Applies To:

Show Versions Show Versions

Manual Chapter: Maintaining Security Policies
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

You may at times need to adjust your security policies as a result of changes in the application or because of new security needs. You can view the status of all security policies, and see the outstanding configuration tasks on the Policies Summary screen.
From the Policy Properties screen, you can reconfigure an active security policy. This clears the policy of all data and essentially creates a new one by rerunning the Deployment wizard.
From the Policy Properties screen, you can click tabs to perform policy audits, view history, display a policy log or tree view, and adjust display preferences.
From the Inactive Policies screen, you can perform many of these actions on inactive security policies in addition to the following tasks:
You can access a security policy for editing either from the Active Policies screen or from the editing context area. The editing context area, shown in Figure 7.1, appears at the top of almost every security policy component screen throughout Application Security Manager.
1.
On the Main tab, expand Security, point to Application Security, and click a security policy.
4.
To put the security policy changes into effect immediately, click the Apply Policy button in the editing context area.
Tip: To quickly access the Properties screen for a security policy, click the Current edited policy link in the editing context area.
You can export a security policy as a binary archive file or as a readable XML file. For example, you may want to export a security policy from one web application so that you can use it as a baseline for a new web application. You can also export a security policy to archive it on a remote system before upgrading the system software, to create a backup copy, or to use the exported security policy in a policy merge. (See Deactivating a security policy, for more information on merging policies.)
You can export a security policy located on a remote system. The XML or archive file includes the name of the security policy and the date it was exported. If you saved the policy as an XML file, you can open it to view the configured settings of the security policy in a human readable format.
The exported security policy includes any user-defined attack signature sets that are in use by the policy, but not the actual signatures. Therefore, it is a good idea to make sure that the attack signatures and user-defined signatures are the same on the two systems.
1.
On the Main tab, expand Security and click Application Security.
The Active Policies screen opens.
2.
In the Active Security Policies list, select the security policy that you want to export, then click Export.
The Select Export Method popup screen opens.
To save the security policy as an XML file, select Export security policy in XML format. To reduce the size of the XML file, select the Compact format check box.
To save the security policy as a policy archive file (.plc file), select Binary export of the security policy.
4.
Click Export.
The popup screen closes, and the system opens an external file download screen.
5.
In the file download screen, save the file to an external location.
The system exports the security policy in the format you specified and saves it in the remote location.
The exported security policy includes any user-defined signature sets that are in the policy, but not the user-defined signatures themselves. Optionally, you can export user-defined signatures from the Attack Signature List (to see the list, go to Security > Options > Application Security > Attack Signatures > Attack Signatures List).
If you export the security policy as an XML file, the file displays the configured settings of the security policy items in a very readable format.
When exporting to XML, you can further choose to export the security policy in a compact format, which results in a smaller XML file. There are differences between a security policy exported in regular format and in compact format. In compact format, the system does not include the staging state of attack signatures. Also, the system exports information regarding the following items only if they are different from how they were created:
You can import a security policy previously saved in archive policy or XML format to quickly apply a security policy to a new web application. You can also use the import option to restore a security policy from a remote system.
Before you import an exported policy onto another system, it is a good idea to make sure that the attack signatures and user-defined signatures are the same on the two systems.
If using device management and you import a security policy with automatic policy building enabled, the imported policy will have Real Traffic Policy Builder® enabled on the local device. But, when replicated to the other devices, Policy Builder will be disabled in the policy on the other devices in the group.
1.
On the Main tab, expand Security and click Application Security.
The Active Policies screen opens.
2.
Above the Active Security Policies area, click the Import button.
The Import Security Policy screen opens.
3.
Use the Choose File field to navigate to the security policy that you want to import.
The system shows the name of the policy you plan to import and the policy encoding.
4.
For the Import Target setting, select one of the following:
a)
Select Inactive Security Policies List to place the uploaded policy into the list of inactive policies.
b)
Select Replaced Policy to activate the uploaded policy to the selected active security policy.
The uploaded policy becomes the new active security policy.
Note: When you select the Replaced Policy option, the replaced policy is automatically moved to the Inactive Securities Policies List.
If you selected Inactive Security Policies List, proceed to step 6.
5.
For Associate event logs to the imported policy, select or clear the Enabled check box:
Enabled: Specifies when selected, that the system associates all event log data from the security policy being replaced with the imported security policy.
Disabled: Specifies when cleared, that the system deletes all event log data associated with the security policy that is being replaced.
6.
Click Import.
The system displays a success status message when the operation is complete.
7.
Click OK.
The screen refreshes, and you can see the imported security policy in either the Active Securities Policies list or the Inactive Security Policies list, depending on your selection. The imported policy includes any user-defined signature sets that were exported with the security policy.
Note: The names of security policies must be unique within the Application Security Manager. If a security policy with the same name already exists, the system adds a sequential number to the end of the name.
You can deactivate a security policy from the Application Security Manager. When you deactivate a security policy, the system retains the policy, but it no longer protects an application since it no longer processes traffic. To permanently delete a security policy, see Deleting a security policy permanently.
1.
On the Main tab, expand Security and click Application Security.
The Active Policies screen opens.
2.
Select the security policy that you want to deactivate, and click the Delete button below the list.
A confirmation popup screen opens and presents a warning that all of the request log entries generated by this security policy will be permanently deleted with the policy. (Consider exporting them prior to deleting this security policy.)
3.
Click OK.
The system moves the security policy from the Active Security Policies list to the Inactive Security Policies list.
If you deactivate a security policy, and later decide that you want to use it, you can restore the security policy from the Inactive Security Policies list.
1.
On the Main tab, expand Security, point to Application Security, Security Policies, then click Inactive Policies.
The Inactive Policies screen opens.
3.
Click Activate.
The Activate Policy screen opens.
4.
From the Replaced Policy list, select the currently active security policy to replace with the one you are restoring.
Note: The system moves the currently active security policy to the Inactive Security Policies list.
5.
For Associate existing event logs to the activated policy, select or clear the Enabled check box:
Select Enabled to retain all event logs currently associated with the security policy to be replaced, and associate them with the restored security policy.
Clear Enabled to delete all data associated with the security policy to be replaced.
6.
Click Activate.
A confirmation screen opens.
7.
Click OK.
The Policy Properties screen of the restored policy opens.
If you created a security policy and saved it and decide later that you want to start over from the beginning, you can reconfigure it. All of the security policy configuration data is deleted.
1.
On the Main tab, expand Security and click Application Security.
The Active Policies screen opens.
3.
Click Reconfigure to clear all the settings, data, and statistics for this security policy.
4.
Click OK on the confirmation screen.
The system removes all configuration settings and data for the security policy and returns it to a new policy state.
5.
Click Run Deployment Wizard to create the security policy.
If you delete a security policy from the configuration, and later decide that you want to delete it permanently, you can delete the security policy from the Inactive Security Policies list.
1.
On the Main tab, expand Security, point to Application Security, Security Policies, then click Inactive Policies.
The Inactive Policies screen opens.
3.
Click Delete.
A confirmation popup screen opens, where you can confirm that you want to permanently delete the security policy.
4.
Click OK.
The screen refreshes, and you no longer see the security policy in the Inactive Security Policies list.
The Application Security Manager keeps an archive of security policies that have been set to active. Every time you make a security policy the active security policy, the system saves a version of that security policy, and archives it. You can restore any of the archived security policies, and make it the active security policy.
Tip: In the Active Security Policies list, on the Active Policies screen, the security policy version number is in square brackets next to the security policy name.
1.
On the Main tab, expand Security and click Application Security.
The Active Policies screen opens.
2.
In the Active Security Policies list, click the security policy whose different versions you want to view or whose archived version you want to restore.
The Policy Properties screen opens.
3.
From the menu bar, click History.
The History screen opens, where you can view the archived versions of the security policy.
4.
Select a version, and then click the Restore button.
The Restore Security Policy screen opens.
5.
In the Security Policy Name field, change the name as required.
6.
Click Restore.
A confirmation dialog box opens.
7.
Click OK.
The policy properties screen of the restored active security policy opens. All data and statistics for the previous active security policy are deleted.
You can create a security policy template to use as the basis for new security policies. When you manually develop a security policy using the Deployment wizard, the template you created is listed with the list of application-ready security policies.
You can view the list of all available templates including those supplied by the system, the application-ready security policies, and those that are user-defined.
1.
On the Main tab, expand Security, point to Options, Application Security, and then click Advanced Configuration.
The System Variables screen opens.
2.
From the Advanced Configuration menu, choose Policy Templates.
The Policy Templates screen opens and lists the available policy templates. The list includes all system-supplied and user-defined security policy templates that are on the system
You can save a security policy as a template to create policies that differ only in a few details. The template can serve as the basis for a new security policy.
1.
On the Main tab, expand Security and click Application Security.
The Active Policies screen opens.
3.
Click the Save as Template button.
The Add Policy Template screen opens.
5.
In the Description field, type a description of the template, such as the name of the security policy it was based on.
6.
For the Template File setting:
a)
Select Use existing security policy.
7.
Click Add.
The Policy Templates screen opens showing a list of all policy templates including the one you just created.
If, in the future, you change the original security policy from which you created the template, the template is not updated or changed.
Before you can create a template, you need to have an exported template from another system, or a security policy saved in XML format.
1.
On the Main tab, expand Security and click Application Security.
The Active Policies screen opens.
2.
Click the Save as Template button.
The Add Policy Template screen opens.
4.
In the Description field, type a description of the template, such as the name of the security policy it was based on.
5.
For the Template File setting:
a)
Select Upload template file.
6.
Click Add.
The Policy Templates screen opens showing a list of all policy templates including the one you just created.
You can export a security policy template and save it for later use. For example, you can upload the template onto another system.
1.
On the Main tab, expand Security point to Options, Application Security, and click Advance Configuration.
The System Variables screen opens.
2.
From the Advanced Configuration menu, choose Policy Templates.
The Policy Templates screen opens and lists all of the available policy templates.
3.
Select a policy template to export, and click the Export button.
The system creates a template file in XML format called exported_<template-name>_template_yyyy-mm-dd_hh-mm.xml, where yyyy-mm-dd_hh-mm represents the date and time of the export.
5.
To import the exported template, log in to the system where you want to use it and create a template using the one you exported.
The Application Security Manager creates a policy log for every security policy. The policy log includes an entry for each event or action performed on the security policy, including the event type, the element type and name (if relevant), the data and time of the change, a description of the change, and where, how, and by whom the change was made.
This log is different from the automatic policy building log because this one shows all changes that the Policy Builder or a user made to the security policy. The automatic policy building log is described in Viewing automatic policy building logs.
1.
On the Main tab, expand Security, and click Application Security.
The Active Policies screen opens.
2.
In the Active Security Policies area, click the name of the security policy for which you want to review the log.
The Properties screen opens.
3.
From the menu bar, click Policy Log.
The Policy Log screen opens.
4.
In the filter area, adjust the filter settings to view the logs you want to see.
The screen refreshes, and displays the policy log for the current security policy.
6.
To save the log as a PDF, click Export.
The system creates a PDF that you can open or save.
You can display a tree view of the security policy to quickly view its contents. The tree view shows the hierarchy of the web application, particularly the URLs and parameters contained in the security policy. Global parameters appear at the top level, and URL parameters fall under URLs in the directory-like structure.
1.
On the Main tab, expand Security, and click Application Security.
The Active Policies screen opens.
2.
In the Active Security Policies area, click the name of the security policy for which you want to display a tree view.
The Properties screen opens.
3.
From the menu bar, click Tree View.
The Tree View screen opens.
5.
Click an allowed URL, a disallowed URL or a parameter to view its properties.
The properties page for the URL or parameter opens.
Figure 7.2 shows an example tree view of a security policy for an auction web application.
Application Security Manager includes several audit tools that you can use to query a security policy to find the information you are looking for. You can use the audit tools to analyze suspicious policy states (for example, URLs allowed to modify domain cookies). Each tool type specifies a predefined URL, parameter, or flow filter that helps to identify conflicts and errors in the security policy.
1.
On the Main tab, expand Security, and click Application Security.
The Active Policies screen opens.
2.
In the Active Security Policies area, click the name of the security policy to which you want to audit filters.
The Properties screen opens.
3.
From the menu bar, click Audits.
The Audits screen opens.
4.
From the Tool Type list, select an audit tool, and then click Go.
The screen refreshes, and the system displays the audit report.
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)