Ads 468x60px

Featured Posts

25 May 2020

F5 WAF – Good Protection



The first time I read about Web Application Firewall (WAF) I thought it would be difficult to install and configure because it’s really different from network firewall. Network firewall policies has mainly IP addresses and services. It’s easy to understand and configure. However, WAF has mainly file types, URL, HTTP methods and headers. It seems more complex than network firewall. Nevertheless, I think the most important thing is to start configuring a basic policy. We have to start small, but most of all, start. We are going to realise that a basic security policy will be a good protection. A basic security policy requires little administration effort. A basic security policy is going to protect a high percentage of applications.

Progressing with application security using the BIG-IP ASM system

We should enable Attack Signatures in a basic security policy for a good protection. An attack signature is a rule or pattern which is able to identify a particular attack. These signatures are updated by the F5 threat research team daily with the new vulnerabilities discovered. The F5 ASM uses these signatures to each HTTP request and response to detect and block known attacks. In addition, the Transparent Enforcement Mode is also really useful because we can apply a security policy in transparent mode to detect attacks but they are not going to be blocked. It’s really useful because we can know how many attacks and what kind of attacks web services are receiving.

Attack Signature List

IP Intelligence is another interesting feature useful for a good protection. IP Intelligence is a subscription-based database where there are lots of malicious IP addresses. Updating manually a blacklist is really difficult because malicious IP addresses are constantly changing. Therefore, configuring IP Intelligence to block malicious IP addresses is easy and a best practice. On the other hand, it’s also a best practice to configure the IP Geolocation feature, which is another database of IPv4 and IPv6 addresses. This database can be used to identify the origin of traffic and, at the same time, we can deny access to a particular country of origin.

IP Intelligence
 
A common attack vector is confusing web servers, web applications, and security products using malicious content hidden in HTTP requests that web servers and simple HTTP proxies often fail to detect. As a result, Protocol Compliance must be mandatory in WAF security policies. For instance, HTTP Protocol Compliance will check Content-Length in POST requests as well as whether there is no Host header in HTTP/1.1 requests. You can see all the validation checks in this K10280. Moreover, Protection from Evasion Techniques, such as using ../ to navigate to a parent directory of interest, is also recommended.

HTTP Protocol Compliance
 
Finally, there are two more security features really useful for a good protection. One of them is Protection from Parameter Exploits - Blacklisting. This feature parses parameters and it validates the values against signature and metacharacter policies to identify known exploit patterns. The other security feature is Threat Campaigns which is a subscription service for Advanced WAF that provides a set of data to evaluate whether incoming requests are malicious.

Threat Campaign
 
Regards! Stay at home! Start protecting your web applications, but most of all, start!

18 May 2020

Destrucción Masiva



I’ve been reading a thrilling book these weeks. I've had to stay at home due to the COVID-19 for almost two months. Therefore, reading is one of the best thing I have done at home. Reading, studying and working are the main tasks I’ve been doing for the last two months. Actually, I listened to Fernando Rueda on the radio at the beginning of the pandemic. He was talking about the last book he had written, “Destrucción Masiva”, and I wrote it down. Last week, I’ve finished reading this book and I think it’s really interesting.

Destrucción Masiva is a book which tells us the true story of Spanish spies who were in Iraq from 2000 to 2003. They were there firstly to get intelligence information for the government and, secondly, for protecting the Spanish army after the U.S. invasion. Spanish spies were persecuted by the terrifying Mujabarat. They had very dangerous meetings with terrorist groups such as Shiites and Sadam Husein government staff. They were working even when they received threat of deaths. What’s more, the government of Spain, with Aznar as a president, didn’t like the high quality information these spies got from the dangerous meetings.

Spanish spies in Baghdad

If you like true stories and you like stories about spies, you have to read this amazing book. You will learn that an spy is not a James Bond but a human being with children, wife or husband, friends and a family. They have feelings such as fears and happiness. They do like his job but they also have to do tasks they don’t like. They miss their families when they are abroad. The most important thing, they are in dangerous missions to get intelligence information and to serve the Spanish government.

Regards! Reading is the best thing to know about the world!
Related Posts Plugin for WordPress, Blogger...

Entradas populares