F5 Networks Configuring BIG-IP Advanced WAF - Web Application Firewall (formerly ASM)

Introducing the BIG-IP System

Initially Setting Up the BIG-IP System

Archiving the BIG-IP System Configuration

Leveraging F5 Support Resources and Tools

Identifying BIG-IP Traffic Processing Objects

Overview of Network Packet Flow

Understanding Profiles

Overview of Local Traffic Policies

Visualizing the HTTP Request Flow

Overview of Web Application Request Processing

Web Application Firewall: Layer 7 Protection

F5 Advanced WAF Layer 7 Security Checks

Overview of Web Communication Elements

Overview of the HTTP Request Structure

Examining HTTP Responses

How F5 Advanced WAF Parses File Types, URLs, and Parameters

Using the Fiddler HTTP Proxy

A Taxonomy of Attacks: The Threat Landscape

What Elements of Application Delivery are Targeted?

Common Exploits Against Web Applications

Defining Learning

Comparing Positive and Negative Security Models

The Deployment Workflow

Policy Type: How Will the Policy Be Applied

Policy Template: Determines the Level of Protection

Policy Templates: Automatic or Manual Policy Building

Assigning Policy to Virtual Server

Deployment Workflow: Using Advanced Settings

Selecting the Enforcement Mode

The Importance of Application Language

Configure Server Technologies

Verify Attack Signature Staging

Viewing Requests

Security Checks Offered by Rapid Deployment

Defining Attack Signatures

Using Data Guard to Check Responses

Post-Deployment Traffic Processing

Defining Violations

Defining False Positives

How Violations are Categorized

Violation Rating: A Threat Scale

Defining Staging and Enforcement

Defining Enforcement Mode

Defining the Enforcement Readiness Period

Reviewing the Definition of Learning

Defining Learning Suggestions

Choosing Automatic or Manual Learning

Defining the Learn, Alarm and Block Settings

Interpreting the Enforcement Readiness Summary

Configuring the Blocking Response Page

Defining Attack Signatures

Attack Signature Basics

Creating User-Defined Attack Signatures

Defining Simple and Advanced Edit Modes

Defining Attack Signature Sets

Defining Attack Signature Pools

Understanding Attack Signatures and Staging

Updating Attack Signatures

Defining Threat Campaigns

Deploying Threat Campaigns

Defining and Learning Security Policy Components

Defining the Wildcard

Defining the Entity Lifecycle

Choosing the Learning Scheme

How to Learn: Never (Wildcard Only)

How to Learn: Always

How to Learn: Selective

Reviewing the Enforcement Readiness Period: Entities

Viewing Learning Suggestions and Staging Status

Violations Without Learning Suggestions

Defining the Learning Score

Defining Trusted and Untrusted IP Addresses

How to Learn: Compact

F5 Advanced WAF Cookies: What to Enforce

Defining Allowed and Enforced Cookies

Configuring Security Processing on HTTP headers

Overview: Big Picture Data

Reporting: Build Your Own View

Reporting: Chart based on filters

Brute Force and Web Scraping Statistics

Viewing F5 Advanced WAF Resource Reports

PCI Compliance: PCI-DSS 3.0

The Attack Expert System

Viewing Traffic Learning Graphs

Local Logging Facilities and Destinations

How to Enable Local Logging of Security Events

Viewing Logs in the Configuration Utility

Exporting Requests

Logging Profiles: Build What You Need

Configuring Response Logging

Lab Project 1

Defining Parameter Types

Defining Static Parameters

Defining Dynamic Parameters

Defining Dynamic Parameter Extraction Properties

Defining Parameter Levels

Other Parameter Considerations

Overview of Automatic Policy Building

Defining Templates Which Automate Learning

Defining Policy Loosening

Defining Policy Tightening

Defining Learning Speed: Traffic Sampling

Defining Track Site Changes

Integrating Scanner Output

Importing Vulnerabilities

Resolving Vulnerabilities

Using the Generic XML Scanner XSD file

Defining a Parent Policy

Defining Inheritance

Parent Policy Deployment Use Cases

Defining Login Pages for Flow Control

Configuring Automatic Detection of Login Pages

Defining Session Tracking

Brute Force Protection Configuration

Source-Based Brute Force Mitigations

Defining Credentials Stuffing

Mitigating Credentials Stuffing

Defining Session Tracking

Configuring Actions Upon Violation Detection

Defining Denial of Service Attacks

Defining the DoS Protection Profile

Overview of TPS-based DoS Protection

Creating a DoS Logging Profile

Applying TPS Mitigations

Defining Behavioral and Stress-Based Detection

Classifying Clients with the Bot Defense Profile

Defining Bot Signatures

Defining Proactive Bot Defense

Defining Behavioral and Stress-Based Detection

Defining Behavioral DoS Mitigation

Targeting Elements of Application Delivery

Exploiting the Document Object Model

Protecting Applications Using DataSafe

The Order of Operations for URL Classification

Review and Final Labs