SlideShare a Scribd company logo

Barracuda WAF Deployment in Microsoft Azure

Download as PPTX, PDF
Aravindan A
Aravindan A

Barracuda WAF Public Cloud

Technology
1 of 32
Barracuda Web Application Firewall Securing cloud and hybrid deployments
Agenda DeploymentOptions Security Features Reporting and Logging Troubleshooting
Licensing and Availability BringYour Own License / Pay asYou Go WAF with single NIC WAF with multi NIC WAFVMSS
GUI based deployment
Template based provisioning GitHub Repository: https://github.com/barracudanetworks/waf-azure- templates
Deployment Scenario 1. Deploying in existing vnet 2. Deploying in a new vnet 3. Deploying to protect PAAS 4. High Availability
Configuration management using Puppet • Puppet Forge: https://forge.puppet.com/barracuda/cudawaf • Uses the Puppet Device implementation • Approved by Puppet Labs
Puppet Device 2. Agent sends CSR for theWAF 3. Master accepts and signs request 4. Agent sendsWAF Facts 5. Master checks the facts and sends Catalog 6. AgentApplies CatalogPuppet Master Puppet Agent 1. Agent requests facts Facts
Initial configuration • GUI : http://<ip>:8000/ or https://<ip>:8443/ • Username : admin
Web Interface Access SECTIONS PAGES (relative to the sections) Instant Search Help
Initial configuration: Create a service
BarracudaWeb Application Firewall Outbound InspectionInbound Inspection Comprehensive Application Security OWASPTop-10Attacks Application DDOS Proactive Defense ApplicationCloaking Geo-IP Control Data Loss Prevention Credit Card Numbers Social Security Number Custom Patterns
Complete Integration with BVRS Application Testing at each step in a CI/CD process BVRS application scan vulnerability dataAutomatic WAF configuration and profiles via VRS
Barracuda Vulnerability Remediation Service Cloud service for Vulnerability Assessment scanning - based on BVM Free Cloud Service Can be used independently (without WAF) Scans need validation : Email, Metatag, Text File, or TXT record.
Web Application Firewall Modes • Passive Mode – Logs the attacks but allows traffic to pass through • Active Mode – Logs and blocks the attacks • Per Service configuration Web Server Eisenberg WAF Service_A (active) Service_B (passive) Logs Attack1 Attack2 Attack2 Attack blocked
Stage 1: Security Policies – The 9 Sub- Policies Request Response Application Server Tommy
Stage 2 : Advanced Security Response Application Server Tommy Request
Stage 2.a : Allow/Deny Rules Response Application Server Tommy Request
Stage 3 : Website Profiles (Learning) Response Application Server Tommy Request
Website Profiles Overview • Specific rules to fine-tune the security settings of a service • URL profiles • Parameters profiles Tommy Reed WAF /cgi-bin/reg.cgi URL Profile /cgi-bin/reg.cgi Request Parameters Profile First Name • Input Field • Type Alpha • Max Char 16 Last Name • Input Field • Type Alpha • Max Char 16 /cgi-bin/reg.cgi Request Application Server Tommy Reed Can be learnt automatically
Extended Match Rules • Specifically define which requests/responses need the rule applied • Conditions can be based on found parameters or elements • Used across multiple modules (not only Allow/Deny rules) Tommy Firefox 16 WAF USER-Agent co Firefox/16 Application Server URL Allow/Deny Rule Request Response 301 - Update_your_browser.html
Extended Match Rules Configuration 1 2 3 4 5 Extended Match Widget 1. Open the Extended Match widget 2. Configure what to intercept 3. Insert condition in the Header Expression field 4. Apply/Close widget 5. 1 = highest priority
URL Encryption • The WAF encrypts all URLs associated with the requested page • Requires no changes to the application • If encrypted URLs are manipulated or tampered with in subsequent requests, the requests are blocked and logged WAF Tommy Application Server http://bn.com Request http://bn.com Request http://bn.com/index.php?include=a.txt Response http://bn.com/d098duj0 Response
Tuning Security Rules Configuration • BASIC > Web Firewall Logs • Review false positives and apply the fix • WEBSITES > Trusted Hosts • Configure a new group and apply it to a service • WEBSITES > Exception Profiling • Assign Exception Profile level to a service • WEBSITES > Exception Heuristics • Levels walkthrough Live Demo
Application DDoS Attack Protection Topics Covered: • IP Reputation Filter • DDoS Policies • Slow Client Attack Prevention
IP Reputation Filter • Filters traffic from specific geographic regions / categories toaservice • GeoPool • BarracudaReputation • TORNodes • AnonymousProxy • Satellite Provider WAF Requests Requests blocked Backend Servers
DDoS Policies • Passively evaluate the clients to determine if they are suspicious or not • The client tagged as suspicious will be forced to answer a CAPTCHA • The suspicious client IP addresses will be remembered for 900 seconds BOT Request WAF Web Server Request ResponseResponse JS Request Request blocked Response C4PtcH4
Slow Client Attack Prevention • Enforces requests / responses timeouts • Enforces requests / responses minimum data transfer rates • Prevents: • Slow HTTP headers vulnerability (Slowloris) • Slow HTTP POST vulnerability (R-U-Dead-Yet or RUDY) • Slow read DoS attack
Logging
Reporting: Microsoft OMS
Troubleshooting • Configuration problems • Connectivity / Access problems • System problems
ThankYou

Recommended

Advanced security in Barracuda WAF
Advanced security in Barracuda WAFAdvanced security in Barracuda WAF
Advanced security in Barracuda WAFAravindan A
 
Barracuda WAF deployment in AWS
Barracuda WAF deployment in AWSBarracuda WAF deployment in AWS
Barracuda WAF deployment in AWSAravindan A
 
WAF CC Introduction
WAF CC IntroductionWAF CC Introduction
WAF CC IntroductionAravindan A
 
Cisco ASA Firewall Presentation - ZABTech center Hyderabad
Cisco ASA Firewall Presentation - ZABTech center HyderabadCisco ASA Firewall Presentation - ZABTech center Hyderabad
Cisco ASA Firewall Presentation - ZABTech center HyderabadMehtabRohela
 
Securing Traditional Workloads on AWS
Securing Traditional Workloads on AWSSecuring Traditional Workloads on AWS
Securing Traditional Workloads on AWSTim Feng
 
Using Istio to Secure & Monitor Your Services
Using Istio to Secure & Monitor Your ServicesUsing Istio to Secure & Monitor Your Services
Using Istio to Secure & Monitor Your ServicesAlcide
 
Cisco ASA Firewalls
Cisco ASA FirewallsCisco ASA Firewalls
Cisco ASA FirewallsBryley Systems Inc.
 
Device security master (ASA Firewall) - project thesis - SZABIST-ZABTech Hyde...
Device security master (ASA Firewall) - project thesis - SZABIST-ZABTech Hyde...Device security master (ASA Firewall) - project thesis - SZABIST-ZABTech Hyde...
Device security master (ASA Firewall) - project thesis - SZABIST-ZABTech Hyde...MehtabRohela
 

Recommended

Advanced security in Barracuda WAF
Advanced security in Barracuda WAFAdvanced security in Barracuda WAF
Advanced security in Barracuda WAFAravindan A
 
Barracuda WAF deployment in AWS
Barracuda WAF deployment in AWSBarracuda WAF deployment in AWS
Barracuda WAF deployment in AWSAravindan A
 
WAF CC Introduction
WAF CC IntroductionWAF CC Introduction
WAF CC IntroductionAravindan A
 
Cisco ASA Firewall Presentation - ZABTech center Hyderabad
Cisco ASA Firewall Presentation - ZABTech center HyderabadCisco ASA Firewall Presentation - ZABTech center Hyderabad
Cisco ASA Firewall Presentation - ZABTech center HyderabadMehtabRohela
 
Securing Traditional Workloads on AWS
Securing Traditional Workloads on AWSSecuring Traditional Workloads on AWS
Securing Traditional Workloads on AWSTim Feng
 
Using Istio to Secure & Monitor Your Services
Using Istio to Secure & Monitor Your ServicesUsing Istio to Secure & Monitor Your Services
Using Istio to Secure & Monitor Your ServicesAlcide
 
Cisco ASA Firewalls
Cisco ASA FirewallsCisco ASA Firewalls
Cisco ASA FirewallsBryley Systems Inc.
 
Device security master (ASA Firewall) - project thesis - SZABIST-ZABTech Hyde...
Device security master (ASA Firewall) - project thesis - SZABIST-ZABTech Hyde...Device security master (ASA Firewall) - project thesis - SZABIST-ZABTech Hyde...
Device security master (ASA Firewall) - project thesis - SZABIST-ZABTech Hyde...MehtabRohela
 
Web Security Deployment
Web Security DeploymentWeb Security Deployment
Web Security DeploymentCisco Canada
 
Web Socket ASM support lior rotkovitch
Web Socket ASM support lior rotkovitchWeb Socket ASM support lior rotkovitch
Web Socket ASM support lior rotkovitchLior Rotkovitch
 
CloudFlare vs Incapsula vs ModSecurity
CloudFlare vs Incapsula vs ModSecurityCloudFlare vs Incapsula vs ModSecurity
CloudFlare vs Incapsula vs ModSecurityZero Science Lab
 
Cloudflare
CloudflareCloudflare
CloudflareFadi Abdulwahab
 
Best Practices Guide: Introducing Web Application Firewalls
Best Practices Guide: Introducing Web Application FirewallsBest Practices Guide: Introducing Web Application Firewalls
Best Practices Guide: Introducing Web Application Firewallsalexmeisel
 
Novinky F5
Novinky F5Novinky F5
Novinky F5MarketingArrowECS_CZ
 
F5 Web Application Security
F5 Web Application SecurityF5 Web Application Security
F5 Web Application SecurityMarketingArrowECS_CZ
 
Demystify aws networking create your virtual network on aws
Demystify aws networking create your virtual network on awsDemystify aws networking create your virtual network on aws
Demystify aws networking create your virtual network on awsJayDobariya6
 
Cloud Web Application Firewall - GlobalDots
Cloud Web Application Firewall - GlobalDotsCloud Web Application Firewall - GlobalDots
Cloud Web Application Firewall - GlobalDotsGlobalDots
 
F5 BigIP LTM Initial, Build, Install and Licensing.
F5 BigIP LTM Initial, Build, Install and Licensing.F5 BigIP LTM Initial, Build, Install and Licensing.
F5 BigIP LTM Initial, Build, Install and Licensing.Kapil Sabharwal
 
F5 TMOS v13.0
F5 TMOS v13.0F5 TMOS v13.0
F5 TMOS v13.0MarketingArrowECS_CZ
 
Introduction to Mod security session April 2016
Introduction to Mod security session April 2016Introduction to Mod security session April 2016
Introduction to Mod security session April 2016Rahul
 
F5 ASM HEALTH CHECKS
F5 ASM HEALTH CHECKSF5 ASM HEALTH CHECKS
F5 ASM HEALTH CHECKSMarco Essomba
 
Azure F5 Solutions
Azure F5 SolutionsAzure F5 Solutions
Azure F5 SolutionsMarketingArrowECS_CZ
 
Understanding IIS
Understanding IISUnderstanding IIS
Understanding IISOm Vikram Thapa
 
0505 Windows Server 2008 一日精華營 Part II
0505 Windows Server 2008 一日精華營 Part II0505 Windows Server 2008 一日精華營 Part II
0505 Windows Server 2008 一日精華營 Part IITimothy Chen
 
F5 DDoS Protection
F5 DDoS ProtectionF5 DDoS Protection
F5 DDoS ProtectionMarketingArrowECS_CZ
 
2 what is the best firewall (sizing)
2 what is the best firewall (sizing)2 what is the best firewall (sizing)
2 what is the best firewall (sizing)Mostafa El Lathy
 
Enterprise Node - Securing Your Environment
Enterprise Node - Securing Your EnvironmentEnterprise Node - Securing Your Environment
Enterprise Node - Securing Your EnvironmentKurtis Kemple
 
Security hardening of core AWS services
Security hardening of core AWS servicesSecurity hardening of core AWS services
Security hardening of core AWS servicesRuncy Oommen
 
Basic security and Barracuda VRS
Basic security and Barracuda VRSBasic security and Barracuda VRS
Basic security and Barracuda VRSAravindan A
 
WAF Deployment proposal
WAF Deployment proposalWAF Deployment proposal
WAF Deployment proposalJeremy Quadri
 

More Related Content

What's hot

Web Security Deployment
Web Security DeploymentWeb Security Deployment
Web Security DeploymentCisco Canada
 
Web Socket ASM support lior rotkovitch
Web Socket ASM support lior rotkovitchWeb Socket ASM support lior rotkovitch
Web Socket ASM support lior rotkovitchLior Rotkovitch
 
CloudFlare vs Incapsula vs ModSecurity
CloudFlare vs Incapsula vs ModSecurityCloudFlare vs Incapsula vs ModSecurity
CloudFlare vs Incapsula vs ModSecurityZero Science Lab
 
Best Practices Guide: Introducing Web Application Firewalls
Best Practices Guide: Introducing Web Application FirewallsBest Practices Guide: Introducing Web Application Firewalls
Best Practices Guide: Introducing Web Application Firewallsalexmeisel
 
Demystify aws networking create your virtual network on aws
Demystify aws networking create your virtual network on awsDemystify aws networking create your virtual network on aws
Demystify aws networking create your virtual network on awsJayDobariya6
 
Cloud Web Application Firewall - GlobalDots
Cloud Web Application Firewall - GlobalDotsCloud Web Application Firewall - GlobalDots
Cloud Web Application Firewall - GlobalDotsGlobalDots
 
F5 BigIP LTM Initial, Build, Install and Licensing.
F5 BigIP LTM Initial, Build, Install and Licensing.F5 BigIP LTM Initial, Build, Install and Licensing.
F5 BigIP LTM Initial, Build, Install and Licensing.Kapil Sabharwal
 
Introduction to Mod security session April 2016
Introduction to Mod security session April 2016Introduction to Mod security session April 2016
Introduction to Mod security session April 2016Rahul
 
F5 ASM HEALTH CHECKS
F5 ASM HEALTH CHECKSF5 ASM HEALTH CHECKS
F5 ASM HEALTH CHECKSMarco Essomba
 
0505 Windows Server 2008 一日精華營 Part II
0505 Windows Server 2008 一日精華營 Part II0505 Windows Server 2008 一日精華營 Part II
0505 Windows Server 2008 一日精華營 Part IITimothy Chen
 
2 what is the best firewall (sizing)
2 what is the best firewall (sizing)2 what is the best firewall (sizing)
2 what is the best firewall (sizing)Mostafa El Lathy
 
Enterprise Node - Securing Your Environment
Enterprise Node - Securing Your EnvironmentEnterprise Node - Securing Your Environment
Enterprise Node - Securing Your EnvironmentKurtis Kemple
 
Security hardening of core AWS services
Security hardening of core AWS servicesSecurity hardening of core AWS services
Security hardening of core AWS servicesRuncy Oommen
 

What's hot (20)

Web Security Deployment
Web Security DeploymentWeb Security Deployment
Web Security Deployment
 
Web Socket ASM support lior rotkovitch
Web Socket ASM support lior rotkovitchWeb Socket ASM support lior rotkovitch
Web Socket ASM support lior rotkovitch
 
CloudFlare vs Incapsula vs ModSecurity
CloudFlare vs Incapsula vs ModSecurityCloudFlare vs Incapsula vs ModSecurity
CloudFlare vs Incapsula vs ModSecurity
 
Cloudflare
CloudflareCloudflare
Cloudflare
 
Best Practices Guide: Introducing Web Application Firewalls
Best Practices Guide: Introducing Web Application FirewallsBest Practices Guide: Introducing Web Application Firewalls
Best Practices Guide: Introducing Web Application Firewalls
 
Novinky F5
Novinky F5Novinky F5
Novinky F5
 
F5 Web Application Security
F5 Web Application SecurityF5 Web Application Security
F5 Web Application Security
 
Demystify aws networking create your virtual network on aws
Demystify aws networking create your virtual network on awsDemystify aws networking create your virtual network on aws
Demystify aws networking create your virtual network on aws
 
Cloud Web Application Firewall - GlobalDots
Cloud Web Application Firewall - GlobalDotsCloud Web Application Firewall - GlobalDots
Cloud Web Application Firewall - GlobalDots
 
F5 BigIP LTM Initial, Build, Install and Licensing.
F5 BigIP LTM Initial, Build, Install and Licensing.F5 BigIP LTM Initial, Build, Install and Licensing.
F5 BigIP LTM Initial, Build, Install and Licensing.
 
F5 TMOS v13.0
F5 TMOS v13.0F5 TMOS v13.0
F5 TMOS v13.0
 
Introduction to Mod security session April 2016
Introduction to Mod security session April 2016Introduction to Mod security session April 2016
Introduction to Mod security session April 2016
 
F5 ASM HEALTH CHECKS
F5 ASM HEALTH CHECKSF5 ASM HEALTH CHECKS
F5 ASM HEALTH CHECKS
 
Azure F5 Solutions
Azure F5 SolutionsAzure F5 Solutions
Azure F5 Solutions
 
Understanding IIS
Understanding IISUnderstanding IIS
Understanding IIS
 
0505 Windows Server 2008 一日精華營 Part II
0505 Windows Server 2008 一日精華營 Part II0505 Windows Server 2008 一日精華營 Part II
0505 Windows Server 2008 一日精華營 Part II
 
F5 DDoS Protection
F5 DDoS ProtectionF5 DDoS Protection
F5 DDoS Protection
 
2 what is the best firewall (sizing)
2 what is the best firewall (sizing)2 what is the best firewall (sizing)
2 what is the best firewall (sizing)
 
Enterprise Node - Securing Your Environment
Enterprise Node - Securing Your EnvironmentEnterprise Node - Securing Your Environment
Enterprise Node - Securing Your Environment
 
Security hardening of core AWS services
Security hardening of core AWS servicesSecurity hardening of core AWS services
Security hardening of core AWS services
 

Similar to Barracuda WAF Deployment in Microsoft Azure

Basic security and Barracuda VRS
Basic security and Barracuda VRSBasic security and Barracuda VRS
Basic security and Barracuda VRSAravindan A
 
WAF Deployment proposal
WAF Deployment proposalWAF Deployment proposal
WAF Deployment proposalJeremy Quadri
 
Penetration Testing Report
Penetration Testing ReportPenetration Testing Report
Penetration Testing ReportAman Srivastava
 
Обход файрволов веб-приложений
Обход файрволов веб-приложенийОбход файрволов веб-приложений
Обход файрволов веб-приложенийPositive Hack Days
 
VMware vCloud Air: Networking
VMware vCloud Air: NetworkingVMware vCloud Air: Networking
VMware vCloud Air: NetworkingVMware
 
Dev ops &amp; laas fundamental
Dev ops &amp; laas fundamentalDev ops &amp; laas fundamental
Dev ops &amp; laas fundamentalKanin Kearpimy
 
V mware v sphere 5 fundamentals services kit
V mware v sphere 5 fundamentals services kitV mware v sphere 5 fundamentals services kit
V mware v sphere 5 fundamentals services kitsolarisyougood
 
E gov security_tut_session_4_lab
E gov security_tut_session_4_labE gov security_tut_session_4_lab
E gov security_tut_session_4_labMustafa Jarrar
 
Season 4 [Free OpManager training] Part1- Discovery and classification
Season 4 [Free OpManager training] Part1- Discovery and classificationSeason 4 [Free OpManager training] Part1- Discovery and classification
Season 4 [Free OpManager training] Part1- Discovery and classificationManageEngine, Zoho Corporation
 
UiPath_Orchestrtor_Upgrade_IAAS_PAAS.pptx
UiPath_Orchestrtor_Upgrade_IAAS_PAAS.pptxUiPath_Orchestrtor_Upgrade_IAAS_PAAS.pptx
UiPath_Orchestrtor_Upgrade_IAAS_PAAS.pptxRohit Radhakrishnan
 
The 3 Top Techniques for Web Security Testing Using a Proxy
The 3 Top Techniques for Web Security Testing Using a ProxyThe 3 Top Techniques for Web Security Testing Using a Proxy
The 3 Top Techniques for Web Security Testing Using a ProxyTEST Huddle
 
Cohesive networks Support Docs: VNS3:turret WAF Guide
Cohesive networks Support Docs: VNS3:turret WAF GuideCohesive networks Support Docs: VNS3:turret WAF Guide
Cohesive networks Support Docs: VNS3:turret WAF GuideCohesive Networks
 
Aikau testing tech talk live 83 20150204
Aikau testing tech talk live 83 20150204Aikau testing tech talk live 83 20150204
Aikau testing tech talk live 83 20150204David Webster
 
Isa2004 Configuration Guide
Isa2004 Configuration GuideIsa2004 Configuration Guide
Isa2004 Configuration Guideguest60864fc
 
Waf bypassing Techniques
Waf bypassing TechniquesWaf bypassing Techniques
Waf bypassing TechniquesAvinash Thapa
 

Similar to Barracuda WAF Deployment in Microsoft Azure (20)

Basic security and Barracuda VRS
Basic security and Barracuda VRSBasic security and Barracuda VRS
Basic security and Barracuda VRS
 
WAF Deployment proposal
WAF Deployment proposalWAF Deployment proposal
WAF Deployment proposal
 
Securing mobile user
Securing mobile userSecuring mobile user
Securing mobile user
 
WAF deployment
WAF deploymentWAF deployment
WAF deployment
 
Penetration Testing Report
Penetration Testing ReportPenetration Testing Report
Penetration Testing Report
 
Обход файрволов веб-приложений
Обход файрволов веб-приложенийОбход файрволов веб-приложений
Обход файрволов веб-приложений
 
VMware vCloud Air: Networking
VMware vCloud Air: NetworkingVMware vCloud Air: Networking
VMware vCloud Air: Networking
 
Dev ops &amp; laas fundamental
Dev ops &amp; laas fundamentalDev ops &amp; laas fundamental
Dev ops &amp; laas fundamental
 
V mware v sphere 5 fundamentals services kit
V mware v sphere 5 fundamentals services kitV mware v sphere 5 fundamentals services kit
V mware v sphere 5 fundamentals services kit
 
E gov security_tut_session_4_lab
E gov security_tut_session_4_labE gov security_tut_session_4_lab
E gov security_tut_session_4_lab
 
Season 4 [Free OpManager training] Part1- Discovery and classification
Season 4 [Free OpManager training] Part1- Discovery and classificationSeason 4 [Free OpManager training] Part1- Discovery and classification
Season 4 [Free OpManager training] Part1- Discovery and classification
 
Latest CAS News 2014
Latest CAS News 2014Latest CAS News 2014
Latest CAS News 2014
 
UiPath_Orchestrtor_Upgrade_IAAS_PAAS.pptx
UiPath_Orchestrtor_Upgrade_IAAS_PAAS.pptxUiPath_Orchestrtor_Upgrade_IAAS_PAAS.pptx
UiPath_Orchestrtor_Upgrade_IAAS_PAAS.pptx
 
CCNP Security-Firewall
CCNP Security-FirewallCCNP Security-Firewall
CCNP Security-Firewall
 
The 3 Top Techniques for Web Security Testing Using a Proxy
The 3 Top Techniques for Web Security Testing Using a ProxyThe 3 Top Techniques for Web Security Testing Using a Proxy
The 3 Top Techniques for Web Security Testing Using a Proxy
 
Cohesive networks Support Docs: VNS3:turret WAF Guide
Cohesive networks Support Docs: VNS3:turret WAF GuideCohesive networks Support Docs: VNS3:turret WAF Guide
Cohesive networks Support Docs: VNS3:turret WAF Guide
 
Aikau testing tech talk live 83 20150204
Aikau testing tech talk live 83 20150204Aikau testing tech talk live 83 20150204
Aikau testing tech talk live 83 20150204
 
Isa2004 Configuration Guide
Isa2004 Configuration GuideIsa2004 Configuration Guide
Isa2004 Configuration Guide
 
Waf bypassing Techniques
Waf bypassing TechniquesWaf bypassing Techniques
Waf bypassing Techniques
 
QualysGuard InfoDay 2013 - Web Application Firewall
QualysGuard InfoDay 2013 - Web Application FirewallQualysGuard InfoDay 2013 - Web Application Firewall
QualysGuard InfoDay 2013 - Web Application Firewall
 

More from Aravindan A

Application delivery
Application deliveryApplication delivery
Application deliveryAravindan A
 
Api sec demo_updated_v2
Api sec demo_updated_v2Api sec demo_updated_v2
Api sec demo_updated_v2Aravindan A
 
System administration
System administrationSystem administration
System administrationAravindan A
 
Advanced networking
Advanced networkingAdvanced networking
Advanced networkingAravindan A
 
Application delivery
Application deliveryApplication delivery
Application deliveryAravindan A
 
application security basics
application security basicsapplication security basics
application security basicsAravindan A
 
general protocol basics
general protocol basicsgeneral protocol basics
general protocol basicsAravindan A
 

More from Aravindan A (11)

Application delivery
Application deliveryApplication delivery
Application delivery
 
Api sec demo_updated_v2
Api sec demo_updated_v2Api sec demo_updated_v2
Api sec demo_updated_v2
 
System administration
System administrationSystem administration
System administration
 
Devops
DevopsDevops
Devops
 
Advanced networking
Advanced networkingAdvanced networking
Advanced networking
 
Reporting
ReportingReporting
Reporting
 
Logging intro
Logging introLogging intro
Logging intro
 
Application delivery
Application deliveryApplication delivery
Application delivery
 
Access control
Access controlAccess control
Access control
 
application security basics
application security basicsapplication security basics
application security basics
 
general protocol basics
general protocol basicsgeneral protocol basics
general protocol basics
 

Recently uploaded

ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKJago de Vreede
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)Samir Dash
 

Recently uploaded (20)

ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 

Barracuda WAF Deployment in Microsoft Azure

  • 1. Barracuda Web Application Firewall Securing cloud and hybrid deployments
  • 3. Licensing and Availability BringYour Own License / Pay asYou Go WAF with single NIC WAF with multi NIC WAFVMSS
  • 5. Template based provisioning GitHub Repository: https://github.com/barracudanetworks/waf-azure- templates
  • 6. Deployment Scenario 1. Deploying in existing vnet 2. Deploying in a new vnet 3. Deploying to protect PAAS 4. High Availability
  • 7. Configuration management using Puppet • Puppet Forge: https://forge.puppet.com/barracuda/cudawaf • Uses the Puppet Device implementation • Approved by Puppet Labs
  • 8. Puppet Device 2. Agent sends CSR for theWAF 3. Master accepts and signs request 4. Agent sendsWAF Facts 5. Master checks the facts and sends Catalog 6. AgentApplies CatalogPuppet Master Puppet Agent 1. Agent requests facts Facts
  • 9. Initial configuration • GUI : http://<ip>:8000/ or https://<ip>:8443/ • Username : admin
  • 10. Web Interface Access SECTIONS PAGES (relative to the sections) Instant Search Help
  • 12. BarracudaWeb Application Firewall Outbound InspectionInbound Inspection Comprehensive Application Security OWASPTop-10Attacks Application DDOS Proactive Defense ApplicationCloaking Geo-IP Control Data Loss Prevention Credit Card Numbers Social Security Number Custom Patterns
  • 13. Complete Integration with BVRS Application Testing at each step in a CI/CD process BVRS application scan vulnerability dataAutomatic WAF configuration and profiles via VRS
  • 14. Barracuda Vulnerability Remediation Service Cloud service for Vulnerability Assessment scanning - based on BVM Free Cloud Service Can be used independently (without WAF) Scans need validation : Email, Metatag, Text File, or TXT record.
  • 15. Web Application Firewall Modes • Passive Mode – Logs the attacks but allows traffic to pass through • Active Mode – Logs and blocks the attacks • Per Service configuration Web Server Eisenberg WAF Service_A (active) Service_B (passive) Logs Attack1 Attack2 Attack2 Attack blocked
  • 16. Stage 1: Security Policies – The 9 Sub- Policies Request Response Application Server Tommy
  • 17. Stage 2 : Advanced Security Response Application Server Tommy Request
  • 18. Stage 2.a : Allow/Deny Rules Response Application Server Tommy Request
  • 19. Stage 3 : Website Profiles (Learning) Response Application Server Tommy Request
  • 20. Website Profiles Overview • Specific rules to fine-tune the security settings of a service • URL profiles • Parameters profiles Tommy Reed WAF /cgi-bin/reg.cgi URL Profile /cgi-bin/reg.cgi Request Parameters Profile First Name • Input Field • Type Alpha • Max Char 16 Last Name • Input Field • Type Alpha • Max Char 16 /cgi-bin/reg.cgi Request Application Server Tommy Reed Can be learnt automatically
  • 21. Extended Match Rules • Specifically define which requests/responses need the rule applied • Conditions can be based on found parameters or elements • Used across multiple modules (not only Allow/Deny rules) Tommy Firefox 16 WAF USER-Agent co Firefox/16 Application Server URL Allow/Deny Rule Request Response 301 - Update_your_browser.html
  • 22. Extended Match Rules Configuration 1 2 3 4 5 Extended Match Widget 1. Open the Extended Match widget 2. Configure what to intercept 3. Insert condition in the Header Expression field 4. Apply/Close widget 5. 1 = highest priority
  • 23. URL Encryption • The WAF encrypts all URLs associated with the requested page • Requires no changes to the application • If encrypted URLs are manipulated or tampered with in subsequent requests, the requests are blocked and logged WAF Tommy Application Server http://bn.com Request http://bn.com Request http://bn.com/index.php?include=a.txt Response http://bn.com/d098duj0 Response
  • 24. Tuning Security Rules Configuration • BASIC > Web Firewall Logs • Review false positives and apply the fix • WEBSITES > Trusted Hosts • Configure a new group and apply it to a service • WEBSITES > Exception Profiling • Assign Exception Profile level to a service • WEBSITES > Exception Heuristics • Levels walkthrough Live Demo
  • 25. Application DDoS Attack Protection Topics Covered: • IP Reputation Filter • DDoS Policies • Slow Client Attack Prevention
  • 26. IP Reputation Filter • Filters traffic from specific geographic regions / categories toaservice • GeoPool • BarracudaReputation • TORNodes • AnonymousProxy • Satellite Provider WAF Requests Requests blocked Backend Servers
  • 27. DDoS Policies • Passively evaluate the clients to determine if they are suspicious or not • The client tagged as suspicious will be forced to answer a CAPTCHA • The suspicious client IP addresses will be remembered for 900 seconds BOT Request WAF Web Server Request ResponseResponse JS Request Request blocked Response C4PtcH4
  • 28. Slow Client Attack Prevention • Enforces requests / responses timeouts • Enforces requests / responses minimum data transfer rates • Prevents: • Slow HTTP headers vulnerability (Slowloris) • Slow HTTP POST vulnerability (R-U-Dead-Yet or RUDY) • Slow read DoS attack
  • 31. Troubleshooting • Configuration problems • Connectivity / Access problems • System problems

Editor's Notes

  1. The WAF protects applications by functioning as a reverse proxy – it intercepts all traffic and inspecting it for attacks blocking attacks BEFORE they reach your servers. It recognizes all kinds of obfuscations and attacks – and only allows traffic that conforms to security policies, both inbound and outbound. This protects your sites from all zero-day attacks as well. It protects custom code as well as third party-code, allowing customers to focus on their business. Because it’s also inspecting outbound traffic, the Barracuda Web Application Firewall also prevents leakage and theft of sensitive data, including server software information, credit cards, social security numbers, etc. With a Barracuda Web Application Firewall, customers get security and protection without having to make any lengthy and expensive changes to their application code or backend servers.