You can deploy Application Security Manager™ (ASM) and Access Policy Manager®(APM®) with database security products, such as IBM® InfoSphere® Guardium® to increase security visibility, receive alerts about suspicious activity, and prevent attacks. When integrated with database security, ASM™ can provide information about each HTTP request and database query. This allows the database security system to correlate the web transaction with the database query to make a security assessment of the transaction. ASM also provides application level details to improve the database security system's logging and reporting.
For you to integrate ASM with a database security product, the database security server itself must have been configured and accessible on the network. On the BIG-IP® system, you specify the host name or IP address of the database security server. Then, you enable database security integration for one or more security policies that are set up to protect web application resources.
When using database security, Application Security Manager monitors web application traffic and sends information about the users, the requests, and reporting events to the database security server. The following figure shows an example of how ASM can integrate with the IBM InfoSphere Guardium Database Activity Monitoring Appliance.
Integrating ASM and APM with external database security example
The security policy can get user names from requests using login pages configured from within ASM, or the policy can retrieve the user names from Access Policy Manager®(APM). This implementation describes how to integrate ASM and APM™ with an external database security server. APM handles user authentication in this case and provides the information that is sent to the database security server.
In order to integrate a database security server from within Application Security Manager™ (ASM™) so that the security policy retrieves the user names from Access Policy Manager ®(APM®), you need to perform basic these system configuration tasks according to the needs of your networking configuration:
For example, you can type ffff:ffff:ffff:ffff:0000:0000:0000:0000 or ffff:ffff:ffff:ffff::.
|Fundamental||Creates a security policy enforcing HTTP protocol compliance, evasion techniques, explicit file types (including length checks), explicit parameters in selective mode at the global level, attack signatures, the violation Request Length Exceeds Defined Buffer Size, host names, header lengths, cookie lengths, the violation Failed to Convert Character, and learn explicit redirection domains.|
|Enhanced||Creates a security policy with all the elements of the Fundamental policy type; also checks for explicit URLs in selective mode plus meta characters, explicit parameter length checks in selective mode at the global level, methods, explicit cookies, and content profiles.|
|Comprehensive||Creates a security policy with all the elements of the Enhanced policy type; also checks for explicit URLs and meta characters, explicit parameters and lengths at the URL level, parameter meta characters, and dynamic parameters.|
|Fast||Use if your application supports a small number of requests from a small number of sessions; for example, useful for web sites with less traffic. However, choosing this option may present a greater chance of adding false entities to the security policy.|
|Medium||Use if your application supports a medium number of requests, or if you are not sure about the amount of traffic on the application web site. This is the default setting.|
|Slow||Use if your application supports a large number of requests from many sessions; for example, useful for web sites with lots of traffic. This option creates the most accurate security policy, but takes Policy Builder longer to collect the statistics.|
|All||Specifies that the policy trusts all IP addresses. For example, if the traffic is in a corporate lab or preproduction environment where all of the traffic is trusted, the policy is created faster when you select this option.|
|Address List||Specifies networks to consider safe. Fill in the IP Address and Netmask fields, then click Add. This option is typically used in a production environment where traffic could come from untrusted sources. The IP Address can be either an IPv4 or an IPv6 address.|
You associate the access profile with the virtual server created for the web application that Application Security Manager™ is protecting.
You associate the access profile with the virtual server so that Access Policy Manager®can apply the profile to incoming traffic.
You have set up a BIG-IP® system to use Application Security Manager™ (ASM) to secure application traffic, and Access Policy Manager™ (APM) to check user credentials.
Client traffic is routed to the virtual server for the web application. At first, traffic is handled by the APM module. APM® verifies user credentials and allows those with valid credentials to use web application. APM also sends user names and session IDs of valid users to ASM™. After that, ASM checks for security violations and forwards traffic that meets the security policy requirements to the backend server.
The database security server includes the application and user information provided by ASM and APM, so it can be viewed in logs and reports on that system. The database security server can perform a more in depth security assessment of the web request.
If you want to review reports and event logs that associate the user name with the session information on the BIG-IP system, you can set up session tracking (by enabling session awareness). When session awareness is enabled, you can see the user names on the Event Logs: Application: Requests screen in the General Details section of specific requests. IN addition, the Reporting: Application: Charts screen displays the users who sent the illegal requests.