Applies To:

Show Versions Show Versions

Manual Chapter: Getting Started with BIG-IP Application Security Manager
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

You can use the BIG-IP® Application Security ManagerTM to develop a security policy that protects your web application server. Using the Deployment wizard, your organization can quickly create a security policy that meets the majority of web application security requirements as outlined in PCI DSS v1.1 section 6, FISMA, HIPAA, and others.
The Deployment wizard takes you through the steps required for creating and deploying security policies for several different scenarios. Before you start using the Deployment wizard, review the following descriptions of each deployment scenario, to help you decide which one is most appropriate for your organization.
When you want to develop a security policy for a web application by examining live traffic in a production environment, you can use the Production Site deployment scenario. The system builds the security policy based on statistical analysis of the traffic and the intended behavior of the application. In this environment, the application users could come from many different sources, and the traffic is considered to be untrusted.
Automatic policy building, where Application Security Manager builds the security policy by a statistical analysis of the traffic
You can use the QA Lab deployment scenario to develop a security policy for an environment where the traffic is generally considered safe, such as internal corporate traffic or traffic in a QA lab. In this environment, you generally know who the application users are, and trust that their traffic is not detrimental or malicious.
If you want to develop a security policy for a web service or XML application, use the Web Services deployment scenario. The system provides learning suggestions, but some manual intervention is required for creating security policies.
If you want to work with a preconfigured security policy, use the Manual Deployment scenario. The security policy created is usable as is, and you can optionally add security features to enhance it. When using the Manual Deployment scenario, you can select one of the following options:
Rapid Deployment
You want to deploy quickly a preconfigured security policy that provides application security protection against known vulnerabilities.
Application-Ready Security Policy
You want to use a preconfigured security policy for one of the following enterprise applications:
Microsoft® ActiveSync® 1.0 or 2.0
Lotus® Domino® 6.5
Microsoft® Outlook Web Access® Exchange (2003 and 2007)
Microsoft® Outlook Web Access® Exchange (2003 and 2007) with ActiveSync®
Microsoft® SharePoint (2003 and 2007)
SAP® NetWeaver® 7
Oracle® 10g
Oracle® Applications 11i
PeopleSoft® Portal 9
The browser-based graphical user interface for the BIG-IP system is called the Configuration utility. You log on and use the Configuration utility to set up the system and configure the Application Security Manager.
Figure 1.1 shows the Welcome screen.
Figure 1.1 Welcome screen
The identification and messages area
The identification and messages area of the Configuration utility is the screen region that is above the navigation pane, the menu bar, and the body. In this area, you find the system identification, including the host name, and management IP address. This area is also where certain system messages display, for example Activation Successful, which appears after a successful licensing process.
The navigation pane
The navigation pane, on the left side of the screen, contains the Main tab, the Help tab, and the About tab. The Main tab provides links to the major configuration objects. The Help tab provides context-sensitive help for each screen in the Configuration utility. The About tab provides overview information about the BIG-IP system.
The menu bar
The menu bar, which is above the body, provides links to additional screens.
The body
The body is the screen area where the configuration settings display, and where the user configures the system.
The Application Security Manager works with a majority of the commonly available web browsers, for example, Microsoft® Internet Explorer® and Mozilla® Firefox®. For the most current list of the supported browsers, refer to the current release note on the AskF5SM Knowledge Base web site, https://support.f5.com.
Online help
Application Security Manager provides online help for each screen. The online help contains descriptions of each control and setting on the screen. Click the Help tab in the navigation pane to view the online help.
Welcome screen
The Welcome screen contains links to many useful web sites and resources, including the AskF5SM Knowledge Base, the F5 Solution Center, the F5 DevCentral web site, plug-ins, SNMP MIBs, and SSH clients. The screen is shown previously in Figure 1.1.
F5 Technical Support web site
The F5 Technical Support web site, https://support.f5.com, provides the latest documentation for the product. To access this site, you need to register at https://support.f5.com.
Important: This guide is written with the assumption that you have installed the BIG-IP system, and have licensed and provisioned the Application Security Manager on the system. Refer to the product documentation (described following) if you need more information on these tasks.
In addition to this guide, you can refer to several other documents for details about the BIG-IP system and Application Security Manager. The complete documentation set is available on the F5 Technical Support web site, https://support.f5.com.
Configuration Guide for BIG-IP® Application Security ManagerTM
This guide explains how to fine-tune security policies to include additional security, such as anomaly detection, CSRF protection, sensitive data masking, and antivirus protection through an ICAP server. It also describes security reporting tools.
BIG-IP® Systems: Getting Started Guide
This guide describes all the setup tasks you must complete to install, license, provision, and configure initial settings for any BIG-IP system.
TMOS® Management Guide for BIG-IP® Systems
This guide contains information you need to configure and maintain the network and system-related components of the BIG-IP system, such as configuring VLANs, assigning self IP addresses, creating administrative user accounts, and maintaining high availability.
Configuration Guide for BIG-IP® Local Traffic ManagerTM
This guide contains information you need for configuring the BIG-IP system to manage local network traffic, such as creating virtual servers and load balancing pools, configuring application and protocol profiles, implementing health monitors, and setting up remote authentication.
Platform Guides
The platform guides include information about the BIG-IP system hardware.
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)