Applies To:Show Versions
Overview: Rapid deployment
The Rapid Deployment security policy provides security features that minimize the number of false positive alarms and reduce the complexity and length of the deployment period. By default, the Rapid Deployment security policy includes the following security checks:
- Performs HTTP compliance checks
- Checks for mandatory HTTP header
- Stops information leakage
- Prevents illegal HTTP methods from being used in a request
- Checks response codes
- Enforces cookie RFC compliance
- Applies attack signatures to requests (and responses, if applying signatures to responses)
- Evasion technique detected
- Access from disallowed Geolocation
- Access from disallowed User/Session/IP
- Request length exceeds defined buffer size
- Disallowed file upload content detected
- Failed to convert character
- Modified ASM™ cookie
With the Rapid Deployment security policy, your organization can quickly create a security policy that meets the majority of web application security requirements.
You can implement Rapid Deployment in two ways:
- As a fixed policy that does not change unless you configure additional security features (choose Rapid Deployment security policy).
- By using Real Traffic Policy Builder® to develop the policy by automatically adding elements to the security policy (choose Rapid Deployment security policy with Policy Builder enabled).
Creating a security policy using rapid deployment
Before you can create a security policy using ASM, you need to complete the basic BIG-IP® system configuration tasks including creating a VLAN, a self IP address, and other tasks, according to the needs of your networking environment.
- On the Main tab, click The Active Policies screen opens. .
- Click the Create button. The Deployment wizard opens to the Select Local Traffic Deployment Scenario screen.
For the Local Traffic Deployment Scenario setting,
specify a virtual server to use for the security policy.
- Select Existing Virtual Server and click Next to use an existing virtual server (as long as it does not have an HTTP Class profile associated with it).
- Select New Virtual Server and click Next to create a new virtual server and pool with basic configuration settings.
- Configure the new or existing virtual server, and click Next. The Select Deployment Scenario screen opens.
- For Deployment Scenario, select Create a policy manually or use templates and click Next. The Configure Security Policy Properties screen opens.
From the Application Language list, select the language encoding of the
Important: You cannot change this setting after you have created the security policy.
From the Application-Ready Security Policy list, select
one of the following options:
Option Description Rapid Deployment security policy Creates a simple security policy that protects against known vulnerabilities, such as evasion attacks, data leakage, and buffer overflow attacks. Rapid Deployment security policy with Policy Builder enabled Creates a simple security policy that protects against known vulnerabilities, and starts the Policy Builder which can add elements to the policy based on examining application traffic, put them in staging, and enforce them when ready.
- For the Staging-Tightening Period field, retain the default setting of 7 days. Staging and tightening allow you to test the security policy entities for false positives before enforcing them. During the staging-tightening period, the security policy provides learning suggestions when it processes requests that do not meet the security policy; but the security policy does not alert or block that traffic, even if those requests trigger violations.
- Click Next. The Configure Attack Signatures screen opens.
- To configure attack signatures, move the systems used by your web application from the Available Systems list into the Assigned Systems list. The system adds the attack signatures needed to protect the selected systems.
- Retain the default value of Enabled for the Signature Staging setting. New and updated attack signatures remain in staging for seven days, and during that time, they are not enforced (according to the learn, alarm, and block flags selected for each of the signature sets).
- If using the Rapid Deployment security policy (without Policy Builder), you can select Enabled for the Apply Signatures to Responses setting to have the system use the signatures to inspect responses.
- Click Next. The Security Policy Configuration Summary screen opens.
- Review the settings for the security policy. When you are satisfied with the security policy configuration, click Finish. The system creates the security policy and opens the Properties screen.
Fine-tuning a security policy
After you create a security policy, the system provides learning suggestions concerning additions to the security policy based on the traffic that is accessing the application. For example, you can have users or testers browse the web application. By analyzing the traffic to and from the application, Application Security Manager™ generates learning suggestions or ways to fine-tune the security policy to better suit the traffic and secure the application.
- On the Main tab, click The Traffic Learning screen opens, and lists violations and learning suggestions that the system has found based on real traffic. .
In the Traffic Learning area, click each violation hyperlink, then review and handle learning
Option Description Accept Select a learning suggestion, click Accept, and then click Apply Policy. The system updates the security policy to allow the file type, URL, parameter, or other element. Clear Select a learning suggestion, and click Clear. The system removes the learning suggestion and continues to generate suggestions for that violation. Cancel Click Cancel to return to the Traffic Learning screen.
- On the Traffic Learning screen, review the violations and consider whether you want to permit any of them (for example, if a violation is causing false positives). Select any violations you do not want the system to trigger, and click Disable Violation. A popup screen opens, and you can verify that you want to disable the violations or cancel the action.
- To activate the updated security policy, on the top right of the screen, click Apply Policy, then click OK to confirm.
- To view outstanding tasks for the security policy, on the Main tab, click The Overview Summary screen opens. .
Examine the summary screen for information about recommended tasks that you
need to complete.
- Review the Tasks to do area, which lists system tasks and security policy tasks that should be completed.
- Click the links in the Tasks to do area to go to the screen where you can perform the recommended action.
- In the Quick Links area, click any of the links to gain access to common configuration and reporting screens.
Enforcing a security policy
- On the Main tab, click The Settings screen shows the violations that can be detected, and how the security policy responds to requests that cause those violations (whether the system learns information from the illegal request, generates an alarm, or blocks the request). .
- In the Current edited policy list near the top of the screen, verify that the edited security policy is the one you want to work on.
For each violation, review the settings so you understand how the security policy handles
requests that cause the violation.
Option Description Learn If selected, the system generates learning suggestions for requests that trigger the violation. Alarm If selected, the system records requests that trigger the violation in the Charts screen, the Syslog (/var/log/asm), and possibly in local or remote logs (depending on the settings of the logging profile). Block If selected (and the enforcement mode is set to Blocking), the system blocks requests that trigger the violation.
- For the Enforcement Mode setting, select Blocking.
- Click Save.
- On the Main tab, click .
- To change the number of days the security policy remains in staging, change the value in the Staging-Tightening Period field. The security policy does not block traffic during the Staging-Tightening Period even if violations occur. If you want to block traffic that causes violations, set the value of this field to 0. For details, see the online help.
- Click Save.
- In the editing context area, click Apply Policy to immediately put the changes into effect.
- For a quick summary of system activity, look at the Overview screen ( ).