F5N_BIG-ASM-ESS

Ladda ner som PDF

Configuring BIG-IP ASM: Application Security Manager

The BIG-IP Application Security Manager course gives participants a functional understanding of how to deploy, tune, and operate BIG-IP Application Security Manager (ASM) to protect their web applications from HTTP-based attacks.

The course includes lecture, hands-on labs, and discussion about different ASM components for detecting and mitigating threats from multiple attack vectors such web scraping, Layer 7 Denial of Service, brute force, bots, code injection, and zero day exploits.

Topics covered in this course include:

v13 Course Topics

Setting up the BIG-IP system
Traffic processing with BIG-IP Local Traffic Manager (LTM)
Web application concepts
Web application vulnerabilities
Security policy deployment
Security policy tuning
Attack signatures
Positive security building
Securing cookies and other headers
Reporting and logging
User roles
Policy modification, merging, and exporting
Advanced parameter handling
Using application templates
Using Automatic Policy Builder
Integrating with web vulnerability scanners
Login enforcement and session tracking
Web scraping detection and mitigation
Using Parent and Child policies
Layer 7 DoS protection
ASM and iRules
Using Content Profiles for AJAX and JSON applications

Målgrupp

This course is intended for security and network administrators who will be responsible for the installation and day-to-day maintenance of the Application Security Manager..

Förkunskaper

Students should be familiar with the F5 BIG-IP Product Suite and, in particular, how to setup and configure a BIG-IP LTM system, including virtual servers, pools, profiles, VLANs and self-IPs.
 
There are no required F5 prerequisites for this course, but completing one of the following before attending would be very helpful for students unfamiliar with BIG-IP:
 
- Administering BIG-IP V11 instructor-led course
- F5 Certified BIG-IP Administrator
 
In addition, the following web-based courses will be very helpful for any student with limited BIG-IP administration and configuration:
 
- Getting Started with BIG-IP web-based training
- Getting Started with BIG-IP Application Security Manager (ASM) web-based training
 
Students should understand:
 
- TMOS administration
- Network concepts and configuration
- Programming concepts
- Security concepts and terminology
- Web application delivery

v13 COURSE OUTLINE

Chapter 1: Setting Up the BIG-IP System

Introducing the BIG-IP System
Initially Setting Up the BIG-IP System
Archiving the BIG-IP System Configuration
Leveraging F5 Support Resources and Tools


Chapter 2: Traffic Processing with BIG-IP

Identifying BIG-IP Traffic Processing Objects
Overview of Network Packet Flow
Understanding Profiles
Overview of Local Traffic Policies and ASM
HTTP Request Flow
Chapter Resources


Chapter 3: Web Application Concepts

Overview of Web Application Request Processing
Web Application Are Vulnerable Even with SSL
Layer 7 Protection with Web Application Firewalls
Overview of Web Communication Elements
Parsing URLs
Overview of the HTTP Request Structure
Method: Perform Actions on a Server
HTTP Methods ASM Accepts by Default
Comparing POST with GET
Risks Within Other Methods
Methods Enforcement for URLs
HTTP Response Codes
Examining HTTP Responses
HTTPUser Input Forms: Free Text Input
User Input Forms: Free Text Input
How ASM Parses File Types, URLs, and Parameters
Using the Fiddler HTTP Proxy
Chapter Resources


Chapter 4: Common Web Application Vulnerabilities

Common Exploits Against Web Applications

Chapter 5: Security Policy Deployment

Comparing Positive and Negative Security Models
Deployment: Combining Positive and Negative Security
The Deployment Workflow
Policy Type: How Will the Policy Be Applied
Policy Template: Determines the Level of Protection Läs mer

v13 COURSE OUTLINE

Chapter 1: Setting Up the BIG-IP System

Introducing the BIG-IP System
Initially Setting Up the BIG-IP System
Archiving the BIG-IP System Configuration
Leveraging F5 Support Resources and Tools


Chapter 2: Traffic Processing with BIG-IP

Identifying BIG-IP Traffic Processing Objects
Overview of Network Packet Flow
Understanding Profiles
Overview of Local Traffic Policies and ASM
HTTP Request Flow
Chapter Resources


Chapter 3: Web Application Concepts

Overview of Web Application Request Processing
Web Application Are Vulnerable Even with SSL
Layer 7 Protection with Web Application Firewalls
Overview of Web Communication Elements
Parsing URLs
Overview of the HTTP Request Structure
Method: Perform Actions on a Server
HTTP Methods ASM Accepts by Default
Comparing POST with GET
Risks Within Other Methods
Methods Enforcement for URLs
HTTP Response Codes
Examining HTTP Responses
HTTPUser Input Forms: Free Text Input
User Input Forms: Free Text Input
How ASM Parses File Types, URLs, and Parameters
Using the Fiddler HTTP Proxy
Chapter Resources


Chapter 4: Common Web Application Vulnerabilities

Common Exploits Against Web Applications

Chapter 5: Security Policy Deployment

Comparing Positive and Negative Security Models
Deployment: Combining Positive and Negative Security
The Deployment Workflow
Policy Type: How Will the Policy Be Applied
Policy Template: Determines the Level of Protection
Policy Templates: Automatic or Manual Policy Building
Deployment Workflow: Advanced Settings
Viewing Requests
Security Checks Offered by Rapid Deployment
Response Checks Using Data Guard
Chapter Resources


Chapter 6: Policy Tuning and Violations

Post-Deployment Traffic Processing
Defining Violations
Defining False Positives
How Violations are Categorized
Violation Rating: A Threat Scale
Defining Staging and Enforcement
Defining Enforcement Mode
Defining the Enforcement Readiness Period
Defining Learning
Defining Learning Suggestions
Choosing Automatic or Manual Learning
Defining the Learn, Alarm and Block Settings
Interpreting the Enforcement Readiness Summary
Configuring the Blocking Response Page
Chapter Resources


Chapter 7: Attack Signatures

Defining Attack Signatures
Creating User-Defined Attack Signatures
Defining Attack Signature Sets
Defining Attack Signature Pools
Updating Attack Signatures
Understanding Attack Signatures and Staging
Chapter Resources


Chapter 8: Positive Security Policy Building

Defining Security Policy Components
Defining the Wildcard
The Entity Staging Lifecycle
Choosing the Learning Scheme
How to Learn: Never (Wildcard Only)
How To Learn: Always
How to Learn: Selective
Reviewing the Enforcement Readiness Period: Entities
Violations Without Learning Suggestions
Defining the Learning Score
Defining Trusted and Untrusted IP Addresses
How to Learn: Compact
Chapter Resources


Chapter 9: Cookies and Other Headers

ASM Cookies: What to Enforce
Defining Allowed and Enforced Cookies
Configuring Security Processing on HTTP headers
Chapter Resources


Chapter 10: Reporting and Logging

Reporting: Build Your Own View
Reporting: Chart based on filters
Brute Force and Web Scraping Statistics
Viewing ASM Resource Reports
PCI Compliance: PCI-DSS 3.0
Generating a Security Events Report
Viewing Traffic Learning Graphs
Local Logging Facilities and Destinations
Viewing Logs in the Configuration Utility
Logging Profiles: Build What You Need
Chapter Resources


Chapter 11: Lab Project

Chapter 12: User Roles and Policy Modification

Defining User Roles
Defining ASM User Roles
Defining Partitions
Configuring User Partition Access
Comparing Security Policies with Policy Diff
Merging Security Policies
Editing and Exporting Security Policies
Restoring with Policy History
Examples of ASM Deployment Types
ConfigSync and ASM Security Data
ASMQKVIEW: Provide to F5 Support for Troubleshooting
Chapter Resources


Chapter 13: Advanced Parameter Handling

Defining Parameter Types
Defining Static Parameters
Defining Dynamic Parameters
Defining Dynamic Parameter Extraction Properties
Defining Parameter Levels
Other Parameter Considerations
Chapter Resources


Chapter 14: Application-Ready Templates

Application Templates: Pre-Configured Baseline Security
Chapter Resources


Chapter 15: Automatic Policy Building

Overview of Automatic Policy Building
Defining Templates Which Automate Learning
Defining Policy Loosening
Defining Policy Tightening
Defining Learning Speed: Traffic Sampling
Defining Track Site Changes
Chapter Resources


Chapter 16: Web Application Vulnerability Scanners

Integrating Scanner Output Into ASM
Will Scan be Used for a New or Existing Policy?
Importing Vulnerabilities
Resolving Vulnerabilities
Using the Generic XML Scanner XSD file
Chapter Resources


Chapter 17: Login Enforcement & Session Tracking

Defining a Login URL
Login Enforcement: Time and Logout Conditions
Defining Session Tracking
Configuring Actions Upon Violation Detection
Session Hijacking Mitigation
Why Fingerprint A Client
Chapter Resources


Chapter 18: Brute Force and Web Scraping Mitigation

Defining Anomalies
Mitigating Brute Force Attacks via Login Page
Defining Session-Based Brute Force Protection
Defining Dynamic Brute Force Protection
Defining the Prevention Policy
Defining Web Scraping
Defining Geolocation Enforcement
Configuring IP Address Exceptions
Chapter Resources


Chapter 19: Layered Policies

Defining a Parent Policy
Defining Inheritance
Parent Policy Deployment Use Cases
Chapter Resources


Chapter 20: Layer 7 DoS mitigation

Defining Denial of Service Attacks
Defining DoS Profile General Settings
Defining Proactive Bot Defense
Using Bot Signatures
Defining TPS-based DoS Protection
Defining Operation Mode
Defining Mitigation Methods
Defining Behavioral and Stress-Based Detection
Defning Behavioral DoS
Chapter Resources


Chapter 21: ASM and iRules

Common Uses for iRules
Identifying iRule Components
Triggering iRules with Events
Defining ASM iRule Events
Defining ASM iRule Commands
Using ASM iRule Event Modes
Chapter Resources


Chapter 22: Content Profiles

Defining Asynchronous JavaScript and XML
Defining JavaScript Object Notation (JSON)
Defining Content Profiles
The Order of Operations for URL Classification
Chapter Resources


Chapter 23: Review and Final Labs

Course Review Questions
Answers to Review Questions

Utbildningen levereras i samarbete med

Kursfakta

Kurs-ID: F5N_BIG-ASM-ESS
Längd: 4 dagar
Pris exkl moms: 34 000 kr
Inregistrering: 09.00
Kursstart: 09.30
Kursslut (ca): 17.00

Frågor om kursen?

Har du frågor om kursens innehåll, leveransdatum/ort eller behöver en företagsanpassad variant? Fyll i formuläret nedan!


Kan betalas med:
TRAINING CARD

Avtalsrabatter och kampanjer kan ej nyttjas på denna kurs.


Ort och datum

Stockholm
22 okt-25 okt
Boka nu!
10 dec-13 dec
Boka nu!
Cloud Access
i Läs mer

Delta på kursen från ditt hem, jobb eller annan plats.

22 okt-25 okt
Boka nu!
10 dec-13 dec
Boka nu!

Tipsa