ebook img

Pulse Secure Virtual Web Application Firewall Admin Guide PDF

622 Pages·2017·13.8 MB·English
by  
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Pulse Secure Virtual Web Application Firewall Admin Guide

Virtual Web Application Firewall Standalone Edition Administrator User Guide Product Release 4.9 Published March, 2018 Document Version 1.0 Virtual Web Application Firewall Administrator User Guide Copyright © 2018, Pulse Secure, LLC. All Rights Reserved. Pulse Secure, LLC 2700 Zanker Road, Suite 200 San Jose CA 95134 https://www.pulsesecure.net Pulse Secure and the Pulse Secure logo are trademarks of Pulse Secure, LLC in the United States. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners. Pulse Secure, LLC assumes no responsibility for any inaccuracies in this document. Pulse Secure, LLC reserves the right to change, modify, transfer, or otherwise revise this publication without notice. The information in this document is current as of the date on the title page. END USER LICENSE AGREEMENT The Pulse Secure product that is the subject of this technical documentation consists of (or is intended for use with) Pulse Secure software. Use of such software is subject to the terms and conditions of the End User License Agreement (“EULA”) posted at http://www.pulsesecure.net/support/eula/. By downloading, installing or using such software, you agree to the terms and conditions of that EULA. © 2018 Pulse Secure, LLC. 1 Virtual Web Application Firewall Administrator User Guide C ONTENTS Copyright ......................................................................................................................... 1 Preface ............................................................................................................................. 1 Document conventions....................................................................................................................2 Notes, cautions, and warnings..................................................................................................2 Text formatting conventions.....................................................................................................2 Command syntax conventions.................................................................................................2 Self-Help Online Tools and Resources..........................................................................................4 Requesting Technical Support........................................................................................................5 Opening a Case with PSGSC............................................................................................................6 About This Document..................................................................................................... 7 Supported Hardware and Software..............................................................................................8 What's New in This Document........................................................................................................9 Major changes for version 4.9..................................................................................................9 Major changes for version 4.6.1.............................................................................................12 Major changes for version 4.6................................................................................................13 What vWAF Does........................................................................................................... 16 Typical Attacks...................................................................................................................................16 vWAF Protects Your Web Applications........................................................................................16 vWAF Detects Attacks......................................................................................................................17 Protection Mode Versus Detection Mode..................................................................................17 Background Information................................................................................................................17 How vWAF Works.......................................................................................................... 18 Workflow.............................................................................................................................................18 System Components.......................................................................................................................18 Deployment Scenarios....................................................................................................................19 Single-Server Installation................................................................................................................19 Installation on a Cluster of Web Servers Plus One Dedicated Administration Server....19 Multimaster Installation..................................................................................................................20 Cloud Installation..............................................................................................................................21 Client Compatibility..........................................................................................................................22 Installation..................................................................................................................... 23 System Requirements.....................................................................................................................23 User Rights.........................................................................................................................................23 Installation Procedure.....................................................................................................................23 Enforcer-Only Installations on Windows....................................................................................24 Single-Server Installation............................................................................................. 25 Cluster Installation....................................................................................................... 27 Steps required on all computers..................................................................................................27 Additional steps required on the administration server........................................................27 Additional steps required on each web server.........................................................................28 © 2018 Pulse Secure, LLC. i Virtual Web Application Firewall Administrator User Guide Importing the license.......................................................................................................................29 Changing the default password....................................................................................................29 Cloud Installation.......................................................................................................... 30 Installing the administration cluster............................................................................................30 Installing the decider nodes..........................................................................................................31 Installing a load balancer for the decider nodes......................................................................31 Installing the enforcer nodes........................................................................................................32 Importing the license.......................................................................................................................32 Changing the default password....................................................................................................32 Multimaster Setup............................................................................................................................33 Using the Multimaster Cluster Setup Tool...........................................................................33 Activating the Enforcer................................................................................................ 35 Installing on Windows.....................................................................................................................35 Installing the Apache Plug-in.........................................................................................................35 Installing the J2EE Plug-in...............................................................................................................36 Configuring the Decider..................................................................................................................37 Modifying the configuration file..............................................................................................37 IP address and port of the decider:......................................................................................37 IP address and port of the administration server:............................................................37 Path for log files:.........................................................................................................................37 Path for configuration databases:.........................................................................................37 Restarting vWAF..........................................................................................................................37 Starting and Stopping the Software.............................................................................................38 Under UNIX..................................................................................................................................38 Under Windows..........................................................................................................................38 Decider start behavior..............................................................................................................38 Troubleshooting:........................................................................................................................38 Allowing Connection to Update Server.......................................................................................39 Setting Enforcer Options.............................................................................................. 40 Apache Enforcer...............................................................................................................................40 IIS 5/6/7/8 Enforcer..........................................................................................................................43 J2EE Enforcer.....................................................................................................................................47 Additional setting for Tomcat6...............................................................................................50 Enabling Multi-CPU Support..........................................................................................................51 How it works................................................................................................................................51 What steps do I take?................................................................................................................51 Changing Ports.............................................................................................................. 52 Edit the configuration file...............................................................................................................52 Edit the enforcer configuration.....................................................................................................52 Edit Cluster Management...............................................................................................................52 Implementing Authentication Via LDAP......................................................................................53 Using LDAP with Microsoft Active Directory........................................................................54 Adding new users automatically............................................................................................54 Using Custom Configuration Files................................................................................................55 Example........................................................................................................................................55 Setting up Payload Encryption.................................................................................... 56 Purpose..............................................................................................................................................56 © 2018 Pulse Secure, LLC. ii Virtual Web Application Firewall Administrator User Guide Default behavior...............................................................................................................................56 When you might want to turn payload encryption off............................................................56 Configuration parameters..............................................................................................................56 How to create your individual key pair.......................................................................................57 How to specify your individual key pair......................................................................................57 How to change a used key pair.....................................................................................................57 Update Installation...........................................................................................................................58 How to proceed..........................................................................................................................58 Configuring the Updater.............................................................................................. 59 Using the Update Center.............................................................................................. 61 Opening the Update Center..........................................................................................................61 Checking for updates and managing packages........................................................................62 Updating.............................................................................................................................................63 Rolling back........................................................................................................................................64 Generating support packs.............................................................................................................64 Basic Principals of Use.................................................................................................. 66 Starting Administration...................................................................................................................67 Opening........................................................................................................................................67 Login..............................................................................................................................................67 Initial Setup Wizard and Application Creation Wizard......................................................67 Home page..................................................................................................................................68 Which configuration is loaded?..............................................................................................70 What can you see and what can you do?.............................................................................70 Getting help.................................................................................................................................71 Layout of the Administration Interface.......................................................................................72 Menu.............................................................................................................................................72 Navigation area...........................................................................................................................72 Interaction area..........................................................................................................................73 Logout...........................................................................................................................................73 Status display..............................................................................................................................73 Available Features............................................................................................................................75 Detection Mode, Protection Mode..............................................................................................76 Modes...........................................................................................................................................76 One ruleset or two rulesets?...................................................................................................76 Default Behavior.........................................................................................................................76 Baseline Protection..........................................................................................................................77 How it works................................................................................................................................77 Application Mapping, Paths, Preconditions...............................................................................78 Customer keys............................................................................................................................78 Applications.................................................................................................................................78 Hosts.............................................................................................................................................79 Prefixes.........................................................................................................................................79 Application Mapping.................................................................................................................79 Paths and preconditions..........................................................................................................80 How it all works together.........................................................................................................82 Mappings of deleted applications..........................................................................................83 Types of Handlers and Attribute Inheritance............................................................................85 © 2018 Pulse Secure, LLC. iii Virtual Web Application Firewall Administrator User Guide Global handlers, handler templates, individual handlers................................................85 Optimum configuration process............................................................................................85 How many attributes have been inherited?........................................................................85 Which attributes have been overwritten?............................................................................86 How handlers are executed....................................................................................................87 Organizational Integration.............................................................................................................88 Typical scenario..........................................................................................................................88 User groups.................................................................................................................................88 Multiple assignments................................................................................................................88 Example scenario.......................................................................................................................89 What happens in the case of simultaneous editing?........................................................89 How Blacklists, Whitelists, and Graylists Are Processed.........................................................90 If there’s only a blacklist............................................................................................................90 If there’s only a whitelist...........................................................................................................90 If there’s a blacklist, a whitelist, and a graylist.....................................................................90 When Changes Are Saved and Become Active.........................................................................91 Changes that become active immediately...........................................................................91 Changes that need to be committed and activated..........................................................91 The loaded version of a ruleset and the active versions may differ..............................92 Application-specific versions of rulesets..............................................................................92 Creating the Security Configuration........................................................................... 94 Basic configuration..........................................................................................................................94 Customization...................................................................................................................................94 Guide: Recommended Work Sequence ...................................................................... 95 Basic principles.................................................................................................................................95 Editing Applications...................................................................................................... 97 Creating an application with the help of the Application Creation Wizard........................97 Creating an application manually.................................................................................................98 Renaming an application.............................................................................................................100 Deleting an application................................................................................................................101 Setting protection mode/detection mode..............................................................................101 Activating reduced logging for particular hosts.....................................................................103 Enabling full request logging......................................................................................................105 Viewing, adding and removing administrators......................................................................105 Specifying the character set.......................................................................................................106 Checking the capability................................................................................................................107 Enabling reduced argument logging........................................................................................107 Editing Application Mapping...................................................................................... 108 Opening application mapping....................................................................................................108 Adding a customer key................................................................................................................109 Adding a mapping.........................................................................................................................109 Editing hosts...................................................................................................................................110 Editing prefixes..............................................................................................................................111 Changing the processing order.................................................................................................112 Using search...................................................................................................................................112 Deleting a mapping.......................................................................................................................113 Deleting a customer key..............................................................................................................113 © 2018 Pulse Secure, LLC. iv Virtual Web Application Firewall Administrator User Guide Reviewing and committing or discarding changes to application mapping...................114 Using Wizards to Configure Applications................................................................. 117 Procedure.......................................................................................................................................117 Configuring and Updating Baseline Protection....................................................... 119 First-Time configuration...............................................................................................................119 How to find out when new baselines are available..............................................................119 Updating the baseline..................................................................................................................121 Editing Paths................................................................................................................ 122 The order of paths is important................................................................................................122 Duplicate paths when using preconditions............................................................................122 Examples.........................................................................................................................................122 Creating a path..............................................................................................................................123 Editing a path.................................................................................................................................123 Moving a path..........................................................................................................................125 Deleting a path........................................................................................................................125 Using search.............................................................................................................................125 Editing Preconditions ................................................................................................. 127 Adding preconditions...................................................................................................................127 Editing a precondition selector..................................................................................................128 Removing a precondition selector............................................................................................130 Editing Handlers.......................................................................................................... 131 Definition levels and Inheritance...............................................................................................131 Adding handlers.............................................................................................................................132 Editing a handler...........................................................................................................................133 Removing a handler......................................................................................................................135 Setting Up a Custom Error Page................................................................................ 136 Setting up an HTML error page.................................................................................................136 Setting up a redirection to a given URL...................................................................................137 Reviewing and Discarding Ruleset Changes............................................................ 139 Opening the change log..............................................................................................................139 Discarding changes.......................................................................................................................140 Committing and Activating Ruleset Changes.......................................................... 141 What's saved? What becomes active?......................................................................................141 When to commit............................................................................................................................141 When to commit and activate....................................................................................................141 Procedure.......................................................................................................................................142 Version Control ........................................................................................................... 144 Purpose...........................................................................................................................................144 Opening...........................................................................................................................................144 Status section.................................................................................................................................144 History section...............................................................................................................................145 Changing the protection ruleset................................................................................................145 Enabling / disabling a detection ruleset..................................................................................146 Loading a different version for editing.....................................................................................146 Viewing an old version and printing documentation...........................................................147 Hiding unneeded rulesets for more clarity.............................................................................147 Unhiding a ruleset..................................................................................................................147 © 2018 Pulse Secure, LLC. v Virtual Web Application Firewall Administrator User Guide Application Control..................................................................................................... 148 Opening...........................................................................................................................................148 Blocking/allowing traffic...............................................................................................................148 Switching the rule set on or off..................................................................................................149 Monitoring the attack status......................................................................................................149 Adding applications......................................................................................................................150 Export and Import....................................................................................................... 151 Purpose...........................................................................................................................................151 What you can export and import..............................................................................................151 What happens when importing.................................................................................................151 Exporting / Importing application mappings and rulesets.................................................152 Exporting / importing rulesets only..........................................................................................153 Exporting/ importing preconditions (selectors).....................................................................153 Exporting/ importing event destination groups....................................................................154 Global IP Blacklisting.................................................................................................. 155 Purpose...........................................................................................................................................155 How global IP blacklisting works................................................................................................155 How IPs get blacklisted................................................................................................................155 Configuring vWAF to add IP addresses to the IP blacklist...................................................156 Manually configuring vWAF to add IP addresses to the IP blacklist..................................156 Adding an IP address range to the global IP blacklist manually........................................157 Filtering the view............................................................................................................................157 Excluding ranges of IP addresses from the global IP blacklist...........................................158 Linking External Services.............................................................................................................159 Vulnerability Management........................................................................................ 160 Purpose...........................................................................................................................................160 Opening...........................................................................................................................................160 Importing reports..........................................................................................................................161 Uploading a report.................................................................................................................161 Downloading a report..................................................................................................................162 Vulnerability Overview..................................................................................................................162 Editing a vulnerability...................................................................................................................163 Rule Management....................................................................................................... 165 Purpose...........................................................................................................................................165 Opening...........................................................................................................................................165 Information displayed..................................................................................................................165 Implementing Python Scripts.................................................................................... 166 Creating scripts..............................................................................................................................166 Managing scripts in the script library.......................................................................................168 Enabling scripts..............................................................................................................................169 Example Scripts.............................................................................................................................169 Example script: Add content to end of page....................................................................169 Example script: Call server scripts based on request URL...........................................170 Example script: checking and setting a cookie................................................................170 Example script: adding an IP address to the global IP blacklist..................................171 Example scripts: Validating XML..........................................................................................171 Configuring Alerts....................................................................................................... 173 © 2018 Pulse Secure, LLC. vi Virtual Web Application Firewall Administrator User Guide Event Destinations........................................................................................................................173 Event Destination Groups...........................................................................................................173 Event Sources.................................................................................................................................173 Editing Event Destinations......................................................................................... 174 Creating and editing an event destination group.................................................................174 Adding event destinations..........................................................................................................175 Editing an Event Destination......................................................................................................175 Deleting an event destination....................................................................................................176 Editing Event Sources................................................................................................. 177 Adding event sources...................................................................................................................177 Editing an event source...............................................................................................................178 Deleting an event source............................................................................................................179 Monitoring Attacks, Statistics, Log Files, Reports................................................... 180 Attack Status...................................................................................................................................180 Statistics...........................................................................................................................................180 Reports.............................................................................................................................................180 Log Files...........................................................................................................................................180 Additional Log Files That Cannot Be Accessed via the Administration Interface..........181 Attack Analysis............................................................................................................ 182 Purpose...........................................................................................................................................182 Opening...........................................................................................................................................182 Information displayed..................................................................................................................183 Application Statistics.................................................................................................. 185 Purpose...........................................................................................................................................185 Opening...........................................................................................................................................185 Information displayed..................................................................................................................186 Reports......................................................................................................................... 188 Purpose...........................................................................................................................................188 Creating and downloading a report manually.......................................................................189 Scheduling reports sent by email..............................................................................................190 Contents of a report.....................................................................................................................190 Log Files........................................................................................................................ 192 Purpose...........................................................................................................................................192 Opening...........................................................................................................................................192 Settings that influence what’s logged.......................................................................................193 Selecting the time range.......................................................................................................194 Filtering the display.................................................................................................................194 Saving and restoring your filter settings..................................................................................196 Customizing the table..................................................................................................................196 Data Displayed...............................................................................................................................197 Going to the triggering event.....................................................................................................198 Getting suggestions for improvement.....................................................................................199 Downloading log data..................................................................................................................199 Opening the details page and downloading request data.................................................199 Default Error Log...........................................................................................................................202 Purpose.....................................................................................................................................202 Opening.....................................................................................................................................202 © 2018 Pulse Secure, LLC. vii

Description:
Virtual Web Application Firewall Administrator User Guide Page 13 unlimited number of security gaps – the ideal starting position for hackers. This allows you to effectively disable the enforcer module without .. On the WEB APPLICATION FIREWALL tab, you can manage the available
See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.