F5 BIG-IP ASM – Policy Tuning and Violations

Web Application Firewalls (WAF) should be configured properly to understand web applications logic because if it’s not well-configured, intruders will be able to get access to applications. This is the main reason why developers should take part into WAF deployment projects. However, developers sometimes want to add lots of security codes into applications or even worse, they don’t want to know anything about security. From my point of view, developers should take part into WAF deployment projects but security should be managed by security engineers. I mean, developers should improve applications with new features and enhancements while security engineers should protect applications.

Organizations don’t take advantage of lots of security tools like Antivirus, network firewalls, Web Application Firewalls (WAF), Security Information and Event Management (SIEM) systems, Network Access Control (NAC) systems or Vulnerability Assessment Tools because these tools are time-consuming, companies don’t have security staff and IT engineers never have enough time to configure properly these tools. Therefore, security tools tuning such as firewall policies tuning is most of the time difficult to accomplish.

When I talk about Policy Tuning and Violation, for instance, for a WAF deployment, I’m talking about choosing the right learning mode, defining learning suggestions, defining the Learn, Alarm and Block settings or defining the Enforcement Readiness Period. Next, we can watch how I create a negative security policy based on Rapid Deployment Policy (RDP) and I accept learning suggestions for false positive as well as I block XSS attacks. A negative security policy configuration like this should be the first phase in a WAF deployment.

Once we are protecting web applications with a negative security policy, we should take the plunge to a positive security policy. This will be more difficult because we need the developers participation. What’s mean, developers have to know what entities are used by applications. For instance, we have to know about file types, URLs redirections, cookies, static and dynamic parameters, etc, etc. Therefore, negative security policy along with positive security policy will be a real protection for your web services.

Regards my friends. Drop a line with the first thing you are thinking.