Ads 468x60px

21 September 2020

F5 ASM - Comprehensive Security Policy

The comprehensive security policy help us to provide the maximum security with all violations, features and learning suggestions to a website. This is a security policy recommended for expert users because it required deep knowledge of security and F5 ASM. In addition, a comprehensive security policy required much more administrative effort than other security policy such as fundamental security policy. Therefore, If you are a beginner, I will recommend the Fundamental Security Policy

Overview of BIG-IP ASM security policy templates
Overview of BIG-IP ASM security policy templates

I’ve recorded a video while I was testing with a comprehensive security policy. Firstly, I’ve adjusted the learning options for file types, URLs and parameters to the Always mode. This is the best way to learn all entities. Secondly, I’ve generated traffic and I’ve seen there were entities on the whitelists. Thirdly, I’ve adjusted the learning speed to stabilize the security policy. It was stabilized when most entities were no longer in Staging and wildcards were removed from the whitelists. Finally, I’ve configured the learning mode to Manual instead of Automatic. Therefore, once the security policy was stabilized and it was in manual learning mode, attacks were detected and blocked.

Thanks, have a nice day!

14 September 2020

F5 ASM – Compact Mode

I’ve already written about learning with Add All Entities, learning with Never (Wildcard Only) and learning with Selective in the F5 BIG-IP ASM – Positive Security Policy Building post two years ago. However, updates to Policy Builder in BIG-IP 13.0 include a new learning mode, which is the Compact mode. I would like to highlight how this new mode works which is between Never (wildcard only) mode and Selective mode for maintenance efforts and granular protection. Therefore, Compact mode is used to reduce policy complexity and simplify maintenance.

You can watch in the video I’ve recorded how Compact mode works. Firstly, I’ve created a fundamental security policy which I’ve modified manually the learning new parameters to Compact mode. In addition, I’ve added my IP address as a trusted IP address because this is the best way the score becomes 100% in the learning process. Secondly, I’ve configured the wildcard parameter with a maximum length of 10 bytes. This is a requirement to trigger security violations and it’s the best option for learning suggestions. In fact, we can watch, finally, a new parameter is learnt and there is no longer new learning suggestions for parameters.

Thanks, drop me a line with the first thing you are thinking!!

7 September 2020

F5 ASM – Bot Defense

I wrote about F5 BIG-IP ASM – Bot Protection two years ago when I was studying for the F5 BIG-IP ASM Certified Technology Specialist exam. It was great because I passed the exam. Today, I’m studying again for the recertification exam. Therefore, I’ve recorded two new videos about Bot Defense but, this time, with the BIG-IP version 14.1.2. You can watch two videos. The first one for blocking bot requests, and the second one for whitelisting bot requests.

The first video is about blocking bot requests. We can watch firstly how to create a bot logging profile and a bot defense profile. Secondly, we run the curl tool against a web service where we can watch the curl tool is identified as an Untrusted Bot, which is alarmed, and the Nikto vulnerability scanner is identified as Malicious Bot, which is blocked. Thirdly, we have configured the mitigation setting CAPTCHA for malicious bot where we can watch there is a challenge when we run the curl tool with the Nikto user agent. Finally, we have configured the TCP Reset mitigation setting for Nikto.

The second video is about whitelisting bot requests. We can watch firstly how to create a bot logging profile and a bot defense profile. Secondly, we run the curl tool against a web service where we can watch the curl tool is identified as an Untrusted Bot, which is alarmed. Thirdly, we have configured an exception for curl where we can watch traffic is not alarmed. Finally, we have configured rate limiting for Unknown Bot and we can watch that even though we have whitelisted the curl bot we can still ensure that it is rate-limited to prevent stress on the application.

Thanks, it’s your turn!

Related Posts Plugin for WordPress, Blogger...

Entradas populares