SlideShare a Scribd company logo

Advanced security in Barracuda WAF

Download as PPTX, PDF
Aravindan A
Aravindan A

Advanced security in Barracuda WAF

Technology
1 of 37
Advanced Security Topics Covered: • URLPolicies • Bruteforce Prevention • Antivirus Module 4–Chapter 3
URL Policies • Automatically createdforeachService • Additional URL Policies can be created forspecific partsof aWeb App • Modulesthatcanbeactivated in URLPolicies: • DataTheftPrevention • Bruteforce Prevention • Antivirus • RateControl (alsoavailableatService level) • 4.3 – Advanced Security
Advanced Security • 4.3 – Advanced Security Response Application Server Tommy Request
Antivirus • Virusscanningisenabled ona per-URLbasis • ShouldonlybeenabledforURLswhich allowfile uploadsanddownloads • Clam AV • Barracudacreatesthe AVsignatures pushedthrough Energize Updates • 4.3 – Advanced Security Eisenberg WAF Web Server Request blocked EU
Bruteforce Protection • Maximumnumberof requeststo aURLwithinaconfigured interval • Allrequests oronlyinvalidrequests • From asingle clientorfromallsources • 4.3 – Advanced Security WAF Web Server Bruteforce tommy/password 2 1 Requests 1 2 Request blocked Eisenberg 1.1.1.1 tommy/123456 3 tommy/qwerty 4 tommy/abc123 360s1.1.1.1
Session Tracking • Limits thenumberof sessions originating from aparticularclientIP addressina given interval • Helps prevent session-based Denial of Service(DoS) attacks • 4.3 – Advanced Security WAF Web Server Session Trck. Request blocked Eisenberg 1.1.1.1 60s1.1.1.1 Request3 Request2 SessionID2 Request1 SessionID1 Request2 SessionID2 Request1 SessionID1
Advanced Security Configuration • WEBSITES> AdvancedSecurity • Edit thedefault-URL-policy • Enable Data Theft Protection • Enable AV • Enable Bruteforce Protection • Enable Rate Control • Session Trackingwalkthrough • EnableClickjackingProtection • 4.3 – Advanced Security Live Demo
Allow/Deny Rules Topics Covered: • Overview • Allow/Deny RulesTypes • ExtendedMatchRules • RuleEvaluation Order Module 4–Chapter 4
Allow/Deny Rules • Define strictaccesscontrol rulesforthe services • Rulesareservice-specific andcannotbeshared • Two typesof rules: • Allow/Deny rulesforURLs • Allow/Denyrulesforheaders • 4.4 – Allow/Deny Rules
Allow/Deny Rules • 4.4 – Allow/Deny Rules Response Application Server Tommy Request
Allow/Deny Rules for URLs • Control accessto certainportionsto theWeb Applicationbasedon a set of matchingcriteria • WithoutchanginganyconfigurationontheWebApplicationitself • Extendedmatchcanbeused • Configurableactionsare the same asglobal ACLs • 4.4 – Allow/Deny Rules Web Application Public Private Payments Access Control
Allow/Deny Rules for Headers • Enforcestrictlimitations onincoming headers • Sanitize HTTP headerscontaining • Sensitive informationidentifyingthe client • Someapplication-specificstateinformation • Prevent configured attacktypes • Stop potentially malicious metacharactersandkeywords • 4.4 – Allow/Deny Rules
Extended Match Rules • Specifically define whichrequests/responsesneedtherule applied • Conditionscanbe based on foundparametersor elements • Used acrossmultiple modules (notonly Allow/Denyrules) • 4.4 – Allow/Deny Rules Tommy Firefox 16 WAF USER-Agent co Firefox/16 Application Server URL Allow/Deny Rule Request Response 301 - Update_your_browser.html
Extended Match Rules Configuration • 4.4 – Allow/Deny Rules 1 2 3 4 5 Extended Match Widget 1. OpentheExtendedMatchwidget 2. Configurewhattointercept 3. InsertconditionintheHeader Expressionfield 4. Apply/Closewidget 5. 1=highestpriority
Rule Evaluation Order • The policies of the“bestmatching”ruleareapplied • Hierarchical match • ComparestheHostheader.Ifthereisnomatch,comparestheURLpath • Ifmultiple ACLsmatch,eachextendedmatchruleisevaluatedinascending orderofextendedmatchsequence • Sequential match • IgnorestheHostheaderandURLpath • Eachextendedmatchruleisevaluatedinsequentialorder basedonthe extendedmatchsequence • 4.4 – Allow/Deny Rules
Allow/Deny Rules • WEBSITES> Allow/DenyRules • CreateaURLAllow/Deny rule • CreateaHeadersAllow/Denyrule • 4.4 – Allow/Deny Rules Live Demo
Website Profiles Topics Covered: • Overview • URLProfiles • ParameterProfiles • AdaptiveProfiling • URLEncryption Module 4–Chapter 5
Website Profiles Overview • Specific rules tofine-tunethesecuritysettingsof a service • URLprofiles • Parametersprofiles Tommy Reed WAF /cgi-bin/reg.cgi URL Profile /cgi-bin/reg.cgi Request Parameters Profile First Name • Input Field • Type Alpha • Max Char 16 Last Name • Input Field • Type Alpha • Max Char 16 /cgi-bin/reg.cgi Request Application Server Tommy Reed • 4.5 – Website Profiles
Website Profiles • 4.5 – Website Profiles Response Application Server Tommy Request
Website Profiles Modes • Active - Validates requests,blocks, andlogs requestsviolations • UseURLprofileandcorresponding parameterprofile(s) settings • Passive - Validates the requestsand logs violations • Learning- LearnstheWeb Application structure… • 4.5 – Website Profiles
Website Profiles - Strict Profile Check • Enforcethepositiveornegativesecuritymodel • StrictProfileCheckenabled: • ValidatesrequestsanddeniestherequeststhatdonotmatchtheURLprofilesandparameter profiles • StrictProfileCheckdisabled: • Validatesrequests,andiftheydonotmatchtheURLprofilesandparameterprofiles,therequests arevalidatedagainsttheglobalsecuritypolicy. • 4.5 – Website Profiles
Adaptive Profiling • Automatically learnsthestructureof aWeb Application • Basedonrequests and/orresponses • Available onmodel660+ • Creates the website profile based on thelearnedstructure • 4.5 – Website Profiles Tommy Reed WAF /cgi-bin/reg.cgi URL Profile /cgi-bin/reg.cgi Request Parameters Profile First Name • Input Field • Type Alpha Last Name • … /cgi-bin/reg.cgi Request Application Server Tommy Reed ResponseResponse
Adaptive Profiling Configuration 1. Configure theservice in Learningmode 2. Startthelearningprocess • GeneratetraffictotheWebApplication 3. Stop thelearningprocess 4. Review and Lock theURL Profiles ConfigurationsettingsinWEBSITES>WebsiteProfiles • 4.5 – Website Profiles 2 3 1 2 4
Website Profiles Configuration • WEBSITES> Websites Profiles • CreateanewURLprofile • Createanewparameterprofile • WEBSITE >Adaptive Profiling • Addanadaptiveprofiling rule • WEBSITES> Websites Profiles • Configure thewebsiteprofiletolearn • 4.5 – Website Profiles Live Demo
Tuning Security Rules Topics Covered: • Web Firewall Logs • TrustedHosts • ExceptionProfiling Module 4–Chapter 6
Web Firewall Logs • Traffic violations arelogged in theWeb Firewall Log • Canbeusedto mitigate false positives • Suggeststhe recommended “Fix” • Acceptinga recommendation could have thefollowing impact: • Localized-Website profilemodification(URLorparameter) • Global- Securitypolicymodification • 4.6 – Tuning Security Rules
Trusted Hosts • Hosts whose trafficis assumed tobe safe • DefinedbyIPaddress/network • Configured ingroups • Use cases • Exemptspecific trafficfromsecuritychecksorauthentication • TraintheAdaptiveProfiling engine • TraintheExceptionProfiling engine • 4.6 – Tuning Security Rules
Exception Profiling • Fine-tunessecuritypolicies associated witha service • Uses a heuristics-basedstrategy to refine securitysettingsinresponse to logged traffic Tommy WAF Service Security Settings Exception Profiling Max File size Upload - 5 Mb 6 Mb7 Mb8 Mb Request blocked Increase by 100% Max File size Upload - 10 Mb Level LOW - Trigger Count: 3 - New Value: +100% • 4.6 – Tuning Security Rules
Exception Profiling Heuristics • Changescanbesuggestedorapplied automatically • Trustedtraffic • Trusted(Hosts) • Untrustedtraffic • Low • Medium • High • Untrustedtraffic levels are shared among services • 4.6 – Tuning Security Rules
Tuning Security Rules Configuration • BASIC >Web Firewall Logs • Reviewfalsepositives andapplythefix • WEBSITES> TrustedHosts • Configure anewgroup andapplyittoaservice • WEBSITES> ExceptionProfiling • Assign ExceptionProfile leveltoaservice • WEBSITES> ExceptionHeuristics • Levelswalkthrough • 4.6 – Tuning Security Rules Live Demo
URL Encryption • TheWAF encryptsall URLsassociated withtherequestedpage • Requiresnochangesto the application • If encryptedURLsare manipulatedor tamperedwithinsubsequent requests,therequestsare blockedandlogged • 4.3 – Advanced Security WAF Tommy Application Server http://bn.com Request http://bn.com Request http://bn.com/index.php?include=a.txt Response http://bn.com/d098duj0 Response
URL Encryption Configuration • WEBSITES> URLEncryption • Activate URLencryptiononaservice • Addanewencryptionrule • BASIC >AccessLogs • VerifyencryptedURLs • 4.3 – Advanced Security Live Demo
Application DDoS Attack Protection Topics Covered: • IP Reputation Filter • DDoSPolicies • Slow Client AttackPrevention Module 4–Chapter 7
IP Reputation Filter • Filters trafficfrom specific geographic regions / categories to aservice • GeoPool • BarracudaReputation • TORNodes • AnonymousProxy • SatelliteProvider WAF Requests Requests blocked Backend Servers • 4.7 – Application DDoS Attack Protection
DDoS Policies • Passively evaluate theclientsto determineif theyare suspiciousor not • The client taggedas suspiciouswill be forcedto answera CAPTCHA • Thesuspicious clientIPaddresses will beremembered for900seconds BOT Request WAF Web Server Request ResponseResponse JS Request Request blocked Response C4PtcH4 • 4.7 – Application DDoS Attack Protection
Slow Client Attack Prevention • Enforcesrequests/ responsestimeouts • Enforcesrequests/ responsesminimumdata transferrates • Prevents: • SlowHTTPheadersvulnerability(Slowloris) • SlowHTTPPOSTvulnerability(R-U-Dead-YetorRUDY) • SlowreadDoSattack • 4.7 – Application DDoS Attack Protection
Application DDoS Attack Protection • WEBSITES> IP Reputation • Configuration walkthrough • WEBSITES> DDoSPrevention • CreateanewDDoSpolicy • Edit theSlow ClientAttackPreventionsettings • 4.7 – Application DDoS Attack Protection Live Demo

Recommended

Addressing the cyber kill chain
Addressing the cyber kill chainAddressing the cyber kill chain
Addressing the cyber kill chainSymantec Brasil
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)Ahmad Haghighi
 
Red Team vs. Blue Team
Red Team vs. Blue TeamRed Team vs. Blue Team
Red Team vs. Blue TeamEC-Council
 
FortiWeb
FortiWebFortiWeb
FortiWebAlireza Akrami
 
Chapter 1 Introduction to Security
Chapter 1 Introduction to SecurityChapter 1 Introduction to Security
Chapter 1 Introduction to SecurityDr. Ahmed Al Zaidy
 
Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)MetroStar
 
Endpoint Protection
Endpoint ProtectionEndpoint Protection
Endpoint ProtectionSophos
 
Patch and Vulnerability Management
Patch and Vulnerability ManagementPatch and Vulnerability Management
Patch and Vulnerability ManagementMarcelo Martins
 

Recommended

Addressing the cyber kill chain
Addressing the cyber kill chainAddressing the cyber kill chain
Addressing the cyber kill chainSymantec Brasil
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)Ahmad Haghighi
 
Red Team vs. Blue Team
Red Team vs. Blue TeamRed Team vs. Blue Team
Red Team vs. Blue TeamEC-Council
 
FortiWeb
FortiWebFortiWeb
FortiWebAlireza Akrami
 
Chapter 1 Introduction to Security
Chapter 1 Introduction to SecurityChapter 1 Introduction to Security
Chapter 1 Introduction to SecurityDr. Ahmed Al Zaidy
 
Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)MetroStar
 
Endpoint Protection
Endpoint ProtectionEndpoint Protection
Endpoint ProtectionSophos
 
Patch and Vulnerability Management
Patch and Vulnerability ManagementPatch and Vulnerability Management
Patch and Vulnerability ManagementMarcelo Martins
 
Play,Learn and Hack- CTF Training
Play,Learn and Hack- CTF TrainingPlay,Learn and Hack- CTF Training
Play,Learn and Hack- CTF TrainingHeba Hamdy Farahat
 
Cyber Security Best Practices
Cyber Security Best PracticesCyber Security Best Practices
Cyber Security Best PracticesEvolve IP
 
Azure sentinel
Azure sentinelAzure sentinel
Azure sentinelMarius Sandbu
 
Application Security Guide for Beginners
Application Security Guide for Beginners Application Security Guide for Beginners
Application Security Guide for Beginners Checkmarx
 
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...EC-Council
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
Ch08 Authentication
Ch08 AuthenticationCh08 Authentication
Ch08 AuthenticationInformation Technology
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodologyRashad Aliyev
 
SOC and SIEM.pptx
SOC and SIEM.pptxSOC and SIEM.pptx
SOC and SIEM.pptxSandeshUprety4
 
Cyber kill chain
Cyber kill chainCyber kill chain
Cyber kill chainAnkita Ganguly
 
Purple Team Exercise Hands-On Workshop #GrayHat
Purple Team Exercise Hands-On Workshop #GrayHatPurple Team Exercise Hands-On Workshop #GrayHat
Purple Team Exercise Hands-On Workshop #GrayHatJorge Orchilles
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)Shah Sheikh
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application SecurityMarketingArrowECS_CZ
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Edureka!
 
Threat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainThreat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainSuwitcha Musijaral CISSP,CISA,GWAPT,SNORTCP
 
INCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATIONINCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATIONSylvain Martinez
 
Web Socket ASM support lior rotkovitch
Web Socket ASM support lior rotkovitchWeb Socket ASM support lior rotkovitch
Web Socket ASM support lior rotkovitchLior Rotkovitch
 
Cyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceCyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceTom K
 
Basic security and Barracuda VRS
Basic security and Barracuda VRSBasic security and Barracuda VRS
Basic security and Barracuda VRSAravindan A
 
WAF deployment
WAF deploymentWAF deployment
WAF deploymentAravindan A
 

More Related Content

What's hot

Play,Learn and Hack- CTF Training
Play,Learn and Hack- CTF TrainingPlay,Learn and Hack- CTF Training
Play,Learn and Hack- CTF TrainingHeba Hamdy Farahat
 
Cyber Security Best Practices
Cyber Security Best PracticesCyber Security Best Practices
Cyber Security Best PracticesEvolve IP
 
Application Security Guide for Beginners
Application Security Guide for Beginners Application Security Guide for Beginners
Application Security Guide for Beginners Checkmarx
 
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...EC-Council
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodologyRashad Aliyev
 
Purple Team Exercise Hands-On Workshop #GrayHat
Purple Team Exercise Hands-On Workshop #GrayHatPurple Team Exercise Hands-On Workshop #GrayHat
Purple Team Exercise Hands-On Workshop #GrayHatJorge Orchilles
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)Shah Sheikh
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Edureka!
 
INCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATIONINCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATIONSylvain Martinez
 
Web Socket ASM support lior rotkovitch
Web Socket ASM support lior rotkovitchWeb Socket ASM support lior rotkovitch
Web Socket ASM support lior rotkovitchLior Rotkovitch
 
Cyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceCyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceTom K
 

What's hot (20)

Play,Learn and Hack- CTF Training
Play,Learn and Hack- CTF TrainingPlay,Learn and Hack- CTF Training
Play,Learn and Hack- CTF Training
 
Cyber Security Best Practices
Cyber Security Best PracticesCyber Security Best Practices
Cyber Security Best Practices
 
Azure sentinel
Azure sentinelAzure sentinel
Azure sentinel
 
Application Security Guide for Beginners
Application Security Guide for Beginners Application Security Guide for Beginners
Application Security Guide for Beginners
 
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
 
Ch08 Authentication
Ch08 AuthenticationCh08 Authentication
Ch08 Authentication
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodology
 
SOC and SIEM.pptx
SOC and SIEM.pptxSOC and SIEM.pptx
SOC and SIEM.pptx
 
Cyber kill chain
Cyber kill chainCyber kill chain
Cyber kill chain
 
Purple Team Exercise Hands-On Workshop #GrayHat
Purple Team Exercise Hands-On Workshop #GrayHatPurple Team Exercise Hands-On Workshop #GrayHat
Purple Team Exercise Hands-On Workshop #GrayHat
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Security
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
 
Threat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainThreat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill Chain
 
INCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATIONINCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATION
 
Web Socket ASM support lior rotkovitch
Web Socket ASM support lior rotkovitchWeb Socket ASM support lior rotkovitch
Web Socket ASM support lior rotkovitch
 
Cyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceCyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General Audience
 

Similar to Advanced security in Barracuda WAF

Basic security and Barracuda VRS
Basic security and Barracuda VRSBasic security and Barracuda VRS
Basic security and Barracuda VRSAravindan A
 
Custom policies in mule 4 and a circuit breaker example
Custom policies in mule 4 and a circuit breaker exampleCustom policies in mule 4 and a circuit breaker example
Custom policies in mule 4 and a circuit breaker exampleRoyston Lobo
 
Barracuda WAF Deployment in Microsoft Azure
Barracuda WAF Deployment in Microsoft AzureBarracuda WAF Deployment in Microsoft Azure
Barracuda WAF Deployment in Microsoft AzureAravindan A
 
CompTIASecPLUSAASS-part4 - Edited (1).pptx
CompTIASecPLUSAASS-part4 - Edited (1).pptxCompTIASecPLUSAASS-part4 - Edited (1).pptx
CompTIASecPLUSAASS-part4 - Edited (1).pptxmohedkhadar60
 
Cloud patterns at Carleton University
Cloud patterns at Carleton UniversityCloud patterns at Carleton University
Cloud patterns at Carleton UniversityTaswar Bhatti
 
GTM vs AWS Route 53 with Cisco umbrella
GTM vs AWS Route 53 with Cisco umbrellaGTM vs AWS Route 53 with Cisco umbrella
GTM vs AWS Route 53 with Cisco umbrellaDhruv Sharma
 
Open Policy Agent for governance as a code
Open Policy Agent for governance as a code Open Policy Agent for governance as a code
Open Policy Agent for governance as a code Alexander Tokarev
 
(SEC323) New: Securing Web Applications with AWS WAF
(SEC323) New: Securing Web Applications with AWS WAF(SEC323) New: Securing Web Applications with AWS WAF
(SEC323) New: Securing Web Applications with AWS WAFAmazon Web Services
 
Securing Traditional Workloads on AWS
Securing Traditional Workloads on AWSSecuring Traditional Workloads on AWS
Securing Traditional Workloads on AWSTim Feng
 
Cloud Design Patterns - Hong Kong Codeaholics
Cloud Design Patterns - Hong Kong CodeaholicsCloud Design Patterns - Hong Kong Codeaholics
Cloud Design Patterns - Hong Kong CodeaholicsTaswar Bhatti
 
haproxy-150423120602-conversion-gate01.pdf
haproxy-150423120602-conversion-gate01.pdfhaproxy-150423120602-conversion-gate01.pdf
haproxy-150423120602-conversion-gate01.pdfPawanVerma628806
 
ASM Course Content.pdf
ASM Course Content.pdfASM Course Content.pdf
ASM Course Content.pdfviditsir
 
ModSecurity and NGINX: Tuning the OWASP Core Rule Set
ModSecurity and NGINX: Tuning the OWASP Core Rule SetModSecurity and NGINX: Tuning the OWASP Core Rule Set
ModSecurity and NGINX: Tuning the OWASP Core Rule SetNGINX, Inc.
 
Deploying Next Generation Firewalling with ASA - CX
Deploying Next Generation Firewalling with ASA - CXDeploying Next Generation Firewalling with ASA - CX
Deploying Next Generation Firewalling with ASA - CXCisco Canada
 
CNIT 129S: 10: Attacking Back-End Components
CNIT 129S: 10: Attacking Back-End ComponentsCNIT 129S: 10: Attacking Back-End Components
CNIT 129S: 10: Attacking Back-End ComponentsSam Bowne
 
Filemaker security-protect-your-data
Filemaker security-protect-your-dataFilemaker security-protect-your-data
Filemaker security-protect-your-dataDB Services
 
Building & Testing Scalable Rails Applications
Building & Testing Scalable Rails ApplicationsBuilding & Testing Scalable Rails Applications
Building & Testing Scalable Rails Applicationsevilmike
 

Similar to Advanced security in Barracuda WAF (20)

Basic security and Barracuda VRS
Basic security and Barracuda VRSBasic security and Barracuda VRS
Basic security and Barracuda VRS
 
WAF deployment
WAF deploymentWAF deployment
WAF deployment
 
Custom policies in mule 4 and a circuit breaker example
Custom policies in mule 4 and a circuit breaker exampleCustom policies in mule 4 and a circuit breaker example
Custom policies in mule 4 and a circuit breaker example
 
Barracuda WAF Deployment in Microsoft Azure
Barracuda WAF Deployment in Microsoft AzureBarracuda WAF Deployment in Microsoft Azure
Barracuda WAF Deployment in Microsoft Azure
 
CompTIASecPLUSAASS-part4 - Edited (1).pptx
CompTIASecPLUSAASS-part4 - Edited (1).pptxCompTIASecPLUSAASS-part4 - Edited (1).pptx
CompTIASecPLUSAASS-part4 - Edited (1).pptx
 
Cloud patterns at Carleton University
Cloud patterns at Carleton UniversityCloud patterns at Carleton University
Cloud patterns at Carleton University
 
GTM vs AWS Route 53 with Cisco umbrella
GTM vs AWS Route 53 with Cisco umbrellaGTM vs AWS Route 53 with Cisco umbrella
GTM vs AWS Route 53 with Cisco umbrella
 
Open Policy Agent for governance as a code
Open Policy Agent for governance as a code Open Policy Agent for governance as a code
Open Policy Agent for governance as a code
 
(SEC323) New: Securing Web Applications with AWS WAF
(SEC323) New: Securing Web Applications with AWS WAF(SEC323) New: Securing Web Applications with AWS WAF
(SEC323) New: Securing Web Applications with AWS WAF
 
Securing Traditional Workloads on AWS
Securing Traditional Workloads on AWSSecuring Traditional Workloads on AWS
Securing Traditional Workloads on AWS
 
Cloud Design Patterns - Hong Kong Codeaholics
Cloud Design Patterns - Hong Kong CodeaholicsCloud Design Patterns - Hong Kong Codeaholics
Cloud Design Patterns - Hong Kong Codeaholics
 
haproxy-150423120602-conversion-gate01.pdf
haproxy-150423120602-conversion-gate01.pdfhaproxy-150423120602-conversion-gate01.pdf
haproxy-150423120602-conversion-gate01.pdf
 
HAProxy
HAProxy HAProxy
HAProxy
 
ASM Course Content.pdf
ASM Course Content.pdfASM Course Content.pdf
ASM Course Content.pdf
 
ModSecurity and NGINX: Tuning the OWASP Core Rule Set
ModSecurity and NGINX: Tuning the OWASP Core Rule SetModSecurity and NGINX: Tuning the OWASP Core Rule Set
ModSecurity and NGINX: Tuning the OWASP Core Rule Set
 
MySQL Security
MySQL SecurityMySQL Security
MySQL Security
 
Deploying Next Generation Firewalling with ASA - CX
Deploying Next Generation Firewalling with ASA - CXDeploying Next Generation Firewalling with ASA - CX
Deploying Next Generation Firewalling with ASA - CX
 
CNIT 129S: 10: Attacking Back-End Components
CNIT 129S: 10: Attacking Back-End ComponentsCNIT 129S: 10: Attacking Back-End Components
CNIT 129S: 10: Attacking Back-End Components
 
Filemaker security-protect-your-data
Filemaker security-protect-your-dataFilemaker security-protect-your-data
Filemaker security-protect-your-data
 
Building & Testing Scalable Rails Applications
Building & Testing Scalable Rails ApplicationsBuilding & Testing Scalable Rails Applications
Building & Testing Scalable Rails Applications
 

More from Aravindan A

Application delivery
Application deliveryApplication delivery
Application deliveryAravindan A
 
Barracuda WAF deployment in AWS
Barracuda WAF deployment in AWSBarracuda WAF deployment in AWS
Barracuda WAF deployment in AWSAravindan A
 
Api sec demo_updated_v2
Api sec demo_updated_v2Api sec demo_updated_v2
Api sec demo_updated_v2Aravindan A
 
WAF CC Introduction
WAF CC IntroductionWAF CC Introduction
WAF CC IntroductionAravindan A
 
System administration
System administrationSystem administration
System administrationAravindan A
 
Advanced networking
Advanced networkingAdvanced networking
Advanced networkingAravindan A
 
Application delivery
Application deliveryApplication delivery
Application deliveryAravindan A
 
application security basics
application security basicsapplication security basics
application security basicsAravindan A
 
general protocol basics
general protocol basicsgeneral protocol basics
general protocol basicsAravindan A
 

More from Aravindan A (13)

Application delivery
Application deliveryApplication delivery
Application delivery
 
Barracuda WAF deployment in AWS
Barracuda WAF deployment in AWSBarracuda WAF deployment in AWS
Barracuda WAF deployment in AWS
 
Api sec demo_updated_v2
Api sec demo_updated_v2Api sec demo_updated_v2
Api sec demo_updated_v2
 
WAF CC Introduction
WAF CC IntroductionWAF CC Introduction
WAF CC Introduction
 
System administration
System administrationSystem administration
System administration
 
Devops
DevopsDevops
Devops
 
Advanced networking
Advanced networkingAdvanced networking
Advanced networking
 
Reporting
ReportingReporting
Reporting
 
Logging intro
Logging introLogging intro
Logging intro
 
Application delivery
Application deliveryApplication delivery
Application delivery
 
Access control
Access controlAccess control
Access control
 
application security basics
application security basicsapplication security basics
application security basics
 
general protocol basics
general protocol basicsgeneral protocol basics
general protocol basics
 

Recently uploaded

Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 

Recently uploaded (20)

Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 

Advanced security in Barracuda WAF

  • 1. Advanced Security Topics Covered: • URLPolicies • Bruteforce Prevention • Antivirus Module 4–Chapter 3
  • 2. URL Policies • Automatically createdforeachService • Additional URL Policies can be created forspecific partsof aWeb App • Modulesthatcanbeactivated in URLPolicies: • DataTheftPrevention • Bruteforce Prevention • Antivirus • RateControl (alsoavailableatService level) • 4.3 – Advanced Security
  • 3. Advanced Security • 4.3 – Advanced Security Response Application Server Tommy Request
  • 4. Antivirus • Virusscanningisenabled ona per-URLbasis • ShouldonlybeenabledforURLswhich allowfile uploadsanddownloads • Clam AV • Barracudacreatesthe AVsignatures pushedthrough Energize Updates • 4.3 – Advanced Security Eisenberg WAF Web Server Request blocked EU
  • 5. Bruteforce Protection • Maximumnumberof requeststo aURLwithinaconfigured interval • Allrequests oronlyinvalidrequests • From asingle clientorfromallsources • 4.3 – Advanced Security WAF Web Server Bruteforce tommy/password 2 1 Requests 1 2 Request blocked Eisenberg 1.1.1.1 tommy/123456 3 tommy/qwerty 4 tommy/abc123 360s1.1.1.1
  • 6. Session Tracking • Limits thenumberof sessions originating from aparticularclientIP addressina given interval • Helps prevent session-based Denial of Service(DoS) attacks • 4.3 – Advanced Security WAF Web Server Session Trck. Request blocked Eisenberg 1.1.1.1 60s1.1.1.1 Request3 Request2 SessionID2 Request1 SessionID1 Request2 SessionID2 Request1 SessionID1
  • 7. Advanced Security Configuration • WEBSITES> AdvancedSecurity • Edit thedefault-URL-policy • Enable Data Theft Protection • Enable AV • Enable Bruteforce Protection • Enable Rate Control • Session Trackingwalkthrough • EnableClickjackingProtection • 4.3 – Advanced Security Live Demo
  • 8. Allow/Deny Rules Topics Covered: • Overview • Allow/Deny RulesTypes • ExtendedMatchRules • RuleEvaluation Order Module 4–Chapter 4
  • 9. Allow/Deny Rules • Define strictaccesscontrol rulesforthe services • Rulesareservice-specific andcannotbeshared • Two typesof rules: • Allow/Deny rulesforURLs • Allow/Denyrulesforheaders • 4.4 – Allow/Deny Rules
  • 10. Allow/Deny Rules • 4.4 – Allow/Deny Rules Response Application Server Tommy Request
  • 11. Allow/Deny Rules for URLs • Control accessto certainportionsto theWeb Applicationbasedon a set of matchingcriteria • WithoutchanginganyconfigurationontheWebApplicationitself • Extendedmatchcanbeused • Configurableactionsare the same asglobal ACLs • 4.4 – Allow/Deny Rules Web Application Public Private Payments Access Control
  • 12. Allow/Deny Rules for Headers • Enforcestrictlimitations onincoming headers • Sanitize HTTP headerscontaining • Sensitive informationidentifyingthe client • Someapplication-specificstateinformation • Prevent configured attacktypes • Stop potentially malicious metacharactersandkeywords • 4.4 – Allow/Deny Rules
  • 13. Extended Match Rules • Specifically define whichrequests/responsesneedtherule applied • Conditionscanbe based on foundparametersor elements • Used acrossmultiple modules (notonly Allow/Denyrules) • 4.4 – Allow/Deny Rules Tommy Firefox 16 WAF USER-Agent co Firefox/16 Application Server URL Allow/Deny Rule Request Response 301 - Update_your_browser.html
  • 14. Extended Match Rules Configuration • 4.4 – Allow/Deny Rules 1 2 3 4 5 Extended Match Widget 1. OpentheExtendedMatchwidget 2. Configurewhattointercept 3. InsertconditionintheHeader Expressionfield 4. Apply/Closewidget 5. 1=highestpriority
  • 15. Rule Evaluation Order • The policies of the“bestmatching”ruleareapplied • Hierarchical match • ComparestheHostheader.Ifthereisnomatch,comparestheURLpath • Ifmultiple ACLsmatch,eachextendedmatchruleisevaluatedinascending orderofextendedmatchsequence • Sequential match • IgnorestheHostheaderandURLpath • Eachextendedmatchruleisevaluatedinsequentialorder basedonthe extendedmatchsequence • 4.4 – Allow/Deny Rules
  • 16. Allow/Deny Rules • WEBSITES> Allow/DenyRules • CreateaURLAllow/Deny rule • CreateaHeadersAllow/Denyrule • 4.4 – Allow/Deny Rules Live Demo
  • 17. Website Profiles Topics Covered: • Overview • URLProfiles • ParameterProfiles • AdaptiveProfiling • URLEncryption Module 4–Chapter 5
  • 18. Website Profiles Overview • Specific rules tofine-tunethesecuritysettingsof a service • URLprofiles • Parametersprofiles Tommy Reed WAF /cgi-bin/reg.cgi URL Profile /cgi-bin/reg.cgi Request Parameters Profile First Name • Input Field • Type Alpha • Max Char 16 Last Name • Input Field • Type Alpha • Max Char 16 /cgi-bin/reg.cgi Request Application Server Tommy Reed • 4.5 – Website Profiles
  • 19. Website Profiles • 4.5 – Website Profiles Response Application Server Tommy Request
  • 20. Website Profiles Modes • Active - Validates requests,blocks, andlogs requestsviolations • UseURLprofileandcorresponding parameterprofile(s) settings • Passive - Validates the requestsand logs violations • Learning- LearnstheWeb Application structure… • 4.5 – Website Profiles
  • 21. Website Profiles - Strict Profile Check • Enforcethepositiveornegativesecuritymodel • StrictProfileCheckenabled: • ValidatesrequestsanddeniestherequeststhatdonotmatchtheURLprofilesandparameter profiles • StrictProfileCheckdisabled: • Validatesrequests,andiftheydonotmatchtheURLprofilesandparameterprofiles,therequests arevalidatedagainsttheglobalsecuritypolicy. • 4.5 – Website Profiles
  • 22. Adaptive Profiling • Automatically learnsthestructureof aWeb Application • Basedonrequests and/orresponses • Available onmodel660+ • Creates the website profile based on thelearnedstructure • 4.5 – Website Profiles Tommy Reed WAF /cgi-bin/reg.cgi URL Profile /cgi-bin/reg.cgi Request Parameters Profile First Name • Input Field • Type Alpha Last Name • … /cgi-bin/reg.cgi Request Application Server Tommy Reed ResponseResponse
  • 23. Adaptive Profiling Configuration 1. Configure theservice in Learningmode 2. Startthelearningprocess • GeneratetraffictotheWebApplication 3. Stop thelearningprocess 4. Review and Lock theURL Profiles ConfigurationsettingsinWEBSITES>WebsiteProfiles • 4.5 – Website Profiles 2 3 1 2 4
  • 24. Website Profiles Configuration • WEBSITES> Websites Profiles • CreateanewURLprofile • Createanewparameterprofile • WEBSITE >Adaptive Profiling • Addanadaptiveprofiling rule • WEBSITES> Websites Profiles • Configure thewebsiteprofiletolearn • 4.5 – Website Profiles Live Demo
  • 25. Tuning Security Rules Topics Covered: • Web Firewall Logs • TrustedHosts • ExceptionProfiling Module 4–Chapter 6
  • 26. Web Firewall Logs • Traffic violations arelogged in theWeb Firewall Log • Canbeusedto mitigate false positives • Suggeststhe recommended “Fix” • Acceptinga recommendation could have thefollowing impact: • Localized-Website profilemodification(URLorparameter) • Global- Securitypolicymodification • 4.6 – Tuning Security Rules
  • 27. Trusted Hosts • Hosts whose trafficis assumed tobe safe • DefinedbyIPaddress/network • Configured ingroups • Use cases • Exemptspecific trafficfromsecuritychecksorauthentication • TraintheAdaptiveProfiling engine • TraintheExceptionProfiling engine • 4.6 – Tuning Security Rules
  • 28. Exception Profiling • Fine-tunessecuritypolicies associated witha service • Uses a heuristics-basedstrategy to refine securitysettingsinresponse to logged traffic Tommy WAF Service Security Settings Exception Profiling Max File size Upload - 5 Mb 6 Mb7 Mb8 Mb Request blocked Increase by 100% Max File size Upload - 10 Mb Level LOW - Trigger Count: 3 - New Value: +100% • 4.6 – Tuning Security Rules
  • 29. Exception Profiling Heuristics • Changescanbesuggestedorapplied automatically • Trustedtraffic • Trusted(Hosts) • Untrustedtraffic • Low • Medium • High • Untrustedtraffic levels are shared among services • 4.6 – Tuning Security Rules
  • 30. Tuning Security Rules Configuration • BASIC >Web Firewall Logs • Reviewfalsepositives andapplythefix • WEBSITES> TrustedHosts • Configure anewgroup andapplyittoaservice • WEBSITES> ExceptionProfiling • Assign ExceptionProfile leveltoaservice • WEBSITES> ExceptionHeuristics • Levelswalkthrough • 4.6 – Tuning Security Rules Live Demo
  • 31. URL Encryption • TheWAF encryptsall URLsassociated withtherequestedpage • Requiresnochangesto the application • If encryptedURLsare manipulatedor tamperedwithinsubsequent requests,therequestsare blockedandlogged • 4.3 – Advanced Security WAF Tommy Application Server http://bn.com Request http://bn.com Request http://bn.com/index.php?include=a.txt Response http://bn.com/d098duj0 Response
  • 32. URL Encryption Configuration • WEBSITES> URLEncryption • Activate URLencryptiononaservice • Addanewencryptionrule • BASIC >AccessLogs • VerifyencryptedURLs • 4.3 – Advanced Security Live Demo
  • 33. Application DDoS Attack Protection Topics Covered: • IP Reputation Filter • DDoSPolicies • Slow Client AttackPrevention Module 4–Chapter 7
  • 34. IP Reputation Filter • Filters trafficfrom specific geographic regions / categories to aservice • GeoPool • BarracudaReputation • TORNodes • AnonymousProxy • SatelliteProvider WAF Requests Requests blocked Backend Servers • 4.7 – Application DDoS Attack Protection
  • 35. DDoS Policies • Passively evaluate theclientsto determineif theyare suspiciousor not • The client taggedas suspiciouswill be forcedto answera CAPTCHA • Thesuspicious clientIPaddresses will beremembered for900seconds BOT Request WAF Web Server Request ResponseResponse JS Request Request blocked Response C4PtcH4 • 4.7 – Application DDoS Attack Protection
  • 36. Slow Client Attack Prevention • Enforcesrequests/ responsestimeouts • Enforcesrequests/ responsesminimumdata transferrates • Prevents: • SlowHTTPheadersvulnerability(Slowloris) • SlowHTTPPOSTvulnerability(R-U-Dead-YetorRUDY) • SlowreadDoSattack • 4.7 – Application DDoS Attack Protection
  • 37. Application DDoS Attack Protection • WEBSITES> IP Reputation • Configuration walkthrough • WEBSITES> DDoSPrevention • CreateanewDDoSpolicy • Edit theSlow ClientAttackPreventionsettings • 4.7 – Application DDoS Attack Protection Live Demo