Ads 468x60px

Featured Posts

21 September 2020

F5 ASM - Comprehensive Security Policy

The comprehensive security policy help us to provide the maximum security with all violations, features and learning suggestions to a website. This is a security policy recommended for expert users because it required deep knowledge of security and F5 ASM. In addition, a comprehensive security policy required much more administrative effort than other security policy such as fundamental security policy. Therefore, If you are a beginner, I will recommend the Fundamental Security Policy

Overview of BIG-IP ASM security policy templates
Overview of BIG-IP ASM security policy templates

I’ve recorded a video while I was testing with a comprehensive security policy. Firstly, I’ve adjusted the learning options for file types, URLs and parameters to the Always mode. This is the best way to learn all entities. Secondly, I’ve generated traffic and I’ve seen there were entities on the whitelists. Thirdly, I’ve adjusted the learning speed to stabilize the security policy. It was stabilized when most entities were no longer in Staging and wildcards were removed from the whitelists. Finally, I’ve configured the learning mode to Manual instead of Automatic. Therefore, once the security policy was stabilized and it was in manual learning mode, attacks were detected and blocked.

Thanks, have a nice day!

14 September 2020

F5 ASM – Compact Mode

I’ve already written about learning with Add All Entities, learning with Never (Wildcard Only) and learning with Selective in the F5 BIG-IP ASM – Positive Security Policy Building post two years ago. However, updates to Policy Builder in BIG-IP 13.0 include a new learning mode, which is the Compact mode. I would like to highlight how this new mode works which is between Never (wildcard only) mode and Selective mode for maintenance efforts and granular protection. Therefore, Compact mode is used to reduce policy complexity and simplify maintenance.

You can watch in the video I’ve recorded how Compact mode works. Firstly, I’ve created a fundamental security policy which I’ve modified manually the learning new parameters to Compact mode. In addition, I’ve added my IP address as a trusted IP address because this is the best way the score becomes 100% in the learning process. Secondly, I’ve configured the wildcard parameter with a maximum length of 10 bytes. This is a requirement to trigger security violations and it’s the best option for learning suggestions. In fact, we can watch, finally, a new parameter is learnt and there is no longer new learning suggestions for parameters.

Thanks, drop me a line with the first thing you are thinking!!

Related Posts Plugin for WordPress, Blogger...

Entradas populares