F5 ASM - Comprehensive Security Policy

The comprehensive security policy help us to provide the maximum security with all violations, features and learning suggestions to a website. This is a security policy recommended for expert users because it required deep knowledge of security and F5 ASM. In addition, a comprehensive security policy required much more administrative effort than other security policy such as fundamental security policy. Therefore, If you are a beginner, I will recommend the Fundamental Security Policy

Overview of BIG-IP ASM security policy templates
Overview of BIG-IP ASM security policy templates

I’ve recorded a video while I was testing with a comprehensive security policy. Firstly, I’ve adjusted the learning options for file types, URLs and parameters to the Always mode. This is the best way to learn all entities. Secondly, I’ve generated traffic and I’ve seen there were entities on the whitelists. Thirdly, I’ve adjusted the learning speed to stabilize the security policy. It was stabilized when most entities were no longer in Staging and wildcards were removed from the whitelists. Finally, I’ve configured the learning mode to Manual instead of Automatic. Therefore, once the security policy was stabilized and it was in manual learning mode, attacks were detected and blocked.

Thanks, have a nice day!

Commentaires