Ads 468x60px

Featured Posts

23 de abril de 2018

F5 BIG-IP WAF



There are lots of Web Application Vulnerabilities which traditional firewalls and network firewalls aren’t able to detect and block. For instance, traditional firewalls aren’t able to detect bots, web scraping attacks or cookie manipulation attacks. Therefore, if we want to detect and block layer 7 vulnerabilities, like those highlighted by OWASP Top 10, we’ll need to deploy a Web Application Firewall which can protect web applications from advanced attacks such as forceful browsing attacks, field manipulation attacks, command injection attacks, etc. I’ve already written about AWS Shield & AWS WAF but, this time, I want to write about F5 BIG-IP ASM.

ASM or Application Security Manager is a powerful WAF that protect web applications from known and unknown threats, defends against bots and virtually patches application vulnerabilities. It is a WAF which is able to detect and mitigate layer 7 attacks such as DoS/DDoS, brute force, SQLi, XSS, remote file inclusion, cookie poisoning, session hijacking, etc as well as it is able to associate usernames with application violation, automatically correlate multiple attacks, prevent loss of sensitive data or identify suspicious clients.

F5 BIG-IP WAF Architecture

From my point of view, F5 WAF is the best solution to protect applications because we can apply immediately a firewall policy to web applications to block known attacks. This firewall policy, called Rapid Deployment Policy, is based in negative security model where attack signatures detect and block known attacks. However, we can also customize firewall policies with a positive security model that we should apply it for better protection. In addition, I think F5 WAF is the best solution, as Gartner Magic Quadrant says, along with Imperva WAF and Akamai WAF.

Magic Quadrant for Web Application Firewalls

If you are used to configuring network firewalls, you know about IPv4/IPv6 firewalling policies where we allow traffic by TCP/IP. This is easy if you know about networking. However, WAF works with file types, URLs, parameters, cookies, redirections, etc instead of IP addresses and TCP/UDP ports. Therefore, WAF administrators should know about security and developing to configure and customize WAF policies. In addition, F5 WAF administrator should know about the learning process of the BIG-IP as well as the different types of policies such as Fundamental Policy, Comprehensive Policy, Passive Deployment Policy, etc, etc.

F5 BIG-IP ASM
 
As you can see, a multidisciplinary team is needed for deploying and configuring a WAF where the security team is going to be talking with the development team day in day out asking for file types and parameters. However, we can get a good security baseline from the beginning thanks to attack signatures but if we want better protection, we’ll need to spend time customizing policies.

Security vs Time
 
Maybe, you are wondering how to start configuring F5 WAF. First, we should apply a negative security policy for blocking signature attacks while the learning process analyse file types, parameters, URLs, etc. Once, we know what file types, URLs and parameters use the web application, we can apply a positive security policy for better protection.

Regards my friend and remember, drop me a line with the first thing you are thinking!!

16 de abril de 2018

Fortinet integration with SDN environments



If you are creating your virtual Data Center or Software-Defined Data Center (SDDC) where there are virtual networks everywhere, maybe, you are thinking about working with SDN ecosystems. Today, virtualization goes forward Private Cloud, as well as going forward Public Cloud or Hybrid Cloud, where security engineers have to think about how to protect these new environments. Therefore, security infrastructures should become agile and elastic, just like compute, storage and networking, and it must also integrate with underlying SDx infrastructure such as cloud and SDN platforms.

Fortinet solutions for Software-Defined Network Security (SDNS) have a complete security ecosystem with optimized orchestration connectors for OpenStack, Cisco ACI or Nuage Networks as well as for VMware NSX which add value of security integration in SDDC thanks to L7 security, multi-tenancy, identity based policies, Micro-Segmentation, Zero Trust, control of east-west traffic, inter and intra VM security, logical security zones (multi-tier), etc, etc, etc. As we can see, Fortinet FortiGate solutions are not just stateful firewalls like Amazon EC2 Security Groups but UTM firewalls with advanced features for SDN ecosystems as well.

Fortinet Solutions for Software-Defined Network Security (SDNS)
 
For instance, if we have deployed VMware NSX into our Data Center and we want L7 security even between virtual machines of the same network, as well as control, visualization and analysis of traffic flows, we could deploy FortiGate-VMX Service Manager along with FortiGate-VMX Security Appliances for a complete security ecosystem. Therefore, service groups created in NSX Manager automatically get sent to the FortiGate-VMX and are available for policy creation.

Fortinet FortiGate-VMX Solution Interaction
 
Another SDN platform supported by Fortinet is Cisco-ACI which can be used in a CLOS/Leaf and Spine architecture instead of in a full virtualizacion platform like VMware NSX does. Fortinet has developed a device package to be imported in APIC where FortiGate configuration is managed. Thus, network configuration (VLAN, IPs, Routes, etc …) and security configuration (Firewall Policies, Security Profiles, etc) is managed from APIC.

Cisco ACI - Device Packet Integration
 
OpenStack is a software platform for cloud computing which is also supported by Fortinet. The Open Source OpenStack and Commercial OpenStack solutions like HP Helion, PlumGrid, Nuage Networks, NetCracker, BluePlanet, Nokia CloudBand and UBiqube are supported by the Fortinet SDN ecosystem. For example, we can configure an SD-WAN/Zero Touch deployment with Ubiqube and FortiGate-VM where security is delivered as a service by the service provider and enterprise security administrator can protect services easily.

Fortinet - Nuage Deployment Models

I think SDN is here to stay for a period of time, who knows till when? Meanwhile, some datacenters have already deployed SDN solutions to take advantages of auto-scaling and auto-provision for elastic workloads, Micro-Segmentation in Consolidated Data Centers, securing Inter-VM traffic in virtual environments, or SD-WAN efficiencies with service chains. Therefore, we can start thinking about how we are going to protect our services with the new paradigm of Software-Defined Network Security.

Secure Inter-VM Traffic in Virtual Environments
 
Regards my friend and remember, keep studying!!
Related Posts Plugin for WordPress, Blogger...

Entradas populares