The Rapid Deployment security policy provides security features that minimize the number of false positive alarms and reduce the complexity and length of the deployment period. By default, the Rapid Deployment security policy includes the following security checks:
With the Rapid Deployment security policy, your organization can quickly create a security policy that meets the majority of web application security requirements.
You can implement Rapid Deployment in one of two ways:
Before you can create a security policy using ASM™, you need to complete the basic BIG-IP® system configuration tasks including creating a VLAN, a self IP address, and other tasks, according to the needs of your networking environment.
|Rapid Deployment security policy||Creates a simple security policy that protects against known vulnerabilities, such as evasion attacks, data leakage, and buffer overflow attacks.|
|Rapid Deployment security policy with Policy Builder enabled||Creates a simple security policy that protects against known vulnerabilities, and starts the Policy Builder which can add elements to the policy based on examining application traffic, put them in staging, and enforce them when ready.|
After you create a security policy, the system provides learning suggestions concerning additions to the security policy based on the traffic that is accessing the application. For example, you can have users or testers browse the web application. By analyzing the traffic to and from the application, Application Security Manager™ generates learning suggestions or ways to fine-tune the security policy to better suit the traffic and secure the application.
|Clear||Select a learning suggestion, and click Clear. The system removes the learning suggestion and continues to generate suggestions for that violation.|
|Clear All||To remove all existing learning suggestions from the list, regardless of whether you have selected any of them, click Clear All.|
|Cancel||Click Cancel to return to the Manual Traffic Learning screen.|
|Learn||If selected, the system generates learning suggestions for requests that trigger the violation.|
|Alarm||If selected, the system records requests that trigger the violation in the Charts screen, the system log (/var/log/asm), and possibly in local or remote logs (depending on the settings of the logging profile).|
|Block||If selected (and the enforcement mode is set to Blocking), the system blocks requests that trigger the violation.|