%2Dspyware%20signature%20%22-,Generic%20PHP%20Webshell%20File%20Detection,-%22%20Threat%20ID%2081845%20causing%20false%20positive
A spyware
A : webshell Applications and Threats Detects web shells and web shell traffic, including implant detection and command and control interaction. Web shells must first be implanted by a malicious actor onto the compromised host, most often targeting a web server or framework. Subsequent communication with the web shell file frequently enables a malicious actor to establish a foothold in the system, conduct service and network enumeration, data exfiltration, and remote code execution in the context of the web server user. The most common web shell types are PHP, .NET, and Perl markup scripts. Attackers can also use web shell-infected web servers (the web servers can be both internet-facing or internal systems) to target other internal systems.