Manual Chapter : Common Elements for Protocol Security Tasks

Applies To:

Show Versions Show Versions

BIG-IP ASM

  • 14.0.0
Manual Chapter

Common Elements for Protocol Security Tasks

  1. On the Main tab, click
    Security
    Protocol Security
    Security Profiles
    FTP
    .
    The Security Profiles: FTP screen opens.
  2. On the Main tab, click
    Security
    Protocol Security
    Security Profiles
    SMTP
    .
    The Security Profiles: SMTP screen opens.
  3. On the Main tab, click
    Security
    Protocol Security
    Security Profiles
    HTTP
    .
    The Security Profiles: HTTP screen opens.
  4. On the Main tab, click
    Security
    Protocol Security
    Security Profiles
    SSH Proxy
    .
    The Protocol Security: Security Profiles: SSH Proxy screen opens.
  5. On the Main tab, click
    Security
    Event Logs
    Protocol
    and click
    HTTP
    ,
    DNS
    , or
    SIP
    .
    The appropriate statistics screen opens listing all violations for that protocol, with the number of occurrences.
  6. Click the
    Create
    button.
    The New FTP Security Profile screen opens.
  7. Click the
    Create
    button.
    The New SMTP Security Profile screen opens.
  8. Click the
    Create
    button.
    The New HTTP Security Profile screen opens.
  9. On the menu bar, click
    Advanced Configuration
    .
  10. To filter the list of SSH proxy permission rules, type the filter text in the
    Filter Rules
    field.
    The
    Filter Rules
    field is case sensitive.
  11. On the menu bar, click the protocol whose settings you want to view (for example,
    HTTP
    ,
    FTP
    , or
    SMTP
    ).
  12. In the Defense Configuration area, select
    Alarm
    or
    Block
    for the defenses you want to activate.
    FTP Defense
    Description when set to Block
    Active Mode
    Prevents port scanning and other active mode exploits.
    Anonymous FTP Requests
    Prevents unauthorized access by prohibiting anonymous users
    Command Length Restriction
    Prevents buffer overflow attacks by limiting command line length. Specify the maximum number of characters allowed in a command.
    FTP Commands
    Protects against unwanted FTP commands. Move the commands you do not want to allow into the Disallowed list.
    FTP Protocol Compliance Failed
    Protects against non-RFC compliant commands and also disallows syntax errors.
    Maximum Login Retries
    Prevents brute force attacks by limiting login retries. Specify the maximum attempts a user can try to log on, the maximum number of login attempts allowed from a specific client IP address, and how long to block users before they can try again.
    Passive Mode
    Prevents passive mode exploits such as file stealing.
    Option
    Description
    Alarm
    The system logs any requests that trigger the violation.
    Block
    The system blocks any requests that trigger the violation.
    Alarm
    and
    Block
    The system both logs and blocks any requests that trigger the violation.
    If you do not enable either
    Alarm
    or
    Block
    for a violation, the system does not perform the corresponding security check.
  13. For the
    Virus Detection
    setting, select the
    Alarm
    or
    Block
    options as required.
    Option
    Description
    Alarm
    The system logs any requests that trigger the virus detected violation, and displays them on the Protocol Security statistics screen.
    Block
    The system blocks any email requests that trigger the virus detected violation.
    Alarm
    and
    Block
    The system both logs and blocks any requests that trigger the virus detected violation.
  14. In the HTTP Security Profiles area, in the Profile Name column, click the name of the security profile that you are modifying.
    The HTTP Profile Properties screen opens.
  15. If you want the system to replace sensitive data in a response with asterisks (****), select the
    Mask data
    check box.
    If the
    Mask Data
    check box is cleared, sensitive data may still appear in responses.
  16. For the
    Methods
    setting, from the
    Available
    list, select the methods you want to allow in a request and move them to the
    Allowed
    list.
  17. For the
    File Types
    setting, specify whether you want to create a list of allowed or disallowed file types, and which files you want in the list.
    • To create a list of file types that are permitted in requests, select
      Define Allowed
      .
    • To create a list of file types not permitted, select
      Define Disallowed
      .
    • Select file types from the
      Available
      list, and move them to the
      Allowed
      or
      Disallowed
      list.
    • To add a new file type, type the name in the
      File Type
      field, click
      Add
      to add it to the
      Available
      list, and then move it to the
      Allowed
      or
      Disallowed
      list.
    If the profile is case-sensitive, the file types are case-sensitive. For example,
    jsp
    and
    JSP
    will be treated as separate file types.
  18. For the
    File Types
    setting, specify the file types to allow or disallow in a request:
    • Select file types from the
      Available
      list, and move them to the
      Allowed
      or
      Disallowed
      list.
    • To add a new file type, type the name in the
      File Type
      field, click
      Add
      to add it to the
      Available
      list, and move it to the
      Allowed
      or
      Disallowed
      list.
    If the profile is case-sensitive, the file types are case-sensitive. For example,
    jsp
    and
    JSP
    are treated as separate file types.
  19. In the
    Profile Name
    field, type a unique name for the profile.
  20. Select
    Alarm
    or
    Block
    , to indicate how you want the system to respond to a triggered violation.
    The default setting is
    Alarm
    .
    • Alarm
      : The system logs any requests that trigger the violation.
    • Block
      : The system blocks any requests that trigger the violation.
    • Alarm
      and
      Block
      : The system both logs and blocks any requests that trigger the violation.
  21. Click
    Create
    .
    The screen refreshes, and you see the new security profile in the list.
  22. Click
    Create
    to create a new profile, or
    Update
    to update an existing one.
  23. Click
    Save
    .
  24. Click
    Update
    to retain changes.