Applies To:

Show Versions Show Versions

Manual Chapter: Maintaining Security Policies
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Security policies can change and evolve over time. As the nature of the web traffic through the web application changes, you adjust the security policy as required. Several options exist to facilitate the maintenance of the security policy. You have the option to:
You can access a security policy for editing from either the Policies List screen, or from the editing context area. The editing context area appears at the top of almost every screen throughout the Configuration utility. Figure 9.1 displays the editing context area.
1.
On the Main tab of the Application Security navigation pane, click Policies List.
The Security Policies screen opens.
2.
In the Security Policies area, click the name of the security policy that you want to edit.
The Policy Properties screen opens.
4.
To put the security policy changes into effect immediately, click the Apply Policy button in the editing context area.
1.
On the Main tab of the Application Security navigation pane, click Policies List.
The Security Policies screen opens.
2.
In the Security Policies area, select the security policy that you want to copy, and click the Copy button below the list.
The Copy Policy screen opens.
3.
In the New Security Policy Name box, type a name for the security policy, and then click Copy.
The system displays a success message when the copy is completed.
4.
Click OK.
The screen refreshes, and you see the new security policy in the Security Policies List.
Important: In the Security Policies List, the Active icon next to a security policy indicates that this policy is active. The Modified icon indicates that the security policy has been modified, and you must click the Set Active Policy button to implement any changes in the security policy.
There are different reasons for exporting a security policy. For example, you may want to export a security policy for one web application so that you can use the exported policy as a baseline for a new web application. You can also export a security policy to archive it on a remote system before you upgrade the system software, to create a backup copy, or to use the exported security policy in a policy merge. (See Merging two security policies, for more information on merging policies.)
1.
On the Main tab of the Application Security navigation pane, click Policies List.
The Security Policies screen opens.
2.
In the Security Policies area, select the security policy that you want to export, and click the Export button below the list.
A file download screen opens.
3.
Click Save.
A Save As popup screen opens.
4.
Navigate to the remote location where you want to save the security policy, and click Save.
The system exports the security policy and saves it in the remote location.
You can use the policy merge option to combine two security policies. For example, you can use the policy merge option to merge a security policy that you have built offline into a security policy that is on a production system.
The merge mechanism is lenient when it merges a lenient security policy into a lenient target security policy. The merge action does not delete anything from the target security policy. As such, where there are conflicts, the system resolves the conflict by retaining the settings of the target security policy.
Important: When a security policy contains restrictive components, for example, a user-defined attack signature set, the merge tool deletes it. As you configure more signature sets for a security policy, it becomes more restrictive, and thus, harder to perform a merge.
Entities in the target security policy whose values are different from those in the merged security policy
(If this occurs, the system does not change the target security values.)
Once the merge is complete, you have the option of saving the Policy Merge Report as a text file (*.txt), so that you can review the details of the merge, and resolve any errors that may have occurred.
1.
On the Main tab of the Application Security navigation pane, click Policies List.
The Security Policies screen opens.
2.
In the Security Policies area, select the security policy that is the target security policy (the one into which the system merges the second security policy), and click the Merge button below the list.
The Merge Policies screen opens.
3.
In the Merge Policies area, for the Security Policy To Be Merged setting, either type a path, or click the Browse button, and navigate to the exported security policy file that you want to merge into the target security policy.
6.
Click the Merge button.
The system merges the second security policy into the target security policy, and produces the Merge Report.
7.
Click the Download Full Report button to open or save the entire Merge Report.
You can import a security policy to quickly apply a security policy to a new web application. You can also use the import option to restore a security policy from a remote system.
1.
On the Main tab of the Application Security navigation pane, click Policies List.
The Security Policies screen opens.
2.
Below the Security Policies area, click the Import button.
The Import Policy screen opens.
3.
In the Choose File box, type the path to the security policy that you want to import. Alternately, click the Browse button and navigate to the security policy that you want to import.
4.
Click Import.
The system displays a success status message when the operation is complete.
5.
Click OK.
The screen refreshes, and the imported security policy is in the Security Policies List.
Important: The names of security policies must be unique within the Application Security Manager. If the name of the imported security policy already exists in the current Application Security Manager environment, the system renames the imported security policy by adding a sequential number to the end of the name.
1.
On the Main tab of the Application Security navigation pane, click Policies List.
The Security Policies screen opens.
2.
In the Security Policies area, select the security policy that you want to delete, and click the Delete button below the list.
A confirmation popup screen opens, to confirm that you want to delete the security policy.
3.
Click OK
The screen refreshes and you no longer see the security policy in the Security Policies List.
Important: You cannot remove a security policy that is currently active. The active policy for a web application has the Active icon next to the name in the Security Policies List.
If you delete a security policy, and later decide that you did not want to do that, you can restore the security policy from the Policy Recycle Bin.
1.
On the Main tab of the Application Security navigation pane, click Policies List.
The Security Policies screen opens.
2.
Below the Security Policies area, click the Import button.
The Import Policy screen opens.
3.
In the Policy Recycle Bin list, select the security policy that you want to restore, and then click the Restore button.
A confirmation popup screen opens, where you confirm that you want to restore the security policy.
4.
Click OK.
The system restores the security policy, and displays a success message.
5.
Click OK.
The screen refreshes, and you see the restored security policy in the Policies List.
The Application Security Manager keeps an archive of security policies that have been set to active. Every time you make a security policy the active security policy, the system saves a version of that security policy, and archives it. The system retains up to fifty archived versions. You can restore any of the archived security policies, and make it the active security policy.
Tip: In the Security Policies list, on the Policies List screen, the security policy version number is in square brackets next to the security policy name.
1.
On the Main tab of the Application Security navigation pane, click Policies List.
The Security Policies screen opens.
2.
In the Security Policies list, click the security policy whose archived version you want to view or restore.
The Security Policy Properties screen opens.
3.
In the Configuration editing context area, ensure that the edited security policy is the one you want to update.
4.
On the menu bar, click History.
The Security Policy History screen opens, where you can view the archived versions of the security policy.
5.
If you want to restore an archived security policy, select the version, and then click the Restore button below the list.
The Restore Security Policy screen opens.
6.
In the Security Policy Name box, change the name as required.
8.
Click OK.
The popup screen closes, and on the Security Policies screen, you see the restored security policy in the Security Policies list area.
Since viewing all the security policy in one screen is quite impossible, the Application Security Manager includes several audit tools that enable you to query a security policy to find the information you are looking for. Some of these audit tools can be used to analyze suspicious policy states (for example, parameters with zero length). Each report isolates a pre-defined state, and helps you identify conflicts and errors in the security policy.
1.
On the Main tab of the Application Security navigation pane, click Policy.
The Security Policy Properties screen opens.
2.
On the menu bar, click Audits.
The Audits screen opens.
4.
From the Tool Type list, select an audit tool, and then click Go.
The screen refreshes, and the system displays the information according to the audit tool properties.
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)