BIG-IP Application Security Manager: Getting Started
2y ago
111 Views
1 Downloads
414.50 KB
46 Pages
Report/dmca
Download PDF

Transcription

BIG-IP Application Security Manager :Getting StartedVersion 13.0

Table of ContentsTable of ContentsIntroduction to Application Security Manager. 5What is Application Security Manager?. 5When to use application security. 5What is a security policy?. 6Types of attacks ASM protects against. 6Creating a Simple Security Policy. 7Types of security policies. 7Preparing to create a security policy.8Overview: Creating a simple security policy.8Creating a simple security policy.8Reviewing learning suggestions.10Reviewing outstanding security policy tasks. 13About additional application security protections. 14Creating Parent and Child Security Policies. 15Overview: Creating parent and child security policies.15Creating a parent security policy. 15Configuring parent policy settings. 17Creating a child security policy.17Reviewing learning suggestions for parent and child policies. 18Using Rapid Deployment to Create a Security Policy. 21Overview: Rapid deployment. 21Creating a security policy using rapid deployment. 21Reviewing learning suggestions.22Enforcing a security policy.23Using Vulnerability Assessment Tools with a Security Policy. 25Overview: Vulnerability assessment policy building. 25About using Policy Builder with scanner policies.25About exporting results from scanners.26Creating a security policy using the vulnerability assessment template.26Associating a vulnerability assessment tool with an existing security policy.27Creating a WhiteHat vulnerability file. 28Importing vulnerability assessment tool output. 29Resolving vulnerabilities.29Reviewing learning suggestions.31Enforcing a security policy.33Using Application-Ready Security Templates.35Overview: Using application-ready security templates.35Creating a security policy from an application template. 35Reviewing learning suggestions.36Enforcing a security policy.373

Table of ContentsPerforming Basic ASM Configuration Tasks.39About basic networking configuration terms. 39Overview: Performing basic networking configuration tasks . 39Creating a VLAN. 40Creating a self IP address for a VLAN. 40Creating a local traffic pool for application security . 41Creating a virtual server . 41About additional networking configuration. 42Legal Notices. 43Legal notices. 434

Introduction to Application Security ManagerWhat is Application Security Manager?Application Security Manager (ASM) is a web application firewall that secures web applications andprotects them from vulnerabilities. ASM also helps to ensure compliance with key regulatory mandates,such as HIPAA and PCI DSS. The browser-based user interface provides network device configuration,centralized security policy management, and easy-to-read audit reports.You can use ASM to implement different levels of security to protect Layer 7 applications. You can letASM automatically develop a security policy based on observed traffic patterns. Or you have theflexibility to manually develop a security policy that is customized for your needs based on the amount ofprotection and risk acceptable in your business environment.ASM creates robust security policies that protect web applications from targeted application layer threats,such as buffer overflows, SQL injection, cross-site scripting, parameter tampering, brute force attacks,cookie poisoning, web scraping, and many others, by allowing only valid application transactions. Usinga positive security model, ASM secures applications based on a combination of validated user sessionsand user input, as well as a valid application response. ASM also includes built-in security policytemplates that can quickly secure common applications.ASM also protects applications using negative security by means of attack signatures. Attack signaturescan detect and thwart attacks such as the latest known worms, SQL injections, cross-site scripting, andattacks that target commonly used databases, applications, and operating systems.ASM provides multi-faceted DoS attack protection for web applications including proactive bot defense,bot signatures, CAPTCHA challenge, stress-based protection, and behavioral DoS.All these features work together to identify threats and react to them according to your policy.Application traffic is analyzed by ASM and it can also be load balanced to the web application servers.You can configure ASM so that if malicious activity is detected, ASM can terminate the request, send acustomized error page to the client, and prevent the traffic from reaching the back-end systems.When to use application securityThe decision about when to use Application Security Manager (ASM) to protect an application can bemade on a case-by-case basis by each application and security team.You can use ASM in many ways: For securing existing web applications against vulnerabilities and known attack patterns, protectingsensitive data, and proactively identifying (and possibly blocking) attackers performing unauthorizedactivities.To restrict access to a web application only from those locations identified on a whitelist or to preventaccess from certain geolocations.To help address external traffic vulnerability issues that it might not be cost effective to address at theapplication level.As an interim solution while an application is being developed or modified to address vulnerabilityissues.As a means to quickly respond to new threats. You can tune ASM to block new threats within a fewhours of detection if needed.These are just a few of the ways that ASM can be used to secure your web applications.

Introduction to Application Security ManagerWhat is a security policy?The core of Application Security Manager functionality centers around the security policy, whichsecures a web application server from malicious traffic, using both positive and negative securityfeatures. Positive security features indicate which traffic has a known degree of trust, such as which filetypes, URLs, parameters, or IP address ranges can access the web server. Negative security featuresprovide the ability to detect and thwart known attack patterns, such as those defined in attack signatures.Security polices can also include protection against DoS attacks, brute force attacks, web scraping, crosssite request forgery, and multiple attacks from an IP address.When a user sends a request to the web application server, the system examines the request to see if itmeets the requirements of the security policy protecting the application. If the request complies with thesecurity policy, the system forwards the request to the web application. If the request does not complywith the security policy, the system generates a violation (or violations), and then either forwards orblocks the request, depending on the enforcement mode of the security policy and the blocking settingson the violation.The system can similarly check responses from the web server. Responses that comply with the securitypolicy are sent to the client, but those that do not comply cause violations and may also be blocked.Types of attacks ASM protects againstApplication Security Manager (ASM) is a web application firewall that protects mission-criticalenterprise Web infrastructure against application-layer attacks, and monitors the protected webapplications. For example, ASM protects against web application attacks such as: Layer 7 DoS/DDoS, brute force, and web scraping attacksMalicious bot trafficSQL injection attacks intended to expose confidential information or to corrupt contentExploitations of the application memory buffer to stop services, get shell access, and propagatewormsFraudulent transactions using cross-site request forgery (CSRF)Unauthorized changes to server contentAttempts aimed at causing the web application to be unavailable or to respond slowly to legitimateusersManipulation of cookies or hidden fieldsUnknown threats, also known as zero-day threatsAccess from unauthorized IP addresses or geolocationsThe system can automatically develop a security policy to protect against security threats, and you canconfigure additional protections customizing the system response to threats.6

Creating a Simple Security PolicyTypes of security policiesYou can create several types of security policies. It is a good idea to understand your options before youbegin.Security policy typeDescriptionAutomatic security policyCreate a security policy for a web application by having the systemexamine traffic and create the policy based on statistical analysis of thetraffic and the intended behavior of the application. The system stabilizesand enforces the security policy when it processes sufficient traffic over aperiod of time. You have the option of modifying the policy manually, aswell, to speed up policy creation.Manual security policyUse rapid deployment or an application-ready security policy (preconfigured template) to develop a security policy so you can develop apolicy manually. The system creates a basic security policy that you canreview and fine-tune. When the security policy includes all the protectionsthat you need, and does not produce any false positives, you can enforcethe security policy.Security policy integratedwith vulnerabilityassessment toolCreate a security policy based on integrating the output from avulnerability assessment tool, such as WhiteHat Sentinel, IBM AppScan , Trustwave App Scanner (Cenzic), Qualys , Quotium Seeker ,HP WebInspect, or a generic scanner if using another tool. Based on theresults from an imported vulnerability report, Application SecurityManager creates a policy that automatically mitigates the vulnerabilitieson your web site. You can also review and fine-tune the policy. When thesecurity policy includes all the protections that you need and does notproduce any false positives, you can enforce the security policy.Parent security policyCreate a security policy that can form the basis of other related securitypolicies. This is useful if you have several similar applications for whichyou want to create security policies. Selected settings in the parent policyare inherited by child policies that you create. By adjusting the parentpolicy, the child policies are changed as well.Child security policyCreate a security policy that is based on a parent security policy. When youcreate a child policy, the values for the settings are inherited from theparent. You can edit some of the settings and others can only be changed inthe parent policy.Template security policyUse a template to populate the attributes of a new policy.

Application Security Manager (ASM) is a web application firewall that secures web applications and protects them from vulnerabilities. ASM also helps to ensure compliance with key regulatory mandates, such as HIPAA and PCI DSS. The browser-based user interface provides network device configuration,

Related Books

Business Intelligence and Analytics: From Big Data to Big .

Business Intelligence and Analytics: From Big Data to Big .

From Big Data to Big Knowledge Optimizing Medication .

From Big Data to Big Knowledge Optimizing Medication .

Deploying the BIG-IP Edge Gateway and BIG-IP LTM with .

Deploying the BIG-IP Edge Gateway and BIG-IP LTM with .

Does Big Data Mean Big Storage - education.emc

Does Big Data Mean Big Storage - education.emc

Building Your Big Data Team - Big Data and Business .

Building Your Big Data Team - Big Data and Business .

Hadoop : Big Data or Big Deal

Hadoop : Big Data or Big Deal

Configuration Guide for F5 BIG-IP Local Traffic Manager .

Configuration Guide for F5 BIG-IP Local Traffic Manager .

BIG-IP Access Policy Manager - F5

BIG-IP Access Policy Manager - F5

Privileged User Access with BIG-IP Access Policy Manager

Privileged User Access with BIG-IP Access Policy Manager

Deploying the BIG-IP Access Policy Manager with Citrix

Deploying the BIG-IP Access Policy Manager with Citrix

Big Data Security challenges: Hadoop Perspective

Big Data Security challenges: Hadoop Perspective

Big Data Management and Security - Chapters Site - Home

Big Data Management and Security - Chapters Site - Home

PopularTags

Recent Views