F5 BIG-IP ADVANCED WAF (WEB APPLICATION FIREWALL)
About This Course
Configuring BIG-IP ASM: Application Security Manager (WAF)
Course Description:
In this course, students are provided with a functional understanding of how to deploy, tune, and operate ASM to protect their web applications from HTTP-based attacks. The course includes lecture, hands-on labs, and discussion about different ASM components for detecting and mitigating threats from multiple attack vectors such web scraping, Layer 7 Denial of Service, brute force, bots, code injection, and zero day exploits.
Prerequisites:
There are no required F5 technology-specific prerequisites for this course. However, completing one the following before attending would be very helpful for students unfamiliar with BIG-IP:
- Administering BIG-IP
- F5 Certified BIG-IP Administrator
Table of Contents
Module 1: Setting Up the BIG-IP System
- Packet Based Design Vs Full Proxy Architecture
- What’s inside a BIG IP system
- BIG-IP Platforms
- What’s outside a Hardware BIG IP system
- Initial BIG-IP setup
- Licensing, Provisioning and Network Configuration
Module 2: Traffic Processing with BIG-IP
- Identifying BIG-IP Traffic Processing Objects
- Overview of Network Packet Flow
- Understanding Profiles
- Overview of Local Traffic Policies
- Visualizing the HTTP Request Flow
Module 3: Web Application Concepts
- Overview of Web Application Request Processing
- Web Application Firewall: Layer 7 Protection
- ASM Layer 7 Security Checks
- Overview of Web Communication Elements
- Overview of the HTTP Request Structure
- Examining HTTP Responses
- How ASM Parses File Types, URLs, and Parameters
- Using the Fiddler HTTP Proxy
Module 4: Common Web Application Vulnerabilities
- Injection Attacks
- Parameter Tampering
- Hidden Field Manipulation
- Forceful Browsing
- Cross Site Scripting
Chapter 5: Security Policy Deployment
- Positive & Negative Security Models
- The Deployment Workflow
- Security Checks offered by Rapid Deployment
- Response Checks using Data Guard
Module 6: Policy Tuning and Violations
- Defining False Positives
- How Violations are Categorized
- Violation Rating: A Threat Scale
- Enforcement settings & Staging
Module 7: Attack Signatures
- Defining Attack Signatures
- Creating User-Defined Attack Signatures
- Defining Attack Signature Sets
- Understanding Attack Signatures and Staging
Module 8: Positive Security Policy Building
- Defining and Learning Security Policy Components
- Learning File Types , URLs and Parameters
- Choosing the Learning Scheme
Module 9: Cookies and Other Headers
- ASM Cookies: What to Enforce
- Enforce integrity of domain cookies
- Defining Allowed and Enforced Cookies
Module 10: User Roles and Policy Modification
- Defining user Roles
- Administrative Partitions
- Comparing Security Policies
- Editing and Exporting Security Policies
- ASM Deployment Types
Module 11: Reporting and Logging
- Reporting
- Logging and Viewing Logs
- Logging Profiles – Default & Custom
Module 12: Advanced Parameter Handling
- Defining Parameters types
- User-Input Parameters
- Defining static Parameters
- Defining Dynamic Parameters
- Dynamic parameter Extraction
Module 13: Using Application-Ready Templates
- Application Ready Templates
- Commonly used Templates
Module 14: Automatic Policy Building
- Overview of Automatic Policy Building
- Choosing policy types [Rapid, Fundamental and Comprehensive]
- Trusted and Untrusted IP Addresses
- Learning speed
- Learning Score
Module 15: Web Application Vulnerability Scanner Integration
- Overview
- Integrating ASM with Vulnerability scanner
- Resolving Vulnerabilities
Module 16: Layered Policies
- Overview of Layered Security Policies
- Parent and child security policy terminology
- Policy Section elements and settings
- Inheritance settings
Module 17: Login Enforcement and Session Tracking
- Defining Login URL
- Defining Session Tracking
- Session Hijacking Mitigation
- Fingerprinting Overview
- Partial List of what ASM can fingerprint
Module 18: Brute Force and Web Scraping Mitigation
- Defining Anomalies
- Mitigating Brute Force Attacks via Login Page
- Defining Session-Based Brute Force Protection
- Defining the Prevention Policy
- Mitigating Web Scraping
- Defining Geo location and IP address Exceptions
Module 19: Layer 7 DoS Mitigation and Advanced Bot Protection
- Defining Denial of Service Attacks
- Defining the DoS Profile
- Defining Mitigation Methods
- Using BOT Signatures
- Create a DoS Logging Profile
- Defining DoS Profile General Settings
- Defining Bot Signatures
- Defining Proactive Bot Defense
Your Instructors
nettech
Manoj Verma (CCIE#43923) - Instructor & Consultant
Manoj Verma (CCIE#43923) is a highly experienced senior technical instructor and Network/ security consultant. He has been in the networking industry for more than 20 years, with a focus on networking and security for the past 15 years. He has assisted thousands of engineers in obtaining their various certifications starting from CCNA to CCIE, CCSA, CCSE, PCNSE, F5, etc. and learning the latest and cutting-edge technologies. He started his career as a system administrator and then switched to the networking and security domain. During the job, he realized that he is gifted with a passion for teaching and sharing his knowledge, as he used to teach his colleagues and friends. In his classroom training, he always starts with explaining the theory on a certain topic and then gives away a short note of key points and finally end with lab implementation. Now a day, driving down to the training institute to attend classroom training sessions is not feasible for everyone owing to the workflow, odd working hours and rotational shifts, especially for working professionals and those who are living in different cities and countries. He started getting multiple requests from lots of students to launch an online training module in the same way as he teaches in his classrooms. Keeping all this in mind, he designed this self-paced training module which replicates classroom training. He has brought his years of classroom teaching experience, and years of real-world enterprise and service provider experience in designing training modules. For a better understanding of technologies and in-depth knowledge, reading books or short notes is necessary and to witness the theoretical information in live, practical knowledge is required so he has included both which is very unique in the IT training sector.