Configuring F5 BIG-IP® ASM v11: Application Security Manager

מק"ט: #20162 | משך קורס: 32 שעות אק'

This four-day course covers ways to manage web-based and XML application attacks and the use of Application Security Manager to defend against these attacks. The course covers installation, configuration, management, security policy building, traffic learning, and implementation of Application Security Manager in both stand-alone and modular configurations. This class includes lectures, labs, demonstrations, and discussions.

הקורס פעיל לקבוצות מטעם ארגונים בלבד, ניתן לשלוח פנייה רק אם מדובר בקבוצה
*שדות חובה
PDF version

מטרות

By course completion, the student will be able to implement and understand security policy configuration tasks and configure a security policy based on traffic learning and various security policy building techniques. Additionally, a student will be able to administer and manage Application Security Manager.

קהל יעד

This course is intended for security and network administrators who will be responsible for the installation and day-to-day maintenance of the Application Security Manager.

תנאי קדם

Students should understand:

  • Basic HTTP and HTML concepts
  • Basic security concepts
  • Common network terminology
  • Web application terminology

 

In addition, students should be proficient in:

  • Basic PC operation and application skills, including operating a keyboard, mouse, Linux and Windows OS
  • Basic Web browser operation (Internet Explorer and Mozilla Firefox are used in class)

נושאים

Chapter 1: Setting up the BIG-IP System

  • Full Proxy Architecture
  • Traffic Management
  • Connecting to the BIG-IP System
  • Configuring and Administering BIG-IP
  • Configuring the Management Interface
  • Activating the Software License
  • Resource Provisioning
  • Platform Properties
  • Network Configuration
  • Creating a Backup of the BIG-IP System
  • Lab 1.1 – Configure the Management Port
  • Lab 1.2 – Activate the BIG-IP System
  • Lab 1.3 – Classroom Network Configuration
  • Lab 1.4 – Test Access and Archive the Configuration


Chapter 2: Traffic Processing with BIG-IP

  • Understanding Traffic Processing with LTM
  • Network Packet Flow
  • Profiles and ASM
  • Lab 2.1 – Pool and Virtual Server Configuration


Chapter 3: Web Application Concepts

  • Anatomy of a web application
  • Security Overview
  • HTTP and Web Application Components
  • HTTP Header Overview
  • HTTP Responses
  • HTML Components Overview
  • Parsing File Types, URLs, and Parameters
  • Using Fiddler
  • Lab 3 – Fiddler and the Hack-it Auction Site


Chapter 4: Web Application Vulnerabilities

  • OWASP Top 10 (2013)
  • Other Web Application Vulnerabilities
  • Risk Mitigation and ASM
  • Lab 4 – Web Application Vulnerabilities


Chapter 5: Security Policy Deployment

  • Local Traffic Policies
  • HTTP Request Flow
  • Local Traffic Deployment Scenarios
  • Positive and Negative Security Model Tools
  • Deployment Wizard Scenarios
  • Security Policy Creation
  • Signature Staging
  • Violations and Security Policy Building
  • Staging and Violation Enforcement
  • Reviewing Requests
  • Rapid Deployment template
  • Lab 5.1 – Rapid Deployment Security Policy Setup
  • Lab 5.2 – Create an ASM-enabled Virtual Server
  • Security Policy Blocking Settings
  • Blocking Response Page
  • Lab 5.3 – Blocking Mask Settings
  • Refining Security Policy Properties
  • Data Guard
  • Lab 5.4 – Data Guard


Chapter 6: Attack Signatures

  • Attack Signature Pool
  • Attack Signature Sets
  • User-defined Attack Signatures
  • Updates
  • Lab 6 – User-Defined Attack Signatures


Chapter 7: Positive Security Policy Building

  • File Types
  • URLs
  • Parameters
  • Wildcard Entities
  • Staging and Learning
  • Explicit Entities Learning Scheme
  • Add All Entities
  • Manual Traffic Learning
  • Lab 7.1: Manual Security Policy Configuration (Add All Entities)
  • Never (Wildcard Only)
  • Lab 7.2: Never (Wildcard Only)
  • Selective
  • Lab 7.3: Selective Learning
  • Lab 7.4: Learning and Enforcement


Chapter 8: Cookies and other Headers

  • Cookie Enforcement
  • Cookie Processing
  • Host names
  • HTTP Headers
  • Lab 8: Cookie Handling


Chapter 9: Reporting

  • Attack Expert System
  • Scheduling and customization
  • Charts
  • PCI Compliance
  • Lab 9.1: PCI Compliance Reporting
  • Logs
  • Logging Profiles
  • Lab 9.2: Local and Remote Logging
  • Lab 9.3: Response Logging


Chapter 10: User Roles, policy modification, and other deployments

  • Partitions
  • User Roles
  • Lab 10.1: Partitions and User Roles
  • Editing and Exporting Security Policies
  • Lab 10.2: Security Policy Editing
  • ASM Deployment Types
  • ASM Synchronization


Chapter 11:

  • Lab Project 1


Chapter 12: Advanced Parameter Handling

  • Overview
  • Parameter types
  • User Input Parameter Value Types
  • Static Parameter Value Types
  • Lab 12.1: Protecting Static Parameters
  • Parameter Levels
  • Attack Signatures and Parameters
  • Dynamic Parameters and Exractions
  • ASM Frame Cookie and dynamic content values
  • Extractions
  • Lab 12.2: Protecting Dynamic Parameters


Chapter 13: Application–ready Templates

  • Overview
  • Commonly protected applications
  • Lab 13: Application-ready template


Chapter 14: Real Traffic Policy Builder

  • Policy Building Steps
  • Policy Types
  • Real Traffic Policy Builder Rules
  • Lab 14.1: Real Traffic Policy Builder (Option 1)
  • Lab 14.2: Real Traffic Policy Builder (Option 2)


Chapter 15: Web Application Vulnerability Scanners

  • Overview and Policy Configuration
  • Resolving Vulnerabilities
  • Supported Scanners
  • Generic XML scanner output
  • Lab 15.1: WhiteHat Sentinel
  • Lab 15.2: Qualys
  • Lab 15.3: IBM AppScan
  • Lab 15.4: Cenzic


Chapter 16: Login Enforcement, Session Tracking, and Flows

  • Login Pages
  • Lab 16.1: Create a Login URL
  • Session Awareness and User Tracking
  • Lab 16.2: Session Awareness and Tracking
  • Lab 16.3: Username Session Tracking
  • Flows
  • Flow Settings
  • Lab 16.4: URL Flow


Chapter 17: Anomaly Detection

  • Brute Force Attacks
  • Session-based protection
  • Brute Force Attack Prevention Configuration Settings
  • Dynamic Brute Force Protection
  • Prevention Policy (client side integrity/rate limiting)
  • Lab 17.1: Session-based brute force
  • Web Scraping
  • Bot detection settings
  • Session-Opening Anomaly Detection
  • Session Transaction Anomaly Detection
  • Lab 17.2: Web Scraping
  • Denial of Service Protection
  • DoS Profile
  • TPS-based protection
  • Operation mode
  • Prevention Policy (client side integrity/rate limiting)
  • Latency-based DoS protection
  • Lab 17.3: TPS-based Denial of Service
  • Cross-site Request Forgery protection
  • Geolocation Enforcement
  • Lab 17.4: Geolocation Enforcement
  • IP Address Exceptions
  • Lab 17.5: IP Address Exception


Chapter 18:ASM and iRules

  • iRule concepts
  • iRule syntax
  • ASM iRule Events
  • ASM iRule Commands
  • iRule Configuration
  • Lab 18: iRule processing and ASM

 

Chapter 19: AJAX and JSON Support

  • Definitions
  • ASM and JSON
  • JSON profile


Chapter 20: XML and web services

  • XML concepts
  • Web services concepts
  • XML profile
  • Schema and WSDL Configuration
  • XML Attack Signatures
  • Web Services Security

 

Chapter 21: IP Address Intelligence

  • Overview
  • Licensing
  • Requirements
  • ASM Settings


Chapter 22: Review and Final Lab Projects

  • Final Lab Project Option 1: Production Scenario
  • Final Lab Project Option 2: JSON Parsing
  • Final Lab Project Option 3:XML & Web Services


Appendix A (Installation Guidelines)


Appendix B (New Features for 11.4)


Appendix C

  • Traffic Capturing Using HTTPWatch
  • Lab – Using HttpWatch
  • Regular Expressions
  • Writing Rules for User-Defined Attack Signatures


Appendix D (helpful hints)


Appendix E (Protecting a Production Environment)


Appendix F (Rapid Deployment Methodology)

תגיות