SlideShare a Scribd company logo

Net scaler appfw customer technical presentation dec 2012f

X
xKinAnx

Download & Share Technology Presentations http://goo.gl/k80oY0 Student Guide & Best http://goo.gl/6OkI77

Technology
1 of 74
Citrix NetScaler Application Firewall
© 2012 Citrix | Confidential – Do Not Distribute Agenda • Application security needs • NetScaler Application Firewall architecture and platforms • Application Firewall technology • Positive security model: Basic and Advanced modes • XML security • Other security features • Signatures • Reporting and management
© 2012 Citrix | Confidential – Do Not Distribute Threats to Apps and Networks Require Security to Adapt More complex apps and new threats (web 2.0) Consolidation across network and app security Disappearing network perimeter New regulations and compliance Drivers Integrated Application Access and Threat Management Fine-Grained Policies High Performance/Low Latency (in-line to all apps) Needs
© 2012 Citrix | Confidential – Do Not Distribute Maximum Application Performance Infrastructure Offload & Savings Complete Application Security LAN Mobile User • World-class L4-L7 load balancing • Intelligent service health monitoring • Caching • Compression • Connection pooling • SSL processing • Web 2.0 Push • Access Gateway SSL VPN • Application firewall High Application Availability Branch Web Application Delivery with NetScaler Integrated Module
© 2012 Citrix | Confidential – Do Not Distribute DDos SSL/VPNSSL WAF XML FW AAA SSO Reporting • 4th Gen Web App Firewall • Fastest App Firewall (12 Gbps) • Best Price-Performance NetScaler MPX, SDX and VPX • First to implement learning (Teros) • First to implement positive security • Fine-grained policy driven Convergence of Application Security Functions
© 2012 Citrix | Confidential – Do Not Distribute NetScaler WAF Approach • Build consistent security, access control, visibility and management for web apps and networks • Web App Firewall and integrated ADCs ideally suited for fine-grained policy enforcement • Flexibility for multiple environments: • On-Premise • Virtualized • Hosted/Cloud a access t threat networkapplication Compliance and VisibilityFine-grained Policies PerformanceandScaleL2-L7 Extensibility
© 2012 Citrix | Confidential – Do Not Distribute •Full function Web Application Firewall ● HTTP and XML attack protections ● Data theft protection ● Hybrid security model ● Rate controls, Rich AAA, policy-driven ● FIPS, Common Criteria and ICSA Certification •Centralized Management ● Software-based management console ● Fully automatable via APIs ● Role-based administration, fleet management •Fastest Web App Firewall (up to 12 Gbps) •Very low latency, inline deployment a access t threat networkapplication Compliance and VisibilityFine-grained Policies PerformanceandScaleL2-L7 Extensibility Key Highlights
© 2012 Citrix | Confidential – Do Not Distribute Internet Web App Users Legitimate traffic allowed through Application Attacks Blocked Citrix NetScaler Application Infrastructure Network Firewalls • Blocks dozens of day zero attack vectors o Includes CSRF, xPath Injection, XML attachment checks • Bi-directional inspection: advanced attack prevention • SSL traffic supported • Sustained protection to 12 Gbps • ICSA certified Where Is the Application Firewall Deployed?
© 2012 Citrix | Confidential – Do Not Distribute • NetScaler MPX and SDX • High-performance hardware appliance • Powers the web • Integrated within NetScaler or standalone options • NetScaler VPX • Virtual appliance • Runs on standard x86 hardware • Fast, inexpensive, flexible • XenServer, VMWare ESX, Hyper-V NetScaler Platforms NetScaler MPX NetScaler VPX
© 2012 Citrix | Confidential – Do Not Distribute Application Firewall MPX Platforms Throughput (Gbps) 5550 0.5 8400 1 .7 8600 2.3 13500 4.5 16500 6 .2 20500 8 .4 21550 12 500 MPX 5550 MPX 8400-8600 MPX 21550 MPX 13500-20500 Standalone Citrix Application Firewall Models
Technology Overview
© 2012 Citrix | Confidential – Do Not Distribute • Hybrid design • New Hardware Platforms • Fastest and broadest Web App FW on the market! • Infrastructure Enhancements • Advanced Policy Support • Optimized memory usage and integrated cache • Large post body handling • Dozens of Security Checks including: • CSRF, Learning, WSDL scan prevention, Attachment checks, XPath injection prevention, Congurable injection and XSS protections • Enhanced Manageability and Ease of Use • Learning visualizer, Web services Monitoring, CC manageability and reporting improvements, Built-in profiles NetScaler Application Firewall
© 2012 Citrix | Confidential – Do Not Distribute Application Firewall Characteristics Deep Stream Inspection ● Bi-directional analysis ● Header and payload inspection ● Full parsing ● Semantic extraction ● Sessionization Strong Hybrid Security Model ● Positive Security Model ● Signature scanning ● Unique Response Tagging Functionality Easy Deployment ● Learning Mode to ease deployment ● Visualizer to manage rules 1100101100 0001101100 10000000111 11001 100001000111 110001 HTML/XM L
© 2012 Citrix | Confidential – Do Not Distribute INTERNAL Data Flow Process NetScaler Web Applications Database 1. Client Request http://www.site.com/ EXTERNAL 2. Request Inspections 3. Client Request www.site.com 4. Server Response www.site.com5. Response Inspections 6. Server Response http://www.site.com/ • Start URLs • XSS • SQL Injection • Field Consistency • Buffer Overflow • Credit Cards • SAFE Object
© 2012 Citrix | Confidential – Do Not Distribute Full ADC Integration
© 2012 Citrix | Confidential – Do Not Distribute • Profiles • Enable Basic or Advanced defaults • Consists of Security Settings • Policies • Directs traffic to profiles • Matches on request or response parameters Customizable Profiles and Policy
© 2012 Citrix | Confidential – Do Not Distribute Complete Web App Protection with Learning
Positive Security
© 2012 Citrix | Confidential – Do Not Distribute Easy Deployment Mode • Protects against • SQL Injection • Cross Site Scripting • Cross site Request Forgery (Referrer header) • Forceful Browsing (Start/Deny URLs) • Buffer Overflow • Form Field Formatting • No sessionization required • Learning aided deployment Basic Defaults – Positive Security Model
© 2012 Citrix | Confidential – Do Not Distribute SQL Injection attacks How this might be done:  User enters data into a form on a web page  The application sends this as part of an SQL query to the back end database Item Number: Item Lookup Enter Desired Item Number SUBMIT 1234’ or ‘1=1 … select item-detail … WHERE itemnum=1234’ or ‘1=1 SUBMIT
© 2012 Citrix | Confidential – Do Not Distribute Cross-site Scripting (XSS) Attacks Attacking trust relationships Cross-Site Scripting: Inserting a malicious script that compromises the trust relationship between a user and a Web application, resulting in sending an attacker confidential information that can be used to steal that user’s identity. Innocent user downloads script and executes 2 Hacker posts <malicious script> to vulnerable Web application 1 3 Script captures credential info and sends to hacker
© 2012 Citrix | Confidential – Do Not Distribute Cross Site Request Forgery Attacks • Protection actions – • Verify Referrer headers • Tag each form with unique token and verify on form submission. • . Evil.com makes request to application using user’s session credentials 3 2 User visits evil.com in another browser window evil.com User logs in and creates session with web application 1 Attacking trust relationships
© 2012 Citrix | Confidential – Do Not Distribute CSRF: Referrer Header Protection bank.com blog.net https://bank.com/transfer.htm <form action=transfer.asp> <input type=text name=“from”> <input type=text name=“to”> ….. </form> https://bank.com/transfer.asp?amount=1000&from=good&to=bad Cookie: auth=good Referer: blog.net X
© 2012 Citrix | Confidential – Do Not Distribute Forceful Browsing •Forceful Browsing Attack – Manipulating request URLs to gain access to content you are not entitled to see. Brute-force penetration of the infrastructure Paris Hilton's Sidekick hacked …hacker Nicolas Jacobsen pled guilty to a single charge of intentionally accessing a protected computer and recklessly causing damage. Jacobsen was arrested by US authorities last October, but had had access to T-Mobile's servers for more than a year. He reportedly amused himself by accessing US Secret Service email, and raiding other Sidekick users' accounts. I got hacked…
© 2012 Citrix | Confidential – Do Not Distribute Buffer Overflow Protection Hacker Buffer Overflow Attack Application Platform OS Gain application Privileges Gain platform privileges Gain root server access Prevent hackers from gaining unauthorized system privileges Application Firewall limits input parameter sizes for:  URLs  Headers  Cookies Application Server Internet
© 2012 Citrix | Confidential – Do Not Distribute Advanced Defaults • Session based enables additional protections • Cookie • Form Field Consistency • URL Closure protection • Tag Based Cross Site Request Forgery • Includes all basic protections Session-based Protection with Advanced Defaults
© 2012 Citrix | Confidential – Do Not Distribute Cookie Poisoning defense: Prevents identity theft and session hijacking Client returns cookie to server Web server sends client cookie Application Firewall verifies that cookies have not been modified by client
© 2012 Citrix | Confidential – Do Not Distribute Cookie Attack Protection – Encrypt Cookies • Encrypt only session cookies (non-persistent) or all application cookies. • AES-192 encryption. 1 2
© 2012 Citrix | Confidential – Do Not Distribute Cookie Attack Protection – Proxy Cookies Replace all server cookies with a single App Firewall session cookie
© 2012 Citrix | Confidential – Do Not Distribute Cookie Attack Protection – Flag Cookies • HTTP Only – Make cookie unavailable to JavaScript • Secure – Cookie submitted only for HTTPS URLs • All – Both attributes are added to the Set-Cookie header
© 2012 Citrix | Confidential – Do Not Distribute CSRF: Form Tagging Protection bank.com blog.net https://bank.com/transfer.htm <form action=transfer.asp> <input type=text name=“from”> <input type=text name=“to”> ….. <input type=‘hidden’ as_fid=“UNIQUE_ID”> </form> https://bank.com/transfer.asp?amount=1000&from=good&to=bad Cookie: auth=good X
© 2012 Citrix | Confidential – Do Not Distribute HTML Form Field Protection Client completes and returns form Application sends form to client Protect applications by blocking malicious and illegal input parameters For each user session AppFw ensures that: 1. Each field is returned 2. No fields were added by client 3. Read-only and hidden fields are unaltered 4. Data in drop-down list or radio button field conforms 5. Max length of form fields is adhered to
XML Security
© 2012 Citrix | Confidential – Do Not Distribute • XML Security • Threat Protection • Content Validation • Data Leak Prevention • Reporting and Monitoring • Secures all flavors of XML Applications (not just SOAP) • Single devices for XML, HTML and Web 2.0 applications security • Check types are categories as HTML, XML or Common • Block, Log and Statistics can be enable for all checks. Integrated HTML and XML Security
© 2012 Citrix | Confidential – Do Not Distribute Advanced XML Capabilities • Web Services Monitoring • Fast XPath Switching for XML/JSON • XML Security Enhancements • XML Attachment filtering • Entity Expansion Attack • SOAP Fault Filtering • WSDL Scanning • Learning • XPath Injection • DTD Validation • SQL and XSS learning
© 2012 Citrix | Confidential – Do Not Distribute Message Validation - XML Schema Why Schema?  agreeing on formats  Tool building: know what the data will be before the first instance shows up  Validation: make sure we got what we expected <?xml version="1.0" encoding="UTF-8"?> <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"> <xs:element name="Author"> <xs:sequence> <xs:element name="FirstName" type="xs:string" /> <xs:element name="LastName" type="xs:string" /> </xs:complexType> </xs:element> </xs:schema> <?xml version="1.0"?> <Author > <FirstName>Mark</FirstName> <LastName>Twain</LastName> </Author>
© 2012 Citrix | Confidential – Do Not Distribute XML DoS: Prevent SOAP Array abuse attacks
Additional Security Measures
© 2012 Citrix | Confidential – Do Not Distribute Click to Rule Application Firewall  Application Firewall relaxation rules can now be deployed from the logs  The logs must be in CEF log format  Convenient option to relax a rule blocking a legitimate request
© 2012 Citrix | Confidential – Do Not Distribute • Log using CEF-based logs • Mar 15 16:48:14 <local0.info> 10.90.196.150 CEF:0|Citrix|NetScaler|NS10.0|APPFW|APPFW_STARTURL|6| src=10.90.33.39 spt=52737 method=GET request=http://10.90.196.152/ msg=Disallow Illegal URL. cn1=69 cn2=3999 cs1=Application_Firewall_Profile cs2=PPE2 cs3=edw9DRH/XRTNya64AIYNZM1sgfUA020 cs4=ALERT cs5=2012 act=blocked • Easy integration with numerous vendors that support CEF format Common Event Format Logging Support
© 2012 Citrix | Confidential – Do Not Distribute • Chunking occurs regularly when the server is returning a large volume of data • POST Requests containing large volumes of data may be chunked by the client • Required for many Applications including those for iPhones • Requests with Chunking can be parsed Chunked POST Request Support
© 2012 Citrix | Confidential – Do Not Distribute Business Object Protection Modules Financial Theft Prevention Prevent the inadvertent disclosure of customer or corporate data Configurable Protections Credit Card Numbers Customer-defined Data Objects Mastercard 5168701720999598 5487106695039822 5374247346295037 5229226821960783 5120772245608565 5418244166026814 5214846392378060 5593219822414122 5302495774841718 5141463445796112 VISA 4532804852500010 4328380488186126 4532740912246923 4716318594729561 4916022347049263 4929693453925879 4916392627322353 4485495924283904 4532203936162055 4916164014266109 Mastercard XXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXX VISA XXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXX Server: Msg 547, Level 16, State 1, Procedure error_demo_sp, Line 2 UPDATE statement conflicted with COLUMN FOREIGN KEY constraint 'fk7_acc_cur'. The conflict occurred in database 'bos_sommar', table 'currencies', column 'curcode'. The statement has been terminated.
© 2012 Citrix | Confidential – Do Not Distribute Customizable Injection Patterns • Ability to add / delete keywords for SQL/ XSS • Generic: Any other injection attack pattern like Xpath Injection • Customizable per firewall profile • Built-in file available as template - <!-- Default SQL/XSS parameters  --> - <AppFwCustomSettings> - <!-- SQL injection parameters  --> - <injection> - <!-- SQL keywords  -->   <keyword>select</keyword>   <keyword>insert</keyword>   <keyword>delete</keyword>   <keyword>update</keyword>   <keyword>drop</keyword>   <keyword>create2</keyword>   <keyword>alter</keyword>   <keyword>grant</keyword>   <keyword>revoke</keyword>   <keyword>commit</keyword>   <keyword>rollback</keyword>   <keyword>shutdown</keyword> …
© 2012 Citrix | Confidential – Do Not Distribute XDOS Protection ᵒ XmlMaxElementDepthCheck: ᵒ XmlMaxElementNameLengthCheck: ᵒ XmlMaxElementsCheck: ᵒ XmlMaxElementChildrenCheck: ᵒ XmlMaxAttributesCheck: ᵒ XmlMaxAttributeNameLengthCheck: ᵒ XmlMaxAttributeValueLengthCheck: ᵒ XmlMaxCDATALengthCheck: ᵒ XmlMaxFileSizeCheck: ᵒ XmlMinFileSizeCheck: • Usage: ᵒ Add appfw profile pr1 ᵒ Set appfw profile pr1 –xmldosaction block ᵒ Bind appfw profile pr1 –xmldosurl .* - XmlMaxFileSizeCheck on –xmlmaxfilesize 500
© 2012 Citrix | Confidential – Do Not Distribute AppExpert Templates • App Firewall templates for • Microsoft SharePoint • Web Interface • Cuts deployment times from days to minutes • Comprehensively defines applications • Consolidates app-specific configuration in one place • Simplifies ongoing lifecycle management
© 2012 Citrix | Confidential – Do Not Distribute • AppExpert template available for Application Firewall protections for Citrix Web Interface • Simplified deployment support that include customized and older versions AppExpert Template for Web Interface
© 2012 Citrix | Confidential – Do Not Distribute URL Transform 51
© 2012 Citrix | Confidential – Do Not Distribute AppExpert Rate Controls help isolate critical application resources User(s) • IP Address • IP Range/Subnet • Cookie Value • Wildcards • Any header or payload… Object • Vserver IP • URL/URI • Image • File • Any header or payload… TimeRate • Requests • Packets • Bandwidth • Measured in milliseconds • Throttle • Invoke Policy • Responder • Rewrite • Cache • etc. • Alert • Log • Trap Action 
© 2012 Citrix | Confidential – Do Not Distribute • Authentication servers : LDAP, RADIUS, TACACS, NT4, Smart card, Certificate based • Two factor, Dual passwords, Cascading • User / group awareness • Fine grained policy based control • Full Audit trail • SSO: Basic, Digest, NTLM AAA for application traffic offloads authentication
Signatures
© 2012 Citrix | Confidential – Do Not Distribute Hybrid Security Model • Signatures for known attacks  Easy deployment, Quick PoC  Checks request headers (URL, cookies, etc) and body (form fields)  Integrates with scanning tools  Wizard to ease configuration  Scans thousands of signatures at wire speeds • Mix-and-match with positive security  Defense against zero-day attacks  Defense against custom attacks  Strongest security posture
© 2012 Citrix | Confidential – Do Not Distribute Signature Protection for Application Firewall Enable Signature Protection 1. Tune Signatures 2. Enable Advanced Security 3. Tune Security Policies 4. Comprehensive Application Protection • Simplifies detection against known application vulnerabilities • Shortens Application Firewall deployment cycle • Updated signatures every 4-6 weeks • Signatures based on public vulnerability databases (e.g. Snort, CVE, Bugtraq, etc.)
© 2012 Citrix | Confidential – Do Not Distribute •URLs/VIPs etc •App Type •App Characteristics Specify your Application •Select Relevant Signatures Enable Signature Protections •Proceed to optional tuning Done with initial AppFw configuration •Tune Settings (Block, Log etc) Tune Signatures • Specify vulnerable app slice • Select Deep Protections • Tune Settings • Configure Exceptions Enable Deep Protections •Transition to production workflow Done with AppFw setup Optional Steps Hybrid Security Model Workflow to enable AppFW for an Application • SQL Injection • Cross Site Scripting • Buffer Overflow • …
© 2012 Citrix | Confidential – Do Not Distribute React to Application Changes • Tune Signatures • Tune Deep Protections Protect Additional App Slices Diagnose AppFW violations, errors • Reports • Logs • Stats Manage Signature Updates Protect Against Vulnerabilities Identified by Scans Workflow to Manage/Maintain AppFW Protections
© 2012 Citrix | Confidential – Do Not Distribute Set up Application Protection in 3 easy steps
© 2012 Citrix | Confidential – Do Not Distribute Set actions
© 2012 Citrix | Confidential – Do Not Distribute Set up additional protections, if desired
© 2012 Citrix | Confidential – Do Not Distribute Signature Maintenance/Updates • Based on SNORT • Partnership with SourceFire to provide signatures • Can be updated without changing build • Open format for signature files • Signature versioning • Automatic identification of “new” signatures
© 2012 Citrix | Confidential – Do Not Distribute Intuitive Signature Management
© 2012 Citrix | Confidential – Do Not Distribute Signature Support for Rapid Deployment
© 2012 Citrix | Confidential – Do Not Distribute • NetScaler provides SNORT signatures converted into NetScaler native format • Import into NetScaler • Click and choose which application rules apply and whether to block or log • Deploy How Does It Work – SNORT® signatures?
© 2012 Citrix | Confidential – Do Not Distribute Integration with Vulnerability Assessment Tools Protected website Run periodic scans Import vulnerability file into NetScaler
© 2012 Citrix | Confidential – Do Not Distribute Configuring Response Side Checks • Flexibly add more rules in signatures vs. traditional checks • Rules include credit cards, comments stripping and safe objects
Management and Reporting
© 2012 Citrix | Confidential – Do Not Distribute Manageability and Ease of Use - Learning • Rule Recommendation Engine in learning mode
© 2012 Citrix | Confidential – Do Not Distribute Manageability and Ease of Use – Rule Visualizer
© 2012 Citrix | Confidential – Do Not Distribute Application Visualizer - Manage Configuration Drift View /Resolve Config Drifts View Overlay and Detailed Stats
© 2012 Citrix | Confidential – Do Not Distribute Reporting Dashboard of top Application Firewall information – for quick security summary Ability to create custom reports for specific violations, client IPs, profiles etc.
© 2012 Citrix | Confidential – Do Not Distribute Visibility and Reporting with Splunk for NetScaler • Splunk App for NetScaler • Available at SplunkBase • http://www.splunkbase.com/apps/All/4.x/Add-On/app:Splunk+for+Citrix+NetScaler • Case Study: FreshDirect • http://www.splunk.com/view/case-study-fresh-direct/SP-CAAACDB
© 2012 Citrix | Confidential – Do Not Distribute • Analyze App Firewall configuration against PCI- DSS requirements • Executive summary of Application Firewall configuration Full PCI v1.2 Compliance Report
© 2012 Citrix | Confidential – Do Not Distribute • Ability to push configuration changes to Cluster • Support all-or-none: don’t leave any node in semi-configured state • Ability to identify configuration mismatch between nodes • Notify admin of mismatch • Support ability to remove mismatch and get nodes back into sync. • Reporting of group of devices as a single entity Command Center Cluster Management
© 2012 Citrix | Confidential – Do Not Distribute Auditing • Full administrative audit trail  All management operations logged • Full user activity audit trail  All session activity  All network flows • All system events logged • Support for external logging servers
© 2012 Citrix | Confidential – Do Not Distribute • Comprehensive Application Firewall offering • Compelling standalone WAF • Fully integrated into overall ADC offering • Industry leading feature set • Fastest Application Firewall in the market • Best price-performance • Broadest product lineup for all throughput requirements • 500 Mbps – 12 Gbps • Pay-as-you-grow • Flexibility via both MPX and VPX offerings • Broad technology eco-system and partnerships Summary
Work better. Live better.

Recommended

15 intro to ssl certificate &amp; pki concept
15 intro to ssl certificate &amp; pki concept15 intro to ssl certificate &amp; pki concept
15 intro to ssl certificate &amp; pki conceptMostafa El Lathy
 
Aruba Networks - Overview ClearPass
Aruba Networks - Overview ClearPassAruba Networks - Overview ClearPass
Aruba Networks - Overview ClearPassPaulo Eduardo Sibalde
 
Access Management with Aruba ClearPass
Access Management with Aruba ClearPassAccess Management with Aruba ClearPass
Access Management with Aruba ClearPassAruba, a Hewlett Packard Enterprise company
 
Advanced ClearPass Workshop
Advanced ClearPass WorkshopAdvanced ClearPass Workshop
Advanced ClearPass WorkshopAruba, a Hewlett Packard Enterprise company
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CKArpan Raval
 
Kubernetes Security
Kubernetes SecurityKubernetes Security
Kubernetes SecurityKarthik Gaekwad
 
Azure Key Vault - Getting Started
Azure Key Vault - Getting StartedAzure Key Vault - Getting Started
Azure Key Vault - Getting StartedTaswar Bhatti
 
Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)Anwesh Dixit
 

Recommended

15 intro to ssl certificate &amp; pki concept
15 intro to ssl certificate &amp; pki concept15 intro to ssl certificate &amp; pki concept
15 intro to ssl certificate &amp; pki conceptMostafa El Lathy
 
Aruba Networks - Overview ClearPass
Aruba Networks - Overview ClearPassAruba Networks - Overview ClearPass
Aruba Networks - Overview ClearPassPaulo Eduardo Sibalde
 
Access Management with Aruba ClearPass
Access Management with Aruba ClearPassAccess Management with Aruba ClearPass
Access Management with Aruba ClearPassAruba, a Hewlett Packard Enterprise company
 
Advanced ClearPass Workshop
Advanced ClearPass WorkshopAdvanced ClearPass Workshop
Advanced ClearPass WorkshopAruba, a Hewlett Packard Enterprise company
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CKArpan Raval
 
Kubernetes Security
Kubernetes SecurityKubernetes Security
Kubernetes SecurityKarthik Gaekwad
 
Azure Key Vault - Getting Started
Azure Key Vault - Getting StartedAzure Key Vault - Getting Started
Azure Key Vault - Getting StartedTaswar Bhatti
 
Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)Anwesh Dixit
 
Palo alto networks next generation firewalls
Palo alto networks next generation firewallsPalo alto networks next generation firewalls
Palo alto networks next generation firewallsCastleforce
 
Getting Started with Infrastructure as Code
Getting Started with Infrastructure as CodeGetting Started with Infrastructure as Code
Getting Started with Infrastructure as CodeWinWire Technologies Inc
 
Presentation de NeuVector 5.0
Presentation de NeuVector 5.0Presentation de NeuVector 5.0
Presentation de NeuVector 5.0SUSE
 
Azure vnet
Azure vnetAzure vnet
Azure vnetzekeLabs Technologies
 
Microservices With Istio Service Mesh
Microservices With Istio Service MeshMicroservices With Istio Service Mesh
Microservices With Istio Service MeshNatanael Fonseca
 
NetScaler ADC - Customer Overview
NetScaler ADC - Customer OverviewNetScaler ADC - Customer Overview
NetScaler ADC - Customer OverviewMichelle Guerrero Montalvo
 
Advanced Access Management with Aruba ClearPass #AirheadsConf Italy
Advanced Access Management with Aruba ClearPass #AirheadsConf ItalyAdvanced Access Management with Aruba ClearPass #AirheadsConf Italy
Advanced Access Management with Aruba ClearPass #AirheadsConf ItalyAruba, a Hewlett Packard Enterprise company
 
Hashicorp Vault: Open Source Secrets Management at #OPEN18
Hashicorp Vault: Open Source Secrets Management at #OPEN18Hashicorp Vault: Open Source Secrets Management at #OPEN18
Hashicorp Vault: Open Source Secrets Management at #OPEN18Kangaroot
 
Az 104 session 6 azure networking part2
Az 104 session 6 azure networking part2Az 104 session 6 azure networking part2
Az 104 session 6 azure networking part2AzureEzy1
 
ClearPass Overview
ClearPass OverviewClearPass Overview
ClearPass OverviewJoAnna Cheshire
 
Tacacs
TacacsTacacs
Tacacs1 2d
 
ClearPass Policy Model - An Introduction
ClearPass Policy Model - An IntroductionClearPass Policy Model - An Introduction
ClearPass Policy Model - An IntroductionAruba, a Hewlett Packard Enterprise company
 
Fortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationFortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationNCS Computech Ltd.
 
Introduction to Vault
Introduction to VaultIntroduction to Vault
Introduction to VaultKnoldus Inc.
 
ISE-802.1X-MAB
ISE-802.1X-MABISE-802.1X-MAB
ISE-802.1X-MABEmerson Barros Rivas
 
4_Session 1- Universal ZTNA.pptx
4_Session 1- Universal ZTNA.pptx4_Session 1- Universal ZTNA.pptx
4_Session 1- Universal ZTNA.pptxaungyekhant1
 
HashiCorp Brand Guide
HashiCorp Brand GuideHashiCorp Brand Guide
HashiCorp Brand GuideHashiCorp
 
Container Runtime Security with Falco
Container Runtime Security with FalcoContainer Runtime Security with Falco
Container Runtime Security with FalcoMichael Ducy
 
Google Cloud Networking Deep Dive
Google Cloud Networking Deep DiveGoogle Cloud Networking Deep Dive
Google Cloud Networking Deep DiveMichelle Holley
 
Identity and Access Management Introduction
Identity and Access Management IntroductionIdentity and Access Management Introduction
Identity and Access Management IntroductionAidy Tificate
 
Cloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud SecurityCloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud SecurityIBM Security
 
Faster, simpler, more secure remote access to apps in aws
Faster, simpler, more secure remote access to apps in awsFaster, simpler, more secure remote access to apps in aws
Faster, simpler, more secure remote access to apps in awsZscaler
 

More Related Content

What's hot

Palo alto networks next generation firewalls
Palo alto networks next generation firewallsPalo alto networks next generation firewalls
Palo alto networks next generation firewallsCastleforce
 
Getting Started with Infrastructure as Code
Getting Started with Infrastructure as CodeGetting Started with Infrastructure as Code
Getting Started with Infrastructure as CodeWinWire Technologies Inc
 
Presentation de NeuVector 5.0
Presentation de NeuVector 5.0Presentation de NeuVector 5.0
Presentation de NeuVector 5.0SUSE
 
Microservices With Istio Service Mesh
Microservices With Istio Service MeshMicroservices With Istio Service Mesh
Microservices With Istio Service MeshNatanael Fonseca
 
Hashicorp Vault: Open Source Secrets Management at #OPEN18
Hashicorp Vault: Open Source Secrets Management at #OPEN18Hashicorp Vault: Open Source Secrets Management at #OPEN18
Hashicorp Vault: Open Source Secrets Management at #OPEN18Kangaroot
 
Az 104 session 6 azure networking part2
Az 104 session 6 azure networking part2Az 104 session 6 azure networking part2
Az 104 session 6 azure networking part2AzureEzy1
 
Tacacs
TacacsTacacs
Tacacs1 2d
 
Fortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationFortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationNCS Computech Ltd.
 
Introduction to Vault
Introduction to VaultIntroduction to Vault
Introduction to VaultKnoldus Inc.
 
4_Session 1- Universal ZTNA.pptx
4_Session 1- Universal ZTNA.pptx4_Session 1- Universal ZTNA.pptx
4_Session 1- Universal ZTNA.pptxaungyekhant1
 
HashiCorp Brand Guide
HashiCorp Brand GuideHashiCorp Brand Guide
HashiCorp Brand GuideHashiCorp
 
Container Runtime Security with Falco
Container Runtime Security with FalcoContainer Runtime Security with Falco
Container Runtime Security with FalcoMichael Ducy
 
Google Cloud Networking Deep Dive
Google Cloud Networking Deep DiveGoogle Cloud Networking Deep Dive
Google Cloud Networking Deep DiveMichelle Holley
 
Identity and Access Management Introduction
Identity and Access Management IntroductionIdentity and Access Management Introduction
Identity and Access Management IntroductionAidy Tificate
 

What's hot (20)

Palo alto networks next generation firewalls
Palo alto networks next generation firewallsPalo alto networks next generation firewalls
Palo alto networks next generation firewalls
 
Getting Started with Infrastructure as Code
Getting Started with Infrastructure as CodeGetting Started with Infrastructure as Code
Getting Started with Infrastructure as Code
 
Presentation de NeuVector 5.0
Presentation de NeuVector 5.0Presentation de NeuVector 5.0
Presentation de NeuVector 5.0
 
Azure vnet
Azure vnetAzure vnet
Azure vnet
 
Microservices With Istio Service Mesh
Microservices With Istio Service MeshMicroservices With Istio Service Mesh
Microservices With Istio Service Mesh
 
NetScaler ADC - Customer Overview
NetScaler ADC - Customer OverviewNetScaler ADC - Customer Overview
NetScaler ADC - Customer Overview
 
Advanced Access Management with Aruba ClearPass #AirheadsConf Italy
Advanced Access Management with Aruba ClearPass #AirheadsConf ItalyAdvanced Access Management with Aruba ClearPass #AirheadsConf Italy
Advanced Access Management with Aruba ClearPass #AirheadsConf Italy
 
Hashicorp Vault: Open Source Secrets Management at #OPEN18
Hashicorp Vault: Open Source Secrets Management at #OPEN18Hashicorp Vault: Open Source Secrets Management at #OPEN18
Hashicorp Vault: Open Source Secrets Management at #OPEN18
 
Az 104 session 6 azure networking part2
Az 104 session 6 azure networking part2Az 104 session 6 azure networking part2
Az 104 session 6 azure networking part2
 
ClearPass Overview
ClearPass OverviewClearPass Overview
ClearPass Overview
 
Tacacs
TacacsTacacs
Tacacs
 
ClearPass Policy Model - An Introduction
ClearPass Policy Model - An IntroductionClearPass Policy Model - An Introduction
ClearPass Policy Model - An Introduction
 
Fortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationFortinet FortiOS 5 Presentation
Fortinet FortiOS 5 Presentation
 
Introduction to Vault
Introduction to VaultIntroduction to Vault
Introduction to Vault
 
ISE-802.1X-MAB
ISE-802.1X-MABISE-802.1X-MAB
ISE-802.1X-MAB
 
4_Session 1- Universal ZTNA.pptx
4_Session 1- Universal ZTNA.pptx4_Session 1- Universal ZTNA.pptx
4_Session 1- Universal ZTNA.pptx
 
HashiCorp Brand Guide
HashiCorp Brand GuideHashiCorp Brand Guide
HashiCorp Brand Guide
 
Container Runtime Security with Falco
Container Runtime Security with FalcoContainer Runtime Security with Falco
Container Runtime Security with Falco
 
Google Cloud Networking Deep Dive
Google Cloud Networking Deep DiveGoogle Cloud Networking Deep Dive
Google Cloud Networking Deep Dive
 
Identity and Access Management Introduction
Identity and Access Management IntroductionIdentity and Access Management Introduction
Identity and Access Management Introduction
 

Similar to Net scaler appfw customer technical presentation dec 2012f

Cloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud SecurityCloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud SecurityIBM Security
 
Faster, simpler, more secure remote access to apps in aws
Faster, simpler, more secure remote access to apps in awsFaster, simpler, more secure remote access to apps in aws
Faster, simpler, more secure remote access to apps in awsZscaler
 
Subscribed 2015: Architecture, Security, Scalability
Subscribed 2015: Architecture, Security, ScalabilitySubscribed 2015: Architecture, Security, Scalability
Subscribed 2015: Architecture, Security, ScalabilityZuora, Inc.
 
f5_synthesis_cisco_connect.pdf
f5_synthesis_cisco_connect.pdff5_synthesis_cisco_connect.pdf
f5_synthesis_cisco_connect.pdfGrigoryShkolnik1
 
Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?Cisco Canada
 
Cloud Security: A New Perspective
Cloud Security: A New PerspectiveCloud Security: A New Perspective
Cloud Security: A New PerspectiveWen-Pai Lu
 
Simplifying User Access with NetScaler SDX and CA Single Sign-on
Simplifying User Access with NetScaler SDX and CA Single Sign-on Simplifying User Access with NetScaler SDX and CA Single Sign-on
Simplifying User Access with NetScaler SDX and CA Single Sign-onCA Technologies
 
Citirx Day 2013: Citrix Enterprise Mobility
Citirx Day 2013: Citrix Enterprise MobilityCitirx Day 2013: Citrix Enterprise Mobility
Citirx Day 2013: Citrix Enterprise MobilityDigicomp Academy AG
 
F5 Synthesis Toronto February 2014 Roadshow
F5 Synthesis Toronto February 2014 RoadshowF5 Synthesis Toronto February 2014 Roadshow
F5 Synthesis Toronto February 2014 Roadshowpatmisasi
 
00. introduction to app sec v3
00. introduction to app sec v300. introduction to app sec v3
00. introduction to app sec v3Eoin Keary
 
Sam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload SecuritySam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload Securitycentralohioissa
 
Enter The Matrix Securing Azure’s Assets
Enter The Matrix Securing Azure’s AssetsEnter The Matrix Securing Azure’s Assets
Enter The Matrix Securing Azure’s AssetsBizTalk360
 
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017Micro Focus
 
PLNOG 22 - Sebastian Grabski - Is your network ready for application from the...
PLNOG 22 - Sebastian Grabski - Is your network ready for application from the...PLNOG 22 - Sebastian Grabski - Is your network ready for application from the...
PLNOG 22 - Sebastian Grabski - Is your network ready for application from the...PROIDEA
 
Using NetScaler Insight to Troubleshoot Network and Server Performance Issues
Using NetScaler Insight to Troubleshoot Network and Server Performance IssuesUsing NetScaler Insight to Troubleshoot Network and Server Performance Issues
Using NetScaler Insight to Troubleshoot Network and Server Performance IssuesDavid McGeough
 
Security and Privacy in the AWS Cloud - AWS India Summit 2012
Security and Privacy in the AWS Cloud - AWS India Summit 2012Security and Privacy in the AWS Cloud - AWS India Summit 2012
Security and Privacy in the AWS Cloud - AWS India Summit 2012Amazon Web Services
 
Cloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud ServicesCloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud ServicesCloud Standards Customer Council
 

Similar to Net scaler appfw customer technical presentation dec 2012f (20)

Cloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud SecurityCloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud Security
 
Faster, simpler, more secure remote access to apps in aws
Faster, simpler, more secure remote access to apps in awsFaster, simpler, more secure remote access to apps in aws
Faster, simpler, more secure remote access to apps in aws
 
CLOUD ZERO TRUST MODEL
CLOUD ZERO TRUST MODELCLOUD ZERO TRUST MODEL
CLOUD ZERO TRUST MODEL
 
Subscribed 2015: Architecture, Security, Scalability
Subscribed 2015: Architecture, Security, ScalabilitySubscribed 2015: Architecture, Security, Scalability
Subscribed 2015: Architecture, Security, Scalability
 
f5_synthesis_cisco_connect.pdf
f5_synthesis_cisco_connect.pdff5_synthesis_cisco_connect.pdf
f5_synthesis_cisco_connect.pdf
 
Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?
 
Cloud Security: A New Perspective
Cloud Security: A New PerspectiveCloud Security: A New Perspective
Cloud Security: A New Perspective
 
Simplifying User Access with NetScaler SDX and CA Single Sign-on
Simplifying User Access with NetScaler SDX and CA Single Sign-on Simplifying User Access with NetScaler SDX and CA Single Sign-on
Simplifying User Access with NetScaler SDX and CA Single Sign-on
 
Citirx Day 2013: Citrix Enterprise Mobility
Citirx Day 2013: Citrix Enterprise MobilityCitirx Day 2013: Citrix Enterprise Mobility
Citirx Day 2013: Citrix Enterprise Mobility
 
F5 Synthesis Toronto February 2014 Roadshow
F5 Synthesis Toronto February 2014 RoadshowF5 Synthesis Toronto February 2014 Roadshow
F5 Synthesis Toronto February 2014 Roadshow
 
00. introduction to app sec v3
00. introduction to app sec v300. introduction to app sec v3
00. introduction to app sec v3
 
Sam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload SecuritySam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload Security
 
Enter The Matrix Securing Azure’s Assets
Enter The Matrix Securing Azure’s AssetsEnter The Matrix Securing Azure’s Assets
Enter The Matrix Securing Azure’s Assets
 
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017
 
PLNOG 22 - Sebastian Grabski - Is your network ready for application from the...
PLNOG 22 - Sebastian Grabski - Is your network ready for application from the...PLNOG 22 - Sebastian Grabski - Is your network ready for application from the...
PLNOG 22 - Sebastian Grabski - Is your network ready for application from the...
 
Using NetScaler Insight to Troubleshoot Network and Server Performance Issues
Using NetScaler Insight to Troubleshoot Network and Server Performance IssuesUsing NetScaler Insight to Troubleshoot Network and Server Performance Issues
Using NetScaler Insight to Troubleshoot Network and Server Performance Issues
 
Security and Privacy in the AWS Cloud - AWS India Summit 2012
Security and Privacy in the AWS Cloud - AWS India Summit 2012Security and Privacy in the AWS Cloud - AWS India Summit 2012
Security and Privacy in the AWS Cloud - AWS India Summit 2012
 
Cloud Security Solution Overview
Cloud Security Solution OverviewCloud Security Solution Overview
Cloud Security Solution Overview
 
Cloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud ServicesCloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud Services
 
Cloud security risks
Cloud security risksCloud security risks
Cloud security risks
 

More from xKinAnx

Engage for success ibm spectrum accelerate 2
Engage for success ibm spectrum accelerate 2Engage for success ibm spectrum accelerate 2
Engage for success ibm spectrum accelerate 2xKinAnx
 
Accelerate with ibm storage ibm spectrum virtualize hyper swap deep dive
Accelerate with ibm storage ibm spectrum virtualize hyper swap deep diveAccelerate with ibm storage ibm spectrum virtualize hyper swap deep dive
Accelerate with ibm storage ibm spectrum virtualize hyper swap deep divexKinAnx
 
Software defined storage provisioning using ibm smart cloud
Software defined storage provisioning using ibm smart cloudSoftware defined storage provisioning using ibm smart cloud
Software defined storage provisioning using ibm smart cloudxKinAnx
 
Ibm spectrum virtualize 101
Ibm spectrum virtualize 101 Ibm spectrum virtualize 101
Ibm spectrum virtualize 101 xKinAnx
 
Accelerate with ibm storage ibm spectrum virtualize hyper swap deep dive dee...
Accelerate with ibm storage ibm spectrum virtualize hyper swap deep dive dee...Accelerate with ibm storage ibm spectrum virtualize hyper swap deep dive dee...
Accelerate with ibm storage ibm spectrum virtualize hyper swap deep dive dee...xKinAnx
 
04 empalis -ibm_spectrum_protect_-_strategy_and_directions
04 empalis -ibm_spectrum_protect_-_strategy_and_directions04 empalis -ibm_spectrum_protect_-_strategy_and_directions
04 empalis -ibm_spectrum_protect_-_strategy_and_directionsxKinAnx
 
Ibm spectrum scale fundamentals workshop for americas part 1 components archi...
Ibm spectrum scale fundamentals workshop for americas part 1 components archi...Ibm spectrum scale fundamentals workshop for americas part 1 components archi...
Ibm spectrum scale fundamentals workshop for americas part 1 components archi...xKinAnx
 
Ibm spectrum scale fundamentals workshop for americas part 2 IBM Spectrum Sca...
Ibm spectrum scale fundamentals workshop for americas part 2 IBM Spectrum Sca...Ibm spectrum scale fundamentals workshop for americas part 2 IBM Spectrum Sca...
Ibm spectrum scale fundamentals workshop for americas part 2 IBM Spectrum Sca...xKinAnx
 
Ibm spectrum scale fundamentals workshop for americas part 3 Information Life...
Ibm spectrum scale fundamentals workshop for americas part 3 Information Life...Ibm spectrum scale fundamentals workshop for americas part 3 Information Life...
Ibm spectrum scale fundamentals workshop for americas part 3 Information Life...xKinAnx
 
Ibm spectrum scale fundamentals workshop for americas part 4 Replication, Str...
Ibm spectrum scale fundamentals workshop for americas part 4 Replication, Str...Ibm spectrum scale fundamentals workshop for americas part 4 Replication, Str...
Ibm spectrum scale fundamentals workshop for americas part 4 Replication, Str...xKinAnx
 
Ibm spectrum scale fundamentals workshop for americas part 4 spectrum scale_r...
Ibm spectrum scale fundamentals workshop for americas part 4 spectrum scale_r...Ibm spectrum scale fundamentals workshop for americas part 4 spectrum scale_r...
Ibm spectrum scale fundamentals workshop for americas part 4 spectrum scale_r...xKinAnx
 
Ibm spectrum scale fundamentals workshop for americas part 5 spectrum scale_c...
Ibm spectrum scale fundamentals workshop for americas part 5 spectrum scale_c...Ibm spectrum scale fundamentals workshop for americas part 5 spectrum scale_c...
Ibm spectrum scale fundamentals workshop for americas part 5 spectrum scale_c...xKinAnx
 
Ibm spectrum scale fundamentals workshop for americas part 6 spectrumscale el...
Ibm spectrum scale fundamentals workshop for americas part 6 spectrumscale el...Ibm spectrum scale fundamentals workshop for americas part 6 spectrumscale el...
Ibm spectrum scale fundamentals workshop for americas part 6 spectrumscale el...xKinAnx
 
Ibm spectrum scale fundamentals workshop for americas part 7 spectrumscale el...
Ibm spectrum scale fundamentals workshop for americas part 7 spectrumscale el...Ibm spectrum scale fundamentals workshop for americas part 7 spectrumscale el...
Ibm spectrum scale fundamentals workshop for americas part 7 spectrumscale el...xKinAnx
 
Ibm spectrum scale fundamentals workshop for americas part 8 spectrumscale ba...
Ibm spectrum scale fundamentals workshop for americas part 8 spectrumscale ba...Ibm spectrum scale fundamentals workshop for americas part 8 spectrumscale ba...
Ibm spectrum scale fundamentals workshop for americas part 8 spectrumscale ba...xKinAnx
 
Ibm spectrum scale fundamentals workshop for americas part 5 ess gnr-usecases...
Ibm spectrum scale fundamentals workshop for americas part 5 ess gnr-usecases...Ibm spectrum scale fundamentals workshop for americas part 5 ess gnr-usecases...
Ibm spectrum scale fundamentals workshop for americas part 5 ess gnr-usecases...xKinAnx
 
Presentation disaster recovery in virtualization and cloud
Presentation disaster recovery in virtualization and cloudPresentation disaster recovery in virtualization and cloud
Presentation disaster recovery in virtualization and cloudxKinAnx
 
Presentation disaster recovery for oracle fusion middleware with the zfs st...
Presentation disaster recovery for oracle fusion middleware with the zfs st...Presentation disaster recovery for oracle fusion middleware with the zfs st...
Presentation disaster recovery for oracle fusion middleware with the zfs st...xKinAnx
 
Presentation differentiated virtualization for enterprise clouds, large and...
Presentation differentiated virtualization for enterprise clouds, large and...Presentation differentiated virtualization for enterprise clouds, large and...
Presentation differentiated virtualization for enterprise clouds, large and...xKinAnx
 
Presentation desktops for the cloud the view rollout
Presentation desktops for the cloud the view rolloutPresentation desktops for the cloud the view rollout
Presentation desktops for the cloud the view rolloutxKinAnx
 

More from xKinAnx (20)

Engage for success ibm spectrum accelerate 2
Engage for success ibm spectrum accelerate 2Engage for success ibm spectrum accelerate 2
Engage for success ibm spectrum accelerate 2
 
Accelerate with ibm storage ibm spectrum virtualize hyper swap deep dive
Accelerate with ibm storage ibm spectrum virtualize hyper swap deep diveAccelerate with ibm storage ibm spectrum virtualize hyper swap deep dive
Accelerate with ibm storage ibm spectrum virtualize hyper swap deep dive
 
Software defined storage provisioning using ibm smart cloud
Software defined storage provisioning using ibm smart cloudSoftware defined storage provisioning using ibm smart cloud
Software defined storage provisioning using ibm smart cloud
 
Ibm spectrum virtualize 101
Ibm spectrum virtualize 101 Ibm spectrum virtualize 101
Ibm spectrum virtualize 101
 
Accelerate with ibm storage ibm spectrum virtualize hyper swap deep dive dee...
Accelerate with ibm storage ibm spectrum virtualize hyper swap deep dive dee...Accelerate with ibm storage ibm spectrum virtualize hyper swap deep dive dee...
Accelerate with ibm storage ibm spectrum virtualize hyper swap deep dive dee...
 
04 empalis -ibm_spectrum_protect_-_strategy_and_directions
04 empalis -ibm_spectrum_protect_-_strategy_and_directions04 empalis -ibm_spectrum_protect_-_strategy_and_directions
04 empalis -ibm_spectrum_protect_-_strategy_and_directions
 
Ibm spectrum scale fundamentals workshop for americas part 1 components archi...
Ibm spectrum scale fundamentals workshop for americas part 1 components archi...Ibm spectrum scale fundamentals workshop for americas part 1 components archi...
Ibm spectrum scale fundamentals workshop for americas part 1 components archi...
 
Ibm spectrum scale fundamentals workshop for americas part 2 IBM Spectrum Sca...
Ibm spectrum scale fundamentals workshop for americas part 2 IBM Spectrum Sca...Ibm spectrum scale fundamentals workshop for americas part 2 IBM Spectrum Sca...
Ibm spectrum scale fundamentals workshop for americas part 2 IBM Spectrum Sca...
 
Ibm spectrum scale fundamentals workshop for americas part 3 Information Life...
Ibm spectrum scale fundamentals workshop for americas part 3 Information Life...Ibm spectrum scale fundamentals workshop for americas part 3 Information Life...
Ibm spectrum scale fundamentals workshop for americas part 3 Information Life...
 
Ibm spectrum scale fundamentals workshop for americas part 4 Replication, Str...
Ibm spectrum scale fundamentals workshop for americas part 4 Replication, Str...Ibm spectrum scale fundamentals workshop for americas part 4 Replication, Str...
Ibm spectrum scale fundamentals workshop for americas part 4 Replication, Str...
 
Ibm spectrum scale fundamentals workshop for americas part 4 spectrum scale_r...
Ibm spectrum scale fundamentals workshop for americas part 4 spectrum scale_r...Ibm spectrum scale fundamentals workshop for americas part 4 spectrum scale_r...
Ibm spectrum scale fundamentals workshop for americas part 4 spectrum scale_r...
 
Ibm spectrum scale fundamentals workshop for americas part 5 spectrum scale_c...
Ibm spectrum scale fundamentals workshop for americas part 5 spectrum scale_c...Ibm spectrum scale fundamentals workshop for americas part 5 spectrum scale_c...
Ibm spectrum scale fundamentals workshop for americas part 5 spectrum scale_c...
 
Ibm spectrum scale fundamentals workshop for americas part 6 spectrumscale el...
Ibm spectrum scale fundamentals workshop for americas part 6 spectrumscale el...Ibm spectrum scale fundamentals workshop for americas part 6 spectrumscale el...
Ibm spectrum scale fundamentals workshop for americas part 6 spectrumscale el...
 
Ibm spectrum scale fundamentals workshop for americas part 7 spectrumscale el...
Ibm spectrum scale fundamentals workshop for americas part 7 spectrumscale el...Ibm spectrum scale fundamentals workshop for americas part 7 spectrumscale el...
Ibm spectrum scale fundamentals workshop for americas part 7 spectrumscale el...
 
Ibm spectrum scale fundamentals workshop for americas part 8 spectrumscale ba...
Ibm spectrum scale fundamentals workshop for americas part 8 spectrumscale ba...Ibm spectrum scale fundamentals workshop for americas part 8 spectrumscale ba...
Ibm spectrum scale fundamentals workshop for americas part 8 spectrumscale ba...
 
Ibm spectrum scale fundamentals workshop for americas part 5 ess gnr-usecases...
Ibm spectrum scale fundamentals workshop for americas part 5 ess gnr-usecases...Ibm spectrum scale fundamentals workshop for americas part 5 ess gnr-usecases...
Ibm spectrum scale fundamentals workshop for americas part 5 ess gnr-usecases...
 
Presentation disaster recovery in virtualization and cloud
Presentation disaster recovery in virtualization and cloudPresentation disaster recovery in virtualization and cloud
Presentation disaster recovery in virtualization and cloud
 
Presentation disaster recovery for oracle fusion middleware with the zfs st...
Presentation disaster recovery for oracle fusion middleware with the zfs st...Presentation disaster recovery for oracle fusion middleware with the zfs st...
Presentation disaster recovery for oracle fusion middleware with the zfs st...
 
Presentation differentiated virtualization for enterprise clouds, large and...
Presentation differentiated virtualization for enterprise clouds, large and...Presentation differentiated virtualization for enterprise clouds, large and...
Presentation differentiated virtualization for enterprise clouds, large and...
 
Presentation desktops for the cloud the view rollout
Presentation desktops for the cloud the view rolloutPresentation desktops for the cloud the view rollout
Presentation desktops for the cloud the view rollout
 

Recently uploaded

AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 

Recently uploaded (20)

AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 

Net scaler appfw customer technical presentation dec 2012f

  • 2. © 2012 Citrix | Confidential – Do Not Distribute Agenda • Application security needs • NetScaler Application Firewall architecture and platforms • Application Firewall technology • Positive security model: Basic and Advanced modes • XML security • Other security features • Signatures • Reporting and management
  • 3. © 2012 Citrix | Confidential – Do Not Distribute Threats to Apps and Networks Require Security to Adapt More complex apps and new threats (web 2.0) Consolidation across network and app security Disappearing network perimeter New regulations and compliance Drivers Integrated Application Access and Threat Management Fine-Grained Policies High Performance/Low Latency (in-line to all apps) Needs
  • 4. © 2012 Citrix | Confidential – Do Not Distribute Maximum Application Performance Infrastructure Offload & Savings Complete Application Security LAN Mobile User • World-class L4-L7 load balancing • Intelligent service health monitoring • Caching • Compression • Connection pooling • SSL processing • Web 2.0 Push • Access Gateway SSL VPN • Application firewall High Application Availability Branch Web Application Delivery with NetScaler Integrated Module
  • 5. © 2012 Citrix | Confidential – Do Not Distribute DDos SSL/VPNSSL WAF XML FW AAA SSO Reporting • 4th Gen Web App Firewall • Fastest App Firewall (12 Gbps) • Best Price-Performance NetScaler MPX, SDX and VPX • First to implement learning (Teros) • First to implement positive security • Fine-grained policy driven Convergence of Application Security Functions
  • 6. © 2012 Citrix | Confidential – Do Not Distribute NetScaler WAF Approach • Build consistent security, access control, visibility and management for web apps and networks • Web App Firewall and integrated ADCs ideally suited for fine-grained policy enforcement • Flexibility for multiple environments: • On-Premise • Virtualized • Hosted/Cloud a access t threat networkapplication Compliance and VisibilityFine-grained Policies PerformanceandScaleL2-L7 Extensibility
  • 7. © 2012 Citrix | Confidential – Do Not Distribute •Full function Web Application Firewall ● HTTP and XML attack protections ● Data theft protection ● Hybrid security model ● Rate controls, Rich AAA, policy-driven ● FIPS, Common Criteria and ICSA Certification •Centralized Management ● Software-based management console ● Fully automatable via APIs ● Role-based administration, fleet management •Fastest Web App Firewall (up to 12 Gbps) •Very low latency, inline deployment a access t threat networkapplication Compliance and VisibilityFine-grained Policies PerformanceandScaleL2-L7 Extensibility Key Highlights
  • 8. © 2012 Citrix | Confidential – Do Not Distribute Internet Web App Users Legitimate traffic allowed through Application Attacks Blocked Citrix NetScaler Application Infrastructure Network Firewalls • Blocks dozens of day zero attack vectors o Includes CSRF, xPath Injection, XML attachment checks • Bi-directional inspection: advanced attack prevention • SSL traffic supported • Sustained protection to 12 Gbps • ICSA certified Where Is the Application Firewall Deployed?
  • 9. © 2012 Citrix | Confidential – Do Not Distribute • NetScaler MPX and SDX • High-performance hardware appliance • Powers the web • Integrated within NetScaler or standalone options • NetScaler VPX • Virtual appliance • Runs on standard x86 hardware • Fast, inexpensive, flexible • XenServer, VMWare ESX, Hyper-V NetScaler Platforms NetScaler MPX NetScaler VPX
  • 10. © 2012 Citrix | Confidential – Do Not Distribute Application Firewall MPX Platforms Throughput (Gbps) 5550 0.5 8400 1 .7 8600 2.3 13500 4.5 16500 6 .2 20500 8 .4 21550 12 500 MPX 5550 MPX 8400-8600 MPX 21550 MPX 13500-20500 Standalone Citrix Application Firewall Models
  • 12. © 2012 Citrix | Confidential – Do Not Distribute • Hybrid design • New Hardware Platforms • Fastest and broadest Web App FW on the market! • Infrastructure Enhancements • Advanced Policy Support • Optimized memory usage and integrated cache • Large post body handling • Dozens of Security Checks including: • CSRF, Learning, WSDL scan prevention, Attachment checks, XPath injection prevention, Congurable injection and XSS protections • Enhanced Manageability and Ease of Use • Learning visualizer, Web services Monitoring, CC manageability and reporting improvements, Built-in profiles NetScaler Application Firewall
  • 13. © 2012 Citrix | Confidential – Do Not Distribute Application Firewall Characteristics Deep Stream Inspection ● Bi-directional analysis ● Header and payload inspection ● Full parsing ● Semantic extraction ● Sessionization Strong Hybrid Security Model ● Positive Security Model ● Signature scanning ● Unique Response Tagging Functionality Easy Deployment ● Learning Mode to ease deployment ● Visualizer to manage rules 1100101100 0001101100 10000000111 11001 100001000111 110001 HTML/XM L
  • 14. © 2012 Citrix | Confidential – Do Not Distribute INTERNAL Data Flow Process NetScaler Web Applications Database 1. Client Request http://www.site.com/ EXTERNAL 2. Request Inspections 3. Client Request www.site.com 4. Server Response www.site.com5. Response Inspections 6. Server Response http://www.site.com/ • Start URLs • XSS • SQL Injection • Field Consistency • Buffer Overflow • Credit Cards • SAFE Object
  • 15. © 2012 Citrix | Confidential – Do Not Distribute Full ADC Integration
  • 16. © 2012 Citrix | Confidential – Do Not Distribute • Profiles • Enable Basic or Advanced defaults • Consists of Security Settings • Policies • Directs traffic to profiles • Matches on request or response parameters Customizable Profiles and Policy
  • 17. © 2012 Citrix | Confidential – Do Not Distribute Complete Web App Protection with Learning
  • 19. © 2012 Citrix | Confidential – Do Not Distribute Easy Deployment Mode • Protects against • SQL Injection • Cross Site Scripting • Cross site Request Forgery (Referrer header) • Forceful Browsing (Start/Deny URLs) • Buffer Overflow • Form Field Formatting • No sessionization required • Learning aided deployment Basic Defaults – Positive Security Model
  • 20. © 2012 Citrix | Confidential – Do Not Distribute SQL Injection attacks How this might be done:  User enters data into a form on a web page  The application sends this as part of an SQL query to the back end database Item Number: Item Lookup Enter Desired Item Number SUBMIT 1234’ or ‘1=1 … select item-detail … WHERE itemnum=1234’ or ‘1=1 SUBMIT
  • 21. © 2012 Citrix | Confidential – Do Not Distribute Cross-site Scripting (XSS) Attacks Attacking trust relationships Cross-Site Scripting: Inserting a malicious script that compromises the trust relationship between a user and a Web application, resulting in sending an attacker confidential information that can be used to steal that user’s identity. Innocent user downloads script and executes 2 Hacker posts <malicious script> to vulnerable Web application 1 3 Script captures credential info and sends to hacker
  • 22. © 2012 Citrix | Confidential – Do Not Distribute Cross Site Request Forgery Attacks • Protection actions – • Verify Referrer headers • Tag each form with unique token and verify on form submission. • . Evil.com makes request to application using user’s session credentials 3 2 User visits evil.com in another browser window evil.com User logs in and creates session with web application 1 Attacking trust relationships
  • 23. © 2012 Citrix | Confidential – Do Not Distribute CSRF: Referrer Header Protection bank.com blog.net https://bank.com/transfer.htm <form action=transfer.asp> <input type=text name=“from”> <input type=text name=“to”> ….. </form> https://bank.com/transfer.asp?amount=1000&from=good&to=bad Cookie: auth=good Referer: blog.net X
  • 24. © 2012 Citrix | Confidential – Do Not Distribute Forceful Browsing •Forceful Browsing Attack – Manipulating request URLs to gain access to content you are not entitled to see. Brute-force penetration of the infrastructure Paris Hilton's Sidekick hacked …hacker Nicolas Jacobsen pled guilty to a single charge of intentionally accessing a protected computer and recklessly causing damage. Jacobsen was arrested by US authorities last October, but had had access to T-Mobile's servers for more than a year. He reportedly amused himself by accessing US Secret Service email, and raiding other Sidekick users' accounts. I got hacked…
  • 25. © 2012 Citrix | Confidential – Do Not Distribute Buffer Overflow Protection Hacker Buffer Overflow Attack Application Platform OS Gain application Privileges Gain platform privileges Gain root server access Prevent hackers from gaining unauthorized system privileges Application Firewall limits input parameter sizes for:  URLs  Headers  Cookies Application Server Internet
  • 26. © 2012 Citrix | Confidential – Do Not Distribute Advanced Defaults • Session based enables additional protections • Cookie • Form Field Consistency • URL Closure protection • Tag Based Cross Site Request Forgery • Includes all basic protections Session-based Protection with Advanced Defaults
  • 27. © 2012 Citrix | Confidential – Do Not Distribute Cookie Poisoning defense: Prevents identity theft and session hijacking Client returns cookie to server Web server sends client cookie Application Firewall verifies that cookies have not been modified by client
  • 28. © 2012 Citrix | Confidential – Do Not Distribute Cookie Attack Protection – Encrypt Cookies • Encrypt only session cookies (non-persistent) or all application cookies. • AES-192 encryption. 1 2
  • 29. © 2012 Citrix | Confidential – Do Not Distribute Cookie Attack Protection – Proxy Cookies Replace all server cookies with a single App Firewall session cookie
  • 30. © 2012 Citrix | Confidential – Do Not Distribute Cookie Attack Protection – Flag Cookies • HTTP Only – Make cookie unavailable to JavaScript • Secure – Cookie submitted only for HTTPS URLs • All – Both attributes are added to the Set-Cookie header
  • 31. © 2012 Citrix | Confidential – Do Not Distribute CSRF: Form Tagging Protection bank.com blog.net https://bank.com/transfer.htm <form action=transfer.asp> <input type=text name=“from”> <input type=text name=“to”> ….. <input type=‘hidden’ as_fid=“UNIQUE_ID”> </form> https://bank.com/transfer.asp?amount=1000&from=good&to=bad Cookie: auth=good X
  • 32. © 2012 Citrix | Confidential – Do Not Distribute HTML Form Field Protection Client completes and returns form Application sends form to client Protect applications by blocking malicious and illegal input parameters For each user session AppFw ensures that: 1. Each field is returned 2. No fields were added by client 3. Read-only and hidden fields are unaltered 4. Data in drop-down list or radio button field conforms 5. Max length of form fields is adhered to
  • 34. © 2012 Citrix | Confidential – Do Not Distribute • XML Security • Threat Protection • Content Validation • Data Leak Prevention • Reporting and Monitoring • Secures all flavors of XML Applications (not just SOAP) • Single devices for XML, HTML and Web 2.0 applications security • Check types are categories as HTML, XML or Common • Block, Log and Statistics can be enable for all checks. Integrated HTML and XML Security
  • 35. © 2012 Citrix | Confidential – Do Not Distribute Advanced XML Capabilities • Web Services Monitoring • Fast XPath Switching for XML/JSON • XML Security Enhancements • XML Attachment filtering • Entity Expansion Attack • SOAP Fault Filtering • WSDL Scanning • Learning • XPath Injection • DTD Validation • SQL and XSS learning
  • 36. © 2012 Citrix | Confidential – Do Not Distribute Message Validation - XML Schema Why Schema?  agreeing on formats  Tool building: know what the data will be before the first instance shows up  Validation: make sure we got what we expected <?xml version="1.0" encoding="UTF-8"?> <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"> <xs:element name="Author"> <xs:sequence> <xs:element name="FirstName" type="xs:string" /> <xs:element name="LastName" type="xs:string" /> </xs:complexType> </xs:element> </xs:schema> <?xml version="1.0"?> <Author > <FirstName>Mark</FirstName> <LastName>Twain</LastName> </Author>
  • 37. © 2012 Citrix | Confidential – Do Not Distribute XML DoS: Prevent SOAP Array abuse attacks
  • 39. © 2012 Citrix | Confidential – Do Not Distribute Click to Rule Application Firewall  Application Firewall relaxation rules can now be deployed from the logs  The logs must be in CEF log format  Convenient option to relax a rule blocking a legitimate request
  • 40. © 2012 Citrix | Confidential – Do Not Distribute • Log using CEF-based logs • Mar 15 16:48:14 <local0.info> 10.90.196.150 CEF:0|Citrix|NetScaler|NS10.0|APPFW|APPFW_STARTURL|6| src=10.90.33.39 spt=52737 method=GET request=http://10.90.196.152/ msg=Disallow Illegal URL. cn1=69 cn2=3999 cs1=Application_Firewall_Profile cs2=PPE2 cs3=edw9DRH/XRTNya64AIYNZM1sgfUA020 cs4=ALERT cs5=2012 act=blocked • Easy integration with numerous vendors that support CEF format Common Event Format Logging Support
  • 41. © 2012 Citrix | Confidential – Do Not Distribute • Chunking occurs regularly when the server is returning a large volume of data • POST Requests containing large volumes of data may be chunked by the client • Required for many Applications including those for iPhones • Requests with Chunking can be parsed Chunked POST Request Support
  • 42. © 2012 Citrix | Confidential – Do Not Distribute Business Object Protection Modules Financial Theft Prevention Prevent the inadvertent disclosure of customer or corporate data Configurable Protections Credit Card Numbers Customer-defined Data Objects Mastercard 5168701720999598 5487106695039822 5374247346295037 5229226821960783 5120772245608565 5418244166026814 5214846392378060 5593219822414122 5302495774841718 5141463445796112 VISA 4532804852500010 4328380488186126 4532740912246923 4716318594729561 4916022347049263 4929693453925879 4916392627322353 4485495924283904 4532203936162055 4916164014266109 Mastercard XXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXX VISA XXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXX Server: Msg 547, Level 16, State 1, Procedure error_demo_sp, Line 2 UPDATE statement conflicted with COLUMN FOREIGN KEY constraint 'fk7_acc_cur'. The conflict occurred in database 'bos_sommar', table 'currencies', column 'curcode'. The statement has been terminated.
  • 43. © 2012 Citrix | Confidential – Do Not Distribute Customizable Injection Patterns • Ability to add / delete keywords for SQL/ XSS • Generic: Any other injection attack pattern like Xpath Injection • Customizable per firewall profile • Built-in file available as template - <!-- Default SQL/XSS parameters  --> - <AppFwCustomSettings> - <!-- SQL injection parameters  --> - <injection> - <!-- SQL keywords  -->   <keyword>select</keyword>   <keyword>insert</keyword>   <keyword>delete</keyword>   <keyword>update</keyword>   <keyword>drop</keyword>   <keyword>create2</keyword>   <keyword>alter</keyword>   <keyword>grant</keyword>   <keyword>revoke</keyword>   <keyword>commit</keyword>   <keyword>rollback</keyword>   <keyword>shutdown</keyword> …
  • 44. © 2012 Citrix | Confidential – Do Not Distribute XDOS Protection ᵒ XmlMaxElementDepthCheck: ᵒ XmlMaxElementNameLengthCheck: ᵒ XmlMaxElementsCheck: ᵒ XmlMaxElementChildrenCheck: ᵒ XmlMaxAttributesCheck: ᵒ XmlMaxAttributeNameLengthCheck: ᵒ XmlMaxAttributeValueLengthCheck: ᵒ XmlMaxCDATALengthCheck: ᵒ XmlMaxFileSizeCheck: ᵒ XmlMinFileSizeCheck: • Usage: ᵒ Add appfw profile pr1 ᵒ Set appfw profile pr1 –xmldosaction block ᵒ Bind appfw profile pr1 –xmldosurl .* - XmlMaxFileSizeCheck on –xmlmaxfilesize 500
  • 45. © 2012 Citrix | Confidential – Do Not Distribute AppExpert Templates • App Firewall templates for • Microsoft SharePoint • Web Interface • Cuts deployment times from days to minutes • Comprehensively defines applications • Consolidates app-specific configuration in one place • Simplifies ongoing lifecycle management
  • 46. © 2012 Citrix | Confidential – Do Not Distribute • AppExpert template available for Application Firewall protections for Citrix Web Interface • Simplified deployment support that include customized and older versions AppExpert Template for Web Interface
  • 47. © 2012 Citrix | Confidential – Do Not Distribute URL Transform 51
  • 48. © 2012 Citrix | Confidential – Do Not Distribute AppExpert Rate Controls help isolate critical application resources User(s) • IP Address • IP Range/Subnet • Cookie Value • Wildcards • Any header or payload… Object • Vserver IP • URL/URI • Image • File • Any header or payload… TimeRate • Requests • Packets • Bandwidth • Measured in milliseconds • Throttle • Invoke Policy • Responder • Rewrite • Cache • etc. • Alert • Log • Trap Action 
  • 49. © 2012 Citrix | Confidential – Do Not Distribute • Authentication servers : LDAP, RADIUS, TACACS, NT4, Smart card, Certificate based • Two factor, Dual passwords, Cascading • User / group awareness • Fine grained policy based control • Full Audit trail • SSO: Basic, Digest, NTLM AAA for application traffic offloads authentication
  • 51. © 2012 Citrix | Confidential – Do Not Distribute Hybrid Security Model • Signatures for known attacks  Easy deployment, Quick PoC  Checks request headers (URL, cookies, etc) and body (form fields)  Integrates with scanning tools  Wizard to ease configuration  Scans thousands of signatures at wire speeds • Mix-and-match with positive security  Defense against zero-day attacks  Defense against custom attacks  Strongest security posture
  • 52. © 2012 Citrix | Confidential – Do Not Distribute Signature Protection for Application Firewall Enable Signature Protection 1. Tune Signatures 2. Enable Advanced Security 3. Tune Security Policies 4. Comprehensive Application Protection • Simplifies detection against known application vulnerabilities • Shortens Application Firewall deployment cycle • Updated signatures every 4-6 weeks • Signatures based on public vulnerability databases (e.g. Snort, CVE, Bugtraq, etc.)
  • 53. © 2012 Citrix | Confidential – Do Not Distribute •URLs/VIPs etc •App Type •App Characteristics Specify your Application •Select Relevant Signatures Enable Signature Protections •Proceed to optional tuning Done with initial AppFw configuration •Tune Settings (Block, Log etc) Tune Signatures • Specify vulnerable app slice • Select Deep Protections • Tune Settings • Configure Exceptions Enable Deep Protections •Transition to production workflow Done with AppFw setup Optional Steps Hybrid Security Model Workflow to enable AppFW for an Application • SQL Injection • Cross Site Scripting • Buffer Overflow • …
  • 54. © 2012 Citrix | Confidential – Do Not Distribute React to Application Changes • Tune Signatures • Tune Deep Protections Protect Additional App Slices Diagnose AppFW violations, errors • Reports • Logs • Stats Manage Signature Updates Protect Against Vulnerabilities Identified by Scans Workflow to Manage/Maintain AppFW Protections
  • 55. © 2012 Citrix | Confidential – Do Not Distribute Set up Application Protection in 3 easy steps
  • 56. © 2012 Citrix | Confidential – Do Not Distribute Set actions
  • 57. © 2012 Citrix | Confidential – Do Not Distribute Set up additional protections, if desired
  • 58. © 2012 Citrix | Confidential – Do Not Distribute Signature Maintenance/Updates • Based on SNORT • Partnership with SourceFire to provide signatures • Can be updated without changing build • Open format for signature files • Signature versioning • Automatic identification of “new” signatures
  • 59. © 2012 Citrix | Confidential – Do Not Distribute Intuitive Signature Management
  • 60. © 2012 Citrix | Confidential – Do Not Distribute Signature Support for Rapid Deployment
  • 61. © 2012 Citrix | Confidential – Do Not Distribute • NetScaler provides SNORT signatures converted into NetScaler native format • Import into NetScaler • Click and choose which application rules apply and whether to block or log • Deploy How Does It Work – SNORT® signatures?
  • 62. © 2012 Citrix | Confidential – Do Not Distribute Integration with Vulnerability Assessment Tools Protected website Run periodic scans Import vulnerability file into NetScaler
  • 63. © 2012 Citrix | Confidential – Do Not Distribute Configuring Response Side Checks • Flexibly add more rules in signatures vs. traditional checks • Rules include credit cards, comments stripping and safe objects
  • 65. © 2012 Citrix | Confidential – Do Not Distribute Manageability and Ease of Use - Learning • Rule Recommendation Engine in learning mode
  • 66. © 2012 Citrix | Confidential – Do Not Distribute Manageability and Ease of Use – Rule Visualizer
  • 67. © 2012 Citrix | Confidential – Do Not Distribute Application Visualizer - Manage Configuration Drift View /Resolve Config Drifts View Overlay and Detailed Stats
  • 68. © 2012 Citrix | Confidential – Do Not Distribute Reporting Dashboard of top Application Firewall information – for quick security summary Ability to create custom reports for specific violations, client IPs, profiles etc.
  • 69. © 2012 Citrix | Confidential – Do Not Distribute Visibility and Reporting with Splunk for NetScaler • Splunk App for NetScaler • Available at SplunkBase • http://www.splunkbase.com/apps/All/4.x/Add-On/app:Splunk+for+Citrix+NetScaler • Case Study: FreshDirect • http://www.splunk.com/view/case-study-fresh-direct/SP-CAAACDB
  • 70. © 2012 Citrix | Confidential – Do Not Distribute • Analyze App Firewall configuration against PCI- DSS requirements • Executive summary of Application Firewall configuration Full PCI v1.2 Compliance Report
  • 71. © 2012 Citrix | Confidential – Do Not Distribute • Ability to push configuration changes to Cluster • Support all-or-none: don’t leave any node in semi-configured state • Ability to identify configuration mismatch between nodes • Notify admin of mismatch • Support ability to remove mismatch and get nodes back into sync. • Reporting of group of devices as a single entity Command Center Cluster Management
  • 72. © 2012 Citrix | Confidential – Do Not Distribute Auditing • Full administrative audit trail  All management operations logged • Full user activity audit trail  All session activity  All network flows • All system events logged • Support for external logging servers
  • 73. © 2012 Citrix | Confidential – Do Not Distribute • Comprehensive Application Firewall offering • Compelling standalone WAF • Fully integrated into overall ADC offering • Industry leading feature set • Fastest Application Firewall in the market • Best price-performance • Broadest product lineup for all throughput requirements • 500 Mbps – 12 Gbps • Pay-as-you-grow • Flexibility via both MPX and VPX offerings • Broad technology eco-system and partnerships Summary
  • 74. Work better. Live better.

Editor's Notes

  1. &amp;lt;number&amp;gt;
  2. &amp;lt;number&amp;gt;
  3. &amp;lt;number&amp;gt;
  4. One way to approach application security issues is to fix the application code itself. The fact of the matter is for large applications, making changes takes time leaving the application vulnerable. Flaws may be in third party code so one has to wait for a patch. Legacy applications that assumed a trusted security model now are exposed to the web. Deploying an hardened application firewall gives time to fix the application while securing the application.
  5. The payment card industry knows that this is a problem. formed a council called PCI. PCI-DSS or the Payment Card Industry Data Security Standard. Defines how credit card data is transmitted, logged, stored and processed. 12 reqs in 6 domains Compliance is pass or fail
  6. NetScaler provides advanced App and Service delivery optimization. It is composed of four “pillars”. 100% application availability via our world-class L4-L7 load balancing capabilities and intelligent service health monitoring features Accelerates application performance by 5x through static and dynamic content caching and compression An average of 60% in application infrastructure savings through connection pooling and offloading SSL processing from servers End-to-end application security with integrated Access Gateway Enterprise for secure remote access and an application firewall to protect against application layer attacks. The Application Firewall is one of the principal integrated modules within NetScaler ADCs. This AppFW may be used within the context of an ADC or as a standalone appliance. If used as a standalone option, it may be field upgraded via software license to a full NetScaler at any time.
  7. &amp;lt;number&amp;gt;
  8. Integrated into Citrix NetScaler or as standalone Application Firewall it sits behind the network firewalls, in front of important web applications, protecting them from dozens of L7 attacks automatically. Simply configure it once, and you’re done. It can actually be up and running in less than 30 minutes in most cases. Its bi-directional inspection can protect against form-field or cookie consistency issues. Protections include blocking cross site request forgery, xPath Injection attacks and XML including: XML Attachment Checks Enhancements Entity Expansion Attack Protection Soap Fault Filtering WSDL Scanning Prevention XPath Injection Protection Learning Monitoring Web Services With the latest MPX models dedicated traffic protection can exceed 12 Gbps. NetScaler’s application firewall satisfies the PCI-DSS application firewall requirement and has been ICSA certified.
  9. These are the latest lineup of standalone offerings. Note that additional standalone models available include App Firewalls based on the 5500, 7500, 9500, 10500 and 12500 but these are older models and these latest models are recommended for any new deployments. Note: any NetScaler ADC (MPX, SDX or VPX) running Platinum include AppFW and this is an option on Enterprise Edition. &amp;lt;number&amp;gt;
  10. &amp;lt;number&amp;gt;
  11. To understand how the NetScaler Application Firewall protects web infrastructures, one must first understand the hybrid model which is composed of “positive security model” and signatures (more on this later). The positive security model is fundamental to our strategy of delivering industry-leading security against known and unknown attacks. With this model, we enforce positive application behavior deterministically. The security policy defines permissible application behavior based on industry standards and expected usage. Any event or instance falling outside of this model is treated as potentially malicious, and is alerted on or blocked, or both. We understand what “good” traffic looks like. Contrast this with a negative security model that is signature based, and inevitably suffers from false positives. A positive security model is the only approach that delivers “zero day” protection – no dependence on security vendors to identify a threat, develop a signature pattern and distribute to customers. This model detects and blocks dozens of attack vectors including CSRF, cookie poisoining, SQL injection and many more. &amp;lt;number&amp;gt;
  12. Next generation security requires much more than simple packet-level inspection. Citrix Application Firewall integrates Deep Stream Inspection technology that reconstructs all bi-directional communications for each user session. Once reconstructed, it inspects all content to ensure correct application behavior and the validity of user and machine inputs. Citrix&amp;apos; innovative Deep Stream Inspection technology is based on multiple core technologies, including: Bi-directional analysis of all application traffic Complete header and payload inspection Full application parsing Semantic extraction of relevant application objects Traffic sessionization
  13. An administrator can use the following process to understand the data flow for the client request and server response: 1. The client issues a request for http://www.site.com 2. The NetScaler system receives the client request and performs configured App Firewall request inspections. Request inspections can include: Start URLs XSS SQL Injection Field Consistency Buffer Overflow App Firewall can perform learning through exceptions to inspections. 3. The client request is load balanced to the appropriate server. 4. The server sends a response for www.site.com 5. The NetScaler system receives the server response and performs configured App Firewall response inspections. Response inspections can include: Credit Cards SAFE Object 6. The server response for http://www.site.com is sent to the client.
  14. &amp;lt;number&amp;gt;
  15. &amp;lt;number&amp;gt;
  16. &amp;lt;number&amp;gt;
  17. &amp;lt;number&amp;gt;
  18. &amp;lt;number&amp;gt;
  19. &amp;lt;number&amp;gt;
  20. Citrix Application Firewall has dynamic context sensitive cross site scripting attack protections. It does not just look for patterns, rather it looks for anything that looks like an HTML tag in a form field and cross references those against a list of allowed tags. If what is in the tag is not on there, the CAF will block it. There are several types of XSS attacks but this is one of the more common examples An application should never be able to allow a user to post executable code or scripts This attack is against applications which allow posting of user information such as eBay Rather than posting a description of an item the hacker will post an executable script which will run on a browser An unsuspecting user will download the page and the script will execute This may be in the form of a pop up window or a command to transfer the cookie information to the hackers location Once this information is obtained by the hacker they have complete access to the users account This is not an attack on the application but on the trust between the user and the web site.
  21. Citrix Application Firewall has dynamic context sensitive cross site scripting attack protections. It does not just look for patterns, rather it looks for anything that looks like an HTML tag in a form field and cross references those against a list of allowed tags. If what is in the tag is not on there, the CAF will block it. There are several types of XSS attacks but this is one of the more common examples An application should never be able to allow a user to post executable code or scripts This attack is against applications which allow posting of user information such as eBay Rather than posting a description of an item the hacker will post an executable script which will run on a browser An unsuspecting user will download the page and the script will execute This may be in the form of a pop up window or a command to transfer the cookie information to the hackers location Once this information is obtained by the hacker they have complete access to the users account This is not an attack on the application but on the trust between the user and the web site.
  22. Protects against CSRF attacks by checking if the referer header is coming from an authorized site. &amp;lt;number&amp;gt;
  23. Citrix Application Firewall enforces Entry Points, then remembers all of the URLs presented to the user in HTML in a particular session and only allows the user to go to those URLs. No one else can do this dynamic URL closure without a large performance hit.
  24. Citrix Application Firewall also provides dedicated defenses against buffer overflow attacks targeting the application, the application platform, or the underlying operating system. Buffer overflow attacks are among the most common application-layer exploits. (Code Red and Nimda are well-known examples). They attempt to overflow an input buffer with excessive data. Successfully executed, the hacker can run a remote shell on the machine and gain the same system privileges granted to the application being attacked. Citrix Application Firewall performs a deep stream inspection on all HTTP traffic to block buffer overflows anywhere in a client request.
  25. &amp;lt;number&amp;gt;
  26. Cookie tampering is another type of application exploit that is defeated with the positive security model. Citrix Application Firewall prevents attackers from modifying server-issued cookies to highjack sessions of legitimate users or steal user credentials. Any client request that includes a cookie that has been modified illegally is automatically rejected by Citrix Application Firewall.
  27. Decrypt only option – Handle transition cases where cookie encryption is turned off and there may still be persistent cookies that have been set and encrypted. To encrypt single Server cookie, may use PI encryption policy as alternate means to achieve this. &amp;lt;number&amp;gt;
  28. Session only – Only non-persistent cookies are stored in the App Firewall session. Persistent cookies (with an expires header) are forwarded to the client. Only the AppFirewall session cookie is sent to the user. All session cookies are not set in the user browser. When user submits this request, the appropriate cookies based on the path and domain are inserted in the request before forwarding to the server. If any session (non-persistent) cookies need to be sent to the user, add an exception for this cookie name. &amp;lt;number&amp;gt;
  29. Protects against CSRF attacks by checking if the request contains the unique ID provided by NetScaler. &amp;lt;number&amp;gt;
  30. &amp;lt;number&amp;gt;
  31. Citrix Application Firewall form field protection is a good example of the positive security model in action. Many Web applications use forms for collecting customer information and interacting with users. Each form field is a potential attack vector. Hackers may try to inject malicious code or bad data into the application in an attempt to exploit an application’s inability to validate inputs. Citrix Application Firewall provides comprehensive checks on form field inputs. It does this for each form and for each user session. This prevents a hacker from manipulating data in read-only or hidden form fields, and ensures that no elements of the form are tampered with. Because the entire form is locked down, it prevents hackers from utilizing application forms to inject malicious code.
  32. &amp;lt;number&amp;gt;
  33. &amp;lt;number&amp;gt;
  34. XML schemas are used to enforce proper data types on incoming XML payloads. This offers enhanced security. In addition, Schema validation can be expensive to perform on the servers. Offloading this to the NetScaler offers a significant boost in application performance. &amp;lt;number&amp;gt;
  35. &amp;lt;number&amp;gt;
  36. &amp;lt;number&amp;gt;
  37. src nat on lb (F5) in front waf (Citrix).  - From a security perspective, lost client ip.  Forensically hard, if there is an alert. - Workaround – log the connection, translate the table, Could obtain logs from LB for a duration of a week. - Need to put the source port in the syslog for WAF.  Correlate based on time stamp. - Want to put src port into the arcsight feed. Use case: Multiple boxes in customer network, source NAT from 3rd party load balancer and in front of NetScaler AppFW. Track client with log info that includes source port and correlate with time stamps Note that the source port is logged – extra traceability &amp;lt;number&amp;gt;
  38. Chunking occurs regularly when the server is returning a large volume of data. Client is not informed in the first chunk of the total size of the response. Requests are often tiny in size. &amp;lt;number&amp;gt;
  39. One of the most powerful capabilities of Citrix Application Firewall is business object protection. Business object protection prevents the unauthorized and inadvertent leakage of sensitive customer or corporate information, such as Credit card numbers (via the SAFE Commerce module) Customer-defined data objects (via the SAFE Object module). SAFE Object can protect social security numbers, driver&amp;apos;s licenses, account numbers, passwords, patient ID numbers and other defined data objects. If a sensitive data object is detected in a server response, the Application Firewall can either block the page, strip the object or mask the object. Application Firewall delivers a last line of defense against information leakage. It ensures that no information is sent from the Web server that would compromise customer data and result in potential identity theft. Citrix Business Object Protection modules are ideal for achieving regulatory compliance with Gramm-Leach-Bliley, the California Database Breach Act, and other privacy mandates.
  40. XML Denial of Service protects servers from maiicious XML payloads by enforcing limits on the XML payload structure. This include limits on lengths of attributes, element names, size of payload etc. each of the limits can be set independently. &amp;lt;number&amp;gt;
  41. AppExpert Templates encapsulate the entire NetScaler configuration (the application components that NetScaler is optimizing, as well as the configuration settings and policies) for a specific application into one logical “view.” Ongoing changes to configuration and policies can also be made from this view. AppExpert Templates can be imported and exported, enabling customers to load complete NetScaler configurations for optimization of specific applications within minutes. Import/export also makes it easy to share application-specific configuration within and between organizations, and to move app-specific configurations between different systems. There is a specific template for SharePoint and Web Interface available for AppFW.
  42. A powerful feature is the URL transform feature. This module leverages the underlying App firewall infrastructure to determine URLs in the request/ response and can transform them using a flexible regular expression syntax. 5- &amp;lt;number&amp;gt;
  43. There’s a number of ways folks have told us they’re going to use AppExpert rate controls. Of course straight-up rate limiting (e.g., DNS rate-limiting, limiting traffic originating from a single subnet) is one example. Ensuring a given resource (e.g., anything from a VServer to a specific URL) is another. Two specific examples are: One customer allows some of its partners to scrape its website so the partners can republish content on their own sites. However, the customer wants to ensure that overly aggressive scraping by the partners doesn’t overwhelm the website and degrade the site’s performance. AppExpert rate controls can be used to limit how much scraping each partner can do. This same approach could be used to ensure that websites that publish APIs -- so that partners can do mashups, for example -- aren’t overwhelmed by any particular partner’s use of the API. Another example is a customer that was having problems with a couple of users FTPing a few too many large files at the same time. By using AppExpert rate controls to build an expression around bandwidth consumed per sourceIP, they can drop any additional FTP requests coming from a sourceIP (aka a user) that already has too much FTP activity. A more generalized use could also do something along the lines of limiting the amount of concurrent file downloading for a given SharePoint site, to ensure that downloads don’t drown out other SharePoint (or other application) activity. &amp;lt;number&amp;gt;
  44. &amp;lt;number&amp;gt; Authentication is commonly deployed in web applications. NS includes this feature to perform authentication and authorization for application traffic. It builds on the existing AG-EE infrastructure available on all NetScaler platforms and makes it available for regular load balanced traffic. All standard authentication schemes and directory stores are supported. This feature is not specific to the application firewall.
  45. &amp;lt;number&amp;gt;
  46. &amp;lt;number&amp;gt;
  47. &amp;lt;number&amp;gt;
  48. Tune signatures Set Non Blocking Mode Send Traffic Leverage Logs, Stats, Learning to Narrow Signature List Tune Block, Log, Stat Settings &amp;lt;number&amp;gt;
  49. &amp;lt;number&amp;gt;
  50. &amp;lt;number&amp;gt;
  51. &amp;lt;number&amp;gt;
  52. The application visualizer has been enhanced to quickly detect and resolve config drifts. You can also view detailed stats and overlay stats. &amp;lt;number&amp;gt;
  53. &amp;lt;number&amp;gt;
  54. Logging and Auditing Capabilities: Syslog Nslog Ability to log the following: Login information Logout information Access failures TCP statistics UDP statistics Http information System events (device up/down) &amp;lt;number&amp;gt;
  55. &amp;lt;number&amp;gt;