Applies To:

Show Versions Show Versions

Manual Chapter: Getting Started with BIG-IP Application Security Manager
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

1 
Getting Started with BIG-IP Application Security Manager
 
How to get started with the Application Security Manager
 
Using this guide
 
Getting started with the user interface
 
Finding help and technical support resources
How to get started with the Application Security Manager
You can use the BIG-IP® Application Security Manager to configure a security policy with any of the available deployment options, or scenarios, of the Deployment wizard. By using the Deployment wizard to create a security policy, your organization can quickly meet the majority of web application security requirements as outlined in PCI DSS v1.1 section 6, FISMA, HIPAA, and others.
Deciding which deployment scenario to use
Before you start using the Deployment wizard, you should review the following descriptions of each deployment scenario, to help you decide which one is most appropriate for your situation.
Using the Manual Deployment scenario
Use the Manual Deployment scenario when one of these criteria matches your needs:
Rapid Deployment
You want to deploy a preconfigured security policy that quickly provides application security for known vulnerabilities. Refer to Chapter 3, Creating a Security Policy Using Rapid Deployment, for more information.
Application-Ready Security Policy
You want to use a preconfigured security policy for one of the following enterprise applications:
 
Microsoft® ActiveSync® 1.0 or 2.0
 
Lotus® Domino® 6.5
 
Microsoft® Outlook Web Access® Exchange (2003 and 2007)
 
Microsoft SharePoint (2003 and 2007)
 
SAP® NetWeaver® 7
 
Oracle 10g
 
Oracle® Applications 11i
 
PeopleSoft® Portal 9
 
WhiteHat Sentinel Baseline
Refer to Chapter 7, Deploying an Application-Ready Security Policy, for more information.
Manually build a security policy
You can also use Manual Deployment to build a security policy from scratch by manually adding file types, URLs, and parameters, then configure the settings needed for your environment. For details, refer to Manually Configuring Security Policies, in the Configuration Guide for BIG-IP® Application Security Manager.
Using the Production Site deployment scenario
Use the Production Site deployment scenario when both of these criteria match your needs:
You want the Application Security Manager to build the security policy using automated tools like the Policy Builder.
 
The traffic that the Policy Builder will use to develop the security policy comes from untrusted clients, that is, actual traffic through the application.
To run the Deployment wizard using the Production Site deployment scenario, refer to Chapter 4, Creating a Security Policy for a Production Environment.
Using the QA Lab deployment scenario
Use the QA Lab deployment scenario when both of these criteria match your needs:
You want the Application Security Manager to build the security policy using automated tools like the Policy Builder.
 
The traffic that the Policy Builder uses to develop the security policy comes from trusted clients; in other words, it is considered to be safe traffic. Trusted clients are known good clients; that is, those whose traffic is not detrimental or malicious. An example of trusted traffic is that generated by the QA lab employees in your company.
To run the Deployment wizard using the QA Lab deployment scenario, refer to Chapter 5, Creating a Security Policy for a Test Environment.
Using the Web Services deployment scenario
Use the Web Services deployment scenario when both of these criteria match your needs:
Your application uses XML transactions.
Your application uses a WSDL or schema document.
To run the Deployment wizard using the Web Services deployment scenario, refer to Chapter 6, Creating a Security Policy for XML Transactions.
Using this guide
This guide is intended to help first-time users get the Application Security Manager up and running, to protect their applications from known and unknown application security vulnerabilities. The chapters in this guide provide step-by-step procedures for creating and deploying several types of security policies for web applications and web services. For example, Chapter 6, Creating a Security Policy for XML Transactions, describes how to configure and deploy a security policy for an XML-based web services application. Before you start configuring a security policy for your application, you should review the Application Security Manager documentation.
Important: The deployment scenarios described in this guide are written with the assumption that you have installed and licensed the Application Security Manager. Refer to the product documentation (described following) for more information on these tasks.
Documentation set for the Application Security Manager
In addition to this guide, you can refer to several other documents for details about the BIG-IP system and Application Security Manager. The documentation set is available on the F5 Technical Support web site, in the AskF5SM Knowledge Base. You can access the technical support web site either from the Welcome screen in the Configuration utility, or from the web address, https://support.f5.com.
New BIG-IP systems include the following printed information in the shipping container.
Configuration Worksheet
This worksheet provides you with a place to plan the basic configuration for the BIG-IP system.
Quick Start Instructions
This pamphlet provides you with the basic configuration steps required to get the BIG-IP system up and running in the network.
The following guides, in PDF and HTML format, are available in the Ask F5SM Knowledge Base.
Configuration Guide for BIG-IP® Application Security Manager
This guide contains detailed configuration information for the application security components of the BIG-IP system. With this guide, you can perform tasks such as creating application security classes, configuring security policies web applications and web services, and monitoring application security events.
Platform Guides
The platform guides include information about the BIG-IP system hardware. They also contain important environmental warnings and hazardous substance reports.
BIG-IP® Systems: Getting Started Guide
This guide provides detailed information about installing upgrades to the BIG-IP system. It also provides information about licensing the BIG-IP system software and connecting the system to a management workstation or network.
TMOS® Management Guide for BIG-IP® Systems
This guide contains any information you need to configure and maintain the network and system-related components of the BIG-IP system. With this guide, you can perform tasks such as configuring VLANs, assigning self IP addresses, creating administrative user accounts, and managing a redundant system.
Configuration Guide for BIG-IP® Local Traffic Manager
This guide contains any information you need for configuring the BIG-IP system to manage local network traffic. With this guide, you can perform tasks such as creating virtual servers and load balancing pools, configuring application and protocol profiles, implementing health monitors, and setting up remote authentication.
Getting started with the user interface
The browser-based graphical user interface for the BIG-IP system is called the Configuration utility. You log on and use the Configuration utility to set up the system and configure the Application Security Manager.
Figure 1.1 shows the Welcome screen.
Figure 1.1 Welcome screen
Overview of components of the Configuration utility
The Configuration utility contains the following components:
The identification and messages area
The identification and messages area of the Configuration utility is the screen region that is above the navigation pane, the menu bar, and the body. In this area, you find the system identification, including the host name, and management IP address. This area is also where certain system messages display, for example Activation Successful, which appears after a successful licensing process.
The navigation pane
The navigation pane, on the left side of the screen, contains the Main tab, the Help tab, and the About tab. The Main tab provides links to the major configuration objects. The Help tab provides context-sensitive help for each screen in the Configuration utility. The About tab provides overview information about the BIG-IP system.
The menu bar
The menu bar, which is above the body, provides links to additional screens.
The body
The body is the screen area where the configuration settings display.
Using the Application Security navigation pane
When you click most options in the Application Security section of the BIG-IP system, the Application Security Manager opens a new browser window for application security.
In this document, we refer to the navigation pane of the BIG-IP system as simply the navigation pane. We refer to the navigation pane of the Application Security Manager as the Application Security navigation pane.
Browser support
The Application Security Manager works with a majority of the commonly available web browsers, for example, Microsoft® Internet Explorer® and Mozilla® Firefox®. For the most current list of the supported browsers, refer to the current release note on the AskF5SM Knowledge Base web site, https://support.f5.com.
Finding help and technical support resources
You can find additional technical documentation and product information using the following resources.
Online help
Application Security Manager provides online help for each screen. The online help contains descriptions of each control and setting on the screen. Click the Help tab in the navigation pane to view the online help for a screen.
Welcome screen
The Welcome screen contains links to many useful web sites and resources, including the AskF5SM Knowledge Base, the F5 Solution Center, the F5 DevCentral web site, plug-ins, SNMP MIBs, and SSH clients.
F5 Technical Support web site
The F5 Technical Support web site, https://support.f5.com, provides the latest documentation for the product, including:
 
Release notes
 
Configuration Guide for BIG-IP® Application Security Manager
 
BIG-IP® Systems: Getting Started Guide
 
Configuration Guide for BIG-IP® Local Traffic Manager
 
TMOS® Management Guide for BIG-IP® Systems
 
Technical notes
 
AskF5SM Knowledge Base
To access this site, you need to register at https://support.f5.com.
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)