F5 Networks Configuring BIG-IP ASM: Application Security Manager v13

The BIG-IP Application Security Manager course gives participants a functional understanding of how to deploy, tune, and operate BIG-IP Application Security Manager (ASM) to protect their web applications from HTTP-based attacks. The course includes lecture, hands-on labs, and discussion about different ASM components for detecting and mitigating threats from multiple attack vectors such web scraping, Layer 7 Denial of Service, brute force, bots, code injection, and zero day exploits.

Course Outline

Lesson 1: Setting Up the BIG-IP System

  • Introducing the BIG-IP System

  • Initially Setting Up the BIG-IP System

  • Archiving the BIG-IP System Configuration

  • Leveraging F5 Support Resources and Tools


Lesson 2: Traffic Processing with BIG-IP

  • Identifying BIG-IP Traffic Processing Objects

  • Overview of Network Packet Flow

  • Understanding Profiles

  • Overview of Local Traffic Policies and ASM

  • HTTP Request Flow

  • Chapter Resources


Lesson 3: Web Application Concepts

  • Overview of Web Application Request Processing

  • Web Application Are Vulnerable Even with SSL

  • Layer 7 Protection with Web Application Firewalls

  • Overview of Web Communication Elements

  • Parsing URLs

  • Overview of the HTTP Request Structure

  • Method: Perform Actions on a Server

  • HTTP Methods ASM Accepts by Default

  • Comparing POST with GET

  • Risks Within Other Methods

  • Methods Enforcement for URLs

  • HTTP Response Codes

  • Examining HTTP Responses

  • HTTPUser Input Forms: Free Text Input

  • User Input Forms: Free Text Input

  • How ASM Parses File Types, URLs, and Parameters

  • Using the Fiddler HTTP Proxy

  • Chapter Resources


Lesson 4: Commom Web Applications Vulnerabilities

  • Common Exploits Against Web Applications


Lesson 5: Security Policy Deployment

  • Comparing Positive and Negative Security Models

  • Deployment: Combining Positive and Negative Security

  • The Deployment Workflow

  • Policy Type: How Will the Policy Be Applied

  • Policy Template: Determines the Level of Protection

  • Policy Templates: Automatic or Manual Policy Building

  • Deployment Workflow: Advanced Settings

  • Viewing Requests

  • Security Checks Offered by Rapid Deployment

  • Response Checks Using Data Guard

  • Chapter Resources


Lesson 6: Policy Tuning and Violations

  • Post-Deployment Traffic Processing

  • Defining Violations

  • Defining False Positives

  • How Violations are Categorized

  • Violation Rating: A Threat Scale

  • Defining Staging and Enforcement

  • Defining Enforcement Mode

  • Defining the Enforcement Readiness Period

  • Defining Learning

  • Defining Learning Suggestions

  • Choosing Automatic or Manual Learning

  • Defining the Learn, Alarm and Block Settings

  • Interpreting the Enforcement Readiness Summary

  • Configuring the Blocking Response Page

  • Chapter Resources


Lesson 7: Attack Signatures

  • Defining Attack Signatures

  • Creating User-Defined Attack Signatures

  • Defining Attack Signature Sets

  • Defining Attack Signature Pools

  • Updating Attack Signatures

  • Understanding Attack Signatures and Staging

  • Chapter Resources


Lesson 8: Positive Security Policy Building

  • Defining Security Policy Components

  • Defining the Wildcard

  • The Entity Staging Lifecycle

  • Choosing the Learning Scheme

  • How to Learn: Never (Wildcard Only)

  • How To Learn: Always

  • How to Learn: Selective

  • Reviewing the Enforcement Readiness Period: Entities

  • Violations Without Learning Suggestions

  • Defining the Learning Score

  • Defining Trusted and Untrusted IP Addresses

  • How to Learn: Compact

  • Chapter Resources


Lesson 9: Cookies and Other Headers

  • ASM Cookies: What to Enforce

  • Defining Allowed and Enforced Cookies

  • Configuring Security Processing on HTTP headers

  • Chapter Resources


Lesson 10: Reporting and Logging

  • Reporting: Build Your Own View

  • Reporting: Chart based on filters

  • Brute Force and Web Scraping Statistics

  • Viewing ASM Resource Reports

  • PCI Compliance: PCI-DSS 3.0

  • Generating a Security Events Report

  • Viewing Traffic Learning Graphs

  • Local Logging Facilities and Destinations

  • Viewing Logs in the Configuration Utility

  • Logging Profiles: Build What You Need

  • Chapter Resources


Lesson 11: Lab Project

Lesson 12: User Roles and Policy Modification

  • Defining User Roles

  • Defining ASM User Roles

  • Defining Partitions

  • Configuring User Partition Access

  • Comparing Security Policies with Policy Diff

  • Merging Security Policies

  • Editing and Exporting Security Policies

  • Restoring with Policy History

  • Examples of ASM Deployment Types

  • ConfigSync and ASM Security Data

  • ASMQKVIEW: Provide to F5 Support for Troubleshooting

  • Chapter Resources


Lesson 13: Advanced Parameter Handling

  • Defining Parameter Types

  • Defining Static Parameters

  • Defining Dynamic Parameters

  • Defining Dynamic Parameter Extraction Properties

  • Defining Parameter Levels

  • Other Parameter Considerations

  • Chapter Resources


Lesson 14: Application-Ready Templates

  • Application Templates: Pre-Configured Baseline Security

  • Chapter Resources


Lesson 15: Automatic Policy Building

  • Overview of Automatic Policy Building

  • Defining Templates Which Automate Learning

  • Defining Policy Loosening

  • Defining Policy Tightening

  • Defining Learning Speed: Traffic Sampling

  • Defining Track Site Changes

  • Chapter Resources


Lesson 16: Web Application Vulnerability Scanners

  • Integrating Scanner Output Into ASM

  • Will Scan be Used for a New or Existing Policy?

  • Importing Vulnerabilities

  • Resolving Vulnerabilities

  • Using the Generic XML Scanner XSD file

  • Chapter Resources


Lesson 17: Login Enforcement & Session Tracking

  • Defining a Login URL

  • Login Enforcement: Time and Logout Conditions

  • Defining Session Tracking

  • Configuring Actions Upon Violation Detection

  • Session Hijacking Mitigation

  • Why Fingerprint A Client

  • Chapter Resources


Lesson 18: Brute Force and Web Scraping Mitigation

  • Defining Anomalies

  • Mitigating Brute Force Attacks via Login Page

  • Defining Session-Based Brute Force Protection

  • Defining Dynamic Brute Force Protection

  • Defining the Prevention Policy

  • Defining Web Scraping

  • Defining Geolocation Enforcement

  • Configuring IP Address Exceptions

  • Chapter Resources


Lesson 19: Layered Policies

  • Defining a Parent Policy

  • Defining Inheritance

  • Parent Policy Deployment Use Cases

  • Chapter Resources


Lesson 20: Layer 7 DoS mitigation

  • Defining Denial of Service Attacks

  • Defining DoS Profile General Settings

  • Defining Proactive Bot Defense

  • Using Bot Signatures

  • Defining TPS-based DoS Protection

  • Defining Operation Mode

  • Defining Mitigation Methods

  • Defining Behavioral and Stress-Based Detection

  • Defining Behavioral DoS

  • Chapter Resources


Lesson 21: ASM and iRules

  • Common Uses for iRules

  • Identifying iRule Components

  • Triggering iRules with Events

  • Defining ASM iRule Events

  • Defining ASM iRule Commands

  • Using ASM iRule Event Modes

  • Chapter Resources


Lesson 22: Content Profiles

  • Defining Asynchronous JavaScript and XML

  • Defining JavaScript Object Notation (JSON)

  • Defining Content Profiles

  • The Order of Operations for URL Classification

  • Chapter Resources


Lesson 23: Review and Final Labs

  • Course Review Questions

  • Answers to Review Questions


Lesson 24: Additional Training and Certification

  • Getting Started Series Web-Based Training

  • F5 Instructor Led Training Curriculum

  • F5 Professional Certification Program

Audience

This course is intended for security and network administrators who will be responsible for the installation, deployment, tuning, and day-to-day maintenance of the Application Security Manager.

Pre-requisite(s):

Administering BIG-IP; basic familiarity with HTTP, HTML and XML; basic web application and security concepts.

Available Course Dates

02/12/2018 10:00 am - 02/15/2018 6:00 pm
03/26/2018 10:00 am - 03/29/2018 6:00 pm
05/15/2018 10:00 am - 05/18/2018 6:00 pm
06/18/2018 10:00 am - 06/21/2018 6:00 pm
Click here to sign up for this class