BIG-IP Application Security Manager: Implementations

AskF5 | Manual: BIG-IP Application Security Ma... https://support.f5.com/kb/en-us/products/big-ip_a...
Print
Manual: BIG-IP Application Security Manager: Applies To:

Hide Versions
Implementations BIG-IP ASM
11.6.0
Original Publication Date: 12/10/2014
Preventing DoS Attacks on Applications

What is a DoS attack?
About recognizing DoS attacks
When to use different DoS protections
About configuring TPS-based DoS protection
About configuring latency-based DoS protection
About DoS prevention policy
About geolocation mitigation
About heavy URL protection
About proactive bot defense
About cross-domain requests
About site-wide DoS mitigation
About DoS protection and HTTP caching
Overview: Preventing DoS attacks on applications

Configuring DoS protection for applications
Configuring TPS-based DoS protection
Configuring latency-based DoS protection
Configuring heavy URL protection
Configuring CAPTCHA for DoS protection
Recording traffic during DoS attacks
Configuring proactive bot defense
Associating a DoS profile with a virtual server
Implementation Result
Viewing DoS reports, statistics, and logs

Overview: Viewing DoS reports, statistics, and logs
Investigating DoS attacks and mitigation
1 de 15 29/10/15 10:40
Sample DoS Overview Summary
Viewing DoS application statistics

Traffic distribution in DoS application statistics
Sample DoS Statistics reports
Displaying DoS event logs

Sample DoS event logs
Viewing URL Latencies reports

Sample URL Latencies report
Creating customized DoS reports
Configuring DoS Policy Switching

About DoS protection and local traffic policies
Overview: Configuring DoS policy switching

Creating a DoS profile for Layer 7 traffic
Modifying the default DoS profile
Creating a local traffic policy for DoS policy switching
Creating policy rules for DoS policy switching
Associating a DoS profile with a virtual server
Associating a local traffic policy with a virtual server
Implementation results
Mitigating Brute Force Attacks

About mitigation of brute force attacks
Overview: Mitigating brute force attacks

Creating login pages
Configuring brute force protection
Viewing brute force attack reports
Displaying brute force event logs
Detecting and Preventing Web Scraping

Overview: Detecting and preventing web scraping
Prerequisites for configuring web scraping
Adding allowed search engines

Allowed search engines
Detecting web scraping based on bot detection
Detecting web scraping based on session opening
2 de 15 29/10/15 10:40
Detecting web scraping based on session transactions
Using fingerprinting to detect web scraping
Displaying web scraping event logs

Web scraping attack examples
Web scraping attack types
Viewing web scraping statistics

Web scraping statistics chart
Setting Up IP Address Intelligence Blocking

Overview: Setting up IP address intelligence blocking
Enabling IP address intelligence
Setting up IP address intelligence blocking
Reviewing IP address intelligence statistics
Creating an iRule to log IP address intelligence information
Creating an iRule to reject requests with questionable IP addresses
IP address intelligence categories
Managing IP Address Exceptions

Overview: Managing IP address exceptions
Creating IP address exceptions
Deleting IP address exceptions
Updating IP address exceptions
Enforcing Application Use at Specific Geolocations

Overview: Enforcing application use in certain geolocations
Enforcing application use in certain geolocations
Setting up geolocation enforcement from a request
Creating Login Pages for Secure Application Access

About creating login pages
Login page access validation criteria
Enforcing login pages
Protecting Sensitive Data with Data Guard

About protecting sensitive data with Data Guard
Response headers that Data Guard inspects
3 de 15 29/10/15 10:40
Protecting sensitive data
Masking Credit Card Numbers in Logs

Overview: Masking credit card numbers in logs
Masking credit card numbers in request logs
Displaying Reports and Monitoring ASM

ASM Reporting Tools
Displaying an application security overview report
Analyzing requests with violations

Ways to analyze a request
Creating a report containing selected requests
Generating PCI Compliance reports

Sample PCI Compliance report
Configuring Application Security Event Logging

About logging profiles
Creating a logging profile
Setting up remote logging
Associating a logging profile with a security policy
About logging responses
About ArcSight log message format
Filtering logging information
Viewing application security logs
Configuring Application Security Session Tracking

Overview: Tracking application security sessions using login pages
Setting up session tracking
Monitoring user and session information
Tracking specific user and session information
Tracking Application Security Sessions with APM

Overview: Tracking application security sessions using APM
Prerequisites for setting up session tracking with APM

Creating a VLAN
Creating a self IP address for a VLAN
Creating a local traffic pool for application security
4 de 15 29/10/15 10:40
Creating a virtual server to manage HTTPS traffic
Creating a security policy automatically
Creating an access profile
Configuring an access policy
Adding the access profile to the virtual server
Setting up ASM session tracking with APM
Monitoring user and session information
Mitigating Open Redirects

Overview: Mitigating open redirects
Mitigating open redirects
Configuring how open redirects are learned
Enforcing redirection domains
Setting Up Cross-Domain Request Enforcement

About cross-domain request enforcement
Setting up cross-domain request enforcement
How cross-domain request enforcement works
Implementing Web Services Security

Overview: Implementing web services security
About client and server certificates
Adding client and server certificates
Enabling encryption, decryption, signing, and verification of SOAP messages
Writing XPath queries

Syntax for XPath expressions
XPath query examples
Configuring blocking actions for web services security
Fine-tuning Advanced XML Security Policy Settings

Fine-tuning XML defense configuration
Advanced XML defense configuration settings
Masking sensitive XML data
Overriding meta characters based on content
Managing SOAP methods
Adding JSON Support to an Existing Security Policy
5 de 15 29/10/15 10:40
Overview: Adding JSON support to existing security policies

Creating a JSON profile
Associating a JSON profile with a URL
Associating a JSON profile with a parameter
Implementation result
Automatically Creating Security Policies for AJAX Applications

Application security for applications that use AJAX
Overview: Creating a security policy for applications that use AJAX

Reviewing security policy status
Adding AJAX Blocking Response Behavior to a Security Policy

Overview: Adding AJAX blocking and login response behavior
Configuring the blocking response for AJAX applications
Securing Web Applications Created with Google Web Toolkit

Overview: Securing Java web applications created with Google Web Toolkit elements
Creating a Google Web Toolkit profile
Associating a Google Web Toolkit profile with a URL
Refining Security Policies with Learning

About learning
Learning resources
About learning suggestions
What requests are unlearnable?
Fine-tuning a security policy
Configuring explicit entities learning
Viewing requests that caused learning suggestions
Accepting learning suggestions
Clearing learning suggestions
Viewing ignored entities
About enforcement readiness
Enforcing entities
Disabling learning on violations
6 de 15 29/10/15 10:40
Configuring Security Policy Blocking

About security policy blocking
Changing security policy enforcement
Configuring blocking actions for violations
About blocking actions
Configuring HTTP protocol compliance validation
Configuring blocking actions for web services security
Configuring What Happens if a Response is Blocked

Overview: Configuring what happens if a response is blocked
Configuring responses to blocked requests
Configuring responses to blocked logins
Customizing responses to blocked XML requests
Configuring General Security Policy Building Settings

About general security policy building settings
Changing the policy type

Security policy elements included in each policy type
Configuring explicit entities learning
Adjusting the parameter level
Configuring Manual Security Policy Settings

Editing an existing security policy
Changing security policy enforcement
Adjusting the enforcement readiness period
Viewing whether a security policy is case-sensitive
Differentiating between HTTP and HTTPS URLs
Specifying the response codes that are allowed
Activating iRule events

Application security iRule events
Configuring trusted XFF headers
Adding host names

About adding multiple host names
Protecting against CSRF
Adding File Types to a Security Policy

About adding file types
Adding allowed file types
7 de 15 29/10/15 10:40
Wildcard syntax
Adding disallowed file types
Adding Parameters to a Security Policy

About adding parameters to a security policy
Creating global parameters
Creating URL parameters
Creating flow parameters
Creating sensitive parameters
Creating navigation parameters
Creating parameters with dynamic content
Creating parameters with dynamic names
Changing character sets for parameter values
Changing character sets for parameter names
Adjusting the parameter level
Parameter Value Types
How the system processes parameters
About path parameters
Enforcing path parameter security
Securing Base64-Encoded Parameters

Overview: Securing Base64-Encoded Parameters
Adding base64 decoding to a new user-input parameter
Adding base64 decoding to an existing user-input parameter
Adding URLs to a Security Policy

About adding URLs
About referrer URLs
Adding allowed URLs

Wildcard syntax
Allowed URL properties
Adding disallowed URLs
Enforcing requests for URLs based on header content
Specifying characters legal in URLs
Configuring flows to URLs
Creating flow parameters
8 de 15 29/10/15 10:40
Configuring dynamic flows to URLs
Configuring dynamic session IDs in URLs
Adding Cookies
About cookies
About pure wildcard cookies
Wildcard syntax
About cookies and learning
About adding cookies

Adding allowed cookies
Adding enforced cookies
Changing the order in which wildcard cookies are enforced
Editing cookies
Deleting cookies
Specifying when to add explicit cookies
Configuring the maximum cookie header length
Configuring Advanced Cookie Protection

Overview: Configuring advanced cookie protection
Reconfiguring cookie protection
Importing cookie protection configuration
Exporting cookie protection configuration
Adding Allowed Methods to a Security Policy

Adding allowed methods
Configuring HTTP Headers

About mandatory headers
About header normalization
About default HTTP headers
Overview: Configuring HTTP headers

Configuring HTTP headers
Configuring the maximum HTTP header length
Configuring How a Security Policy is Automatically Built

Overview: Configuring automatic policy build settings
Configuring automatic policy building settings
About security policy elements
9 de 15 29/10/15 10:40
Modifying security policy elements
About automatic policy building rules
About automatic policy building stages
Modifying security policy rules
Adding trusted IP addresses to a security policy
Learning from responses
Specifying when to add dynamic parameters
Collapsing entities in a security policy
Learning based on response codes
Limiting the maximum number of policy elements
Specifying the file types for wildcard URLs
Restoring default values for automatic policy building
Stopping and starting automatic policy building
Configuring General ASM System Options

Adjusting system preferences
Incorporating external antivirus protection
Creating user accounts for application security
Validating regular expressions
Working with Violations

About violations
Viewing descriptions of violations
Changing severity levels of violations
Types of violations
About violation rating
Investigating potential attacks
Overview: Creating user-defined violations

Creating user-defined violations
Enabling user-defined violations
Sample iRules for user-defined violations
Deleting user-defined violations
Exporting and importing user-defined violations
Working with Attack Signatures

About attack signatures
10 de 15 29/10/15 10:40
About attack signature staging
Types of attacks that attack signatures detect
Attack signature properties
Overview: Creating and assigning attack signature sets

About attack signature sets
List of attack signature sets
Creating a set of attack signatures
Assigning signature sets to a security policy
Viewing the signature sets in a security policy
Viewing the attack signatures in a security policy
Enabling or disabling a specific attack signature
Enabling or disabling staging for attack signatures
Overriding attack signatures based on content
Overview: Managing the attack signature pool

Updating the attack signature pool
Getting email about signature updates
Viewing the attack signature pool and signature details
Overview: Creating user-defined attack signatures

Creating a user-defined attack signature
Importing user-defined attack signatures
Exporting user-defined attack signatures
About attack signatures in XML format
Maintaining Security Policies

Overview: Activating and deactivating security policies
Deactivating security policies
Activating security policies
Deleting security policies
Overview: Importing and exporting security policies

About security policy export formats
Exporting security policies
Importing security policies
Overview: Comparing security policies

Comparing security policies
11 de 15 29/10/15 10:40
Overview: Merging security policies

Merging security policies
Configuring ASM with Local Traffic Policies

About application security and local traffic policies
About application security and manually adding local traffic policies
Overview: Configuring ASM with local traffic policies

Creating local traffic policy rules for ASM
Automatically Synchronizing Application Security Configurations

Overview: Automatically synchronizing ASM systems
About device management and synchronizing application security configurations
Considerations for application security synchronization
Performing basic network configuration for synchronization
Specifying an IP address for config sync
Establishing device trust
Creating a Sync-Failover device group
Syncing the BIG-IP configuration to the device group
Specifying IP addresses for failover communication
Creating a Sync-Only device group
Enabling ASM synchronization on a device group
Synchronizing an ASM-enabled device group
Manually Synchronizing Application Security Configurations

Overview: Manually synchronizing ASM systems
Enabling ASM synchronization on a device group
12 de 15 29/10/15 10:40
Synchronizing Application Security Configurations Across LANs

Overview: Synchronizing ASM systems across LANs
Creating a Sync-Only device group
Enabling ASM synchronization on a Sync-Only device group
Integrating ASM with Database Security Products

Overview: Integrating ASM with database security products
Configuring a database security server
Enabling database security integration in a security policy
Integrating ASM and APM with Database Security Products

Overview: Integrating ASM and APM with database security products
Prerequisites for integrating ASM and APM with database security

Creating a VLAN
Creating a self IP address for a VLAN
Creating a local traffic pool for application security
Creating a virtual server to manage HTTPS traffic
Creating an access profile
13 de 15 29/10/15 10:40
Configuring an access policy
Adding the access profile to the virtual server
Configuring a database security server
Enabling database security integration with ASM and APM
Securing FTP Traffic Using the Default Configuration

Overview: Securing FTP traffic using default values
Creating an FTP service profile with security enabled
Enabling protocol security for an FTP virtual server
Reviewing violation statistics for security profiles
Securing FTP Traffic Using a Custom Configuration

Overview: Securing FTP traffic using a custom configuration
Creating a custom FTP profile for protocol security
Creating a security profile for FTP traffic
Modifying associations between service profiles and security profiles
Configuring an FTP virtual server with a server pool
Securing SMTP Traffic Using the Default Configuration

Overview: Securing SMTP traffic using system defaults
Creating an SMTP service profile with security enabled
Creating an SMTP virtual server with protocol security
Securing SMTP Traffic Using a Custom Configuration

Overview: Creating a custom SMTP security profile
Creating a custom SMTP service profile
Creating a security profile for SMTP traffic
Enabling anti-virus protection for email
Modifying associations between service profiles and security profiles
Creating and securing an SMTP virtual server and pool
Configuring Remote High-Speed Logging of Protocol Security Events

Overview: Configuring Remote Protocol Security Event Logging
Creating a pool of remote logging servers
14 de 15 29/10/15 10:40
Creating a remote high-speed log destination
Creating a formatted remote high-speed log destination
Creating a publisher
Creating a custom Protocol Security Logging profile
Configuring a virtual server for Protocol Security event logging
Disabling logging
15 de 15 29/10/15 10:40

BIG-IP Application Security Manager: Implementations

Diunggah oleh

Informasi Dokumen

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

BIG-IP Application Security Manager: Implementations

Diunggah oleh

Hak Cipta:

Format Tersedia

AskF5 | Manual: BIG-IP Application Security Ma... https://support.f5.com/kb/en-us/products/big-ip_a...

Manual: BIG-IP Application Security Manager: Applies To:

Original Publication Date: 12/10/2014

Preventing DoS Attacks on Applications

When to use different DoS protections

About configuring TPS-based DoS protection

About configuring latency-based DoS protection

About DoS prevention policy

About geolocation mitigation

About heavy URL protection

About proactive bot defense

About cross-domain requests

About site-wide DoS mitigation

About DoS protection and HTTP caching

Overview: Preventing DoS attacks on applications

Configuring TPS-based DoS protection

Configuring latency-based DoS protection

Configuring heavy URL protection

Configuring CAPTCHA for DoS protection

Recording traffic during DoS attacks

Configuring proactive bot defense

Associating a DoS profile with a virtual server

Viewing DoS reports, statistics, and logs

Sample DoS Overview Summary

Viewing DoS application statistics

Sample DoS Statistics reports

Displaying DoS event logs

Viewing URL Latencies reports

Creating customized DoS reports

Configuring DoS Policy Switching

Overview: Configuring DoS policy switching

Modifying the default DoS profile

Creating a local traffic policy for DoS policy switching

Creating policy rules for DoS policy switching

Associating a DoS profile with a virtual server

Associating a local traffic policy with a virtual server

Mitigating Brute Force Attacks

Overview: Mitigating brute force attacks

Configuring brute force protection

Viewing brute force attack reports

Displaying brute force event logs

Detecting and Preventing Web Scraping

Adding allowed search engines

Detecting web scraping based on bot detection

Detecting web scraping based on session opening

Detecting web scraping based on session transactions

Using fingerprinting to detect web scraping

Displaying web scraping event logs

Web scraping attack types

Viewing web scraping statistics

Setting Up IP Address Intelligence Blocking

Setting up IP address intelligence blocking

Reviewing IP address intelligence statistics

Creating an iRule to log IP address intelligence information

Creating an iRule to reject requests with questionable IP addresses

IP address intelligence categories

Managing IP Address Exceptions

Deleting IP address exceptions

Updating IP address exceptions

Enforcing Application Use at Specific Geolocations

Enforcing application use in certain geolocations

Setting up geolocation enforcement from a request

Creating Login Pages for Secure Application Access

Login page access validation criteria