Applies To:

Show Versions Show Versions

Manual Chapter: Creating a Security Policy Using Rapid Deployment
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

The Rapid Deployment security policy provides security features that minimize the number of false positive alarms and reduce the complexity and length of the deployment period. By default, the Rapid Deployment security policy includes the following security checks:
With the Rapid Deployment security policy, your organization can quickly create a security policy that meets the majority of web application security requirements. It is a set policy that does not change unless you configure additional security features. For additional information about the Rapid Deployment security policy, see the Working with the Application-Ready Security Policies appendix, in the Configuration Guide for BIG-IP® Application Security ManagerTM.
Important: The procedures in this deployment start after you have configured the network settings that are appropriate for your environment. Refer to Chapter 2, Performing Basic Configuration Tasks, if you have not yet configured network connectivity.
You can use rapid deployment to create a security policy quickly. The Deployment wizard takes you through the steps required for rapid deployment.
On the Main tab of the navigation pane, expand Application Security and click Web Applications.
The Web Applications screen opens.
Locate the web application you want to protect and click the Configure Security Policy link next to it.
The Deployment wizard opens with the Select Deployment Scenario screen.
For Deployment Scenario, select Manual Deployment and click Next.
The Configure Security Policy Properties screen opens.
For Application Language, specify the language encoding of the application.
From the Application-Ready Security Policy list, select the appropriate policy:
For HTTP traffic, select Rapid Deployment security policy (http).
For HTTPS traffic, select Rapid Deployment security policy (https).
Click Next.
The Configure Attack Signatures screen opens.
For the Systems setting, from the Available Systems list, select the systems that apply to your web application and move them into the Assigned Systems list.
Tip: It is best to apply only the attack signatures for the systems in your environment, not all of them.
Click Next.
The Policy Configuration Summary screen opens.
Review the settings for the new security policy. To change any of the settings, click Back to return to the appropriate screen.
If you are satisfied with the security policy configuration, click Finish.
The system creates the security policy. For a summary of the default settings for this security policy, refer to Settings for Rapid Deployment.
Once you have created a security policy, traffic must be going to the web application for the system to provide learning suggestions concerning additions to the security policy. For example, you can have users or testers browse the web application. When analyzing the traffic to and from the application, the Application Security Manager generates learning suggestions or ways to fine-tune the security policy to better suit the traffic.
When you first create a rapid deployment security policy, it operates in transparent mode (meaning that it does not block traffic). When the system receives a request that violates the security policy, the system logs the violation event, but does not block the request.
In the navigation pane, expand Application Security and click Manual Policy Building.
The Traffic Learning screen opens, and lists violations that the system has found against the security policy based on real traffic.
In the Traffic Learning area, click each violation hyperlink sequentially, and view the information provided.
The screen shows the instances of the violation and the resulting learning suggestions.
For each violation, review the specific learning suggestions and decide whether you want to accept or clear the suggestion:
Accept: Select a learning suggestion, click Accept, and then click Apply Policy.
The system updates the security policy to allow the element.
Clear: Select a learning suggestion, click Clear.
The system removes the learning suggestion and continues to generate suggestions for that violation.
Cancel: Click Cancel to return to the Traffic Learning screen.
On the Traffic Learning screen, review the violations and consider whether you want to permit any of them (for example, if a violation is causing false positives). Select the violations you want to allow and click Disable Violation, then OK.
The system clears the Learn, Alarm, and Block settings for those violations.
When you finish dealing with the learning suggestions for the security policy, and the violations that you see are legitimate (not false positives), you can begin to enforce the security policy. To enforce the security policy, you change the enforcement mode from transparent to blocking.
When the enforcement mode is set to blocking and the violations you want to enforce are set to block, the security policy no longer allows requests that cause these violations to reach the back-end resources. Instead, the security policy blocks the request, and sends the blocking response page to the client.
For more information on the blocking policy, the enforcement mode, and how the system processes requests that trigger violations, refer to the Manually Configuring Security Policies chapter of the Configuration Guide for BIG-IP® Application Security ManagerTM.
On the Main tab of the navigation pane, expand Application Security, point to Policy, Blocking, then click Settings.
The Blocking Policy screen opens.
For the Enforcement Mode setting, select Blocking.
The system activates the Block flags for all the violations. A default set of violations is already set to block.
Check or clear the Block check boxes for the violations, as required (or use the default settings).
Click the Save button.
In the editing context area, click the Apply Policy button to immediately put the changes into effect.
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?

NOTE: Please do not provide personal information.

Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)