| |

BIG-IP ASM Application Security Approach

Byadmin

Web application security is complicated

  • Start small, but most of all, start
    • Start by implementing the subset of security features that are the easiest to use.
    • Since you make marginal gains in protection as you add more complex security features to a policy.
  • The more you use a WAF, the easier it gets
    • With practice, you eventually progress to implementing more complex security features and varying levels of protection across individual security policies for multiple applications.
    • Get familiar with the implications of the trade-off between an increased level of protection and an increased level of associated administrative effort.
    • Assess the appropriate approach for each new application you want to protect with WAF, considerations:
      • Is the level of application security proportional to the level of threat?
      • Is the level of application security proportional to the value of the application and its data?
      • Is the level of administrative effort required justified by the threat-level, application, and data?
  • The BIG-IP ASM system is designed to help
    • Policy Builder
    • Blocking and Transparent enforcement modes

The BIG-IP ASM system is designed to help

The BIG-IP ASM system provides tools that can shorten your time to WAF proficiency and reduce the risk of disruption to your applications as you learn.

  • Policy Builder
    • When you use BIG-IP ASM Policy Builder in Automatic learning mode,
      • The system identifies legitimate application usage
      • And begins to build your security policy based on a statistical analysis of your traffic and the intended behavior of your application.
      • It’s tempting to delegate ongoing maintenance of your security policy to Policy Builder, but there is a risk that it may incorrectly interpret and block genuine traffic.
      • Therefore, you should monitor the suggestions it makes for any corrections. This process is a great way to start using and learning about your WAF.
    • You direct Policy Builder to create a security policy that is looser or tighter by specifying how the policy learns which entities to block and allow, including file types, parameters, URLs, cookies, and redirection domains.
    • Negative security approach (one end of the security spectrum), which excludes (denylists), entities that you specify from the application.
      • The policy identifies which entities to block using wildcards (pattern matching)
      • And relaxes a wildcard when false positives occur, resulting in a security policy that is looser, but easier to manage.
    • Positive security approach (the other end of the security spectrum), which uses accept lists to identify the entities that can access the application.
      • This technique eliminates wildcards in favor of comprehensive accept lists of allowed entities
      • Resulting in a large, granular configuration that provides strict security but is more cumbersome to manage.
    • There are, of course, learning options in the middle of this spectrum that combine the two approaches.
      • In the final stage, Policy Builder further refines the security policy until it is stable and ready to enforce the requisite security features.
  • Blocking and Transparent enforcement modes
    • A security policy’s enforcement mode specifies whether the system simply logs traffic that triggers a security policy violation or blocks it. In Transparent enforcement mode, violations do not block traffic, but in Blocking mode, they do.
    • It’s common for administrators to only move applications from Transparent to Blocking enforcement mode after a period spent monitoring the system’s security violation data and gaining confidence in the accuracy of the policy. In this way, the BIG-IP ASM system helps administrators lower the risk of blocking genuine traffic that triggers false positives.
    • By providing visibility into security violation data, Transparent enforcement mode also alerts administrators to application attacks that would otherwise go unnoticed without a WAF. This improved awareness helps administrators understand the threat profile their application faces and make informed decisions to protect it.

Progressing with application security

1-1 Progressing with application security

As you gain experience with the WAF capabilities you currently use, you can extend your skills and increase your network’s protection by adding more advanced options to security policies that need it. To help you progress, F5 grouped BIG-IP ASM security features into the following levels of application protection:

  • Good
  • Elevated
  • High
  • Maximum

Each grade on the continuum corresponds to an increase in the following:

  • Application sensitivity: The application’s exposure to threat.
  • Data protection: How valuable the application’s data is.
  • Administrative effort: The resources and expense required to maintain the application’s level of security.

Table of Content

Similar Posts

Simple Web Application Security Deployment
| | |

Simple Web Application Security Deployment

Byadmin

A. The Overview 1. Network Architecture Diagram F5 BIG-IP Information: TMOS version 15.1.0.2 Resource Provisioning: Local Traffic (LTM), Application Security (ASM), Fraud Protection Service (FPS) B. LAB01: Create Simple Application Security Deployments 1. Attempt SQL Injection and XSS attacks Configure the Local Traffic object for DVWA application Open Firefox web browser, and connect to DVWA…

Leave a Reply

Your email address will not be published. Required fields are marked *