Learning Adaptive profiling Exception profiling Exception heuristics

Slides:



Advertisements
Similar presentations
Using EBSCOs Search Box Builder Tool Tutorial. Would you like to promote your EBSCOhost resources by adding an easy-to-use search box to your website?
Advertisements

Using MicroStrategy with Excel
MWD1001 Website Production Using JavaScript with Forms.
 The Citrix Application Firewall prevents security breaches, data loss, and possible unauthorized modifications to Web sites that access sensitive business.
Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
CLUSTER WEBLOGIC SERVER. 1.Creating clusters and understanding its concept GETTING STARTED.
Form Handling, Validation and Functions. Form Handling Forms are a graphical user interfaces (GUIs) that enables the interaction between users and servers.
Updated 08/10/   This user guide serves the following purposes:  Introduce users to UMeNET login procedures and UMeNET.
W3af LUCA ALEXANDRA ADELA – MISS 1. w3af  Web Application Attack and Audit Framework  Secures web applications by finding and exploiting web application.
1 ISA Server 2004 Installation & Configuration Overview By Nicholas Quinn.
PHP Tutorials 02 Olarik Surinta Management Information System Faculty of Informatics.
CSC 2720 Building Web Applications Cookies, URL-Rewriting, Hidden Fields and Session Management.
Using Windows Firewall and Windows Defender
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.
London April 2005 London April 2005 Creating Eyeblaster Ads The Rich Media Platform The Rich Media Platform Eyeblaster.
(Business) Process Centric Exchanges
Overview Managing a DHCP Database Monitoring DHCP
Extending ISA/IAG beyond the limit. AGAT Security suite - introduction AGAT Security suite is a set of unique components that allow extending ISA / IAG.
Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.
1 Network Firewalls CSCI Web Security Spring 2003 Presented By Yasir Zahur.
Step by Step Instruction: How to Conduct Direct Certification using the State Match Method Released January 2014 “How to Conduct Direct Certification using.
Emdeon Office Batch Management Services This document provides detailed information on Batch Import Services and other Batch features.
Computer Maintenance Software Configuration: Evaluating Software Packages, Software Licensing, and Computer Protection through the Installation and Maintenance.
Make-Up Testing/Undo Student Test Submissions
The Consolidation Process The Intercompany Integration Solution for SAP Business One Version 2.0 for SAP Business One 9.1 Welcome to the course on the.
Review of IT General Controls
Web fundamentals: Clients, Servers, and Communication
Managing your Candidate List: Temporary Staffing
Managing State Chapter 13.
TMG Client Protection 6NPS – Session 7.
How to use UTM parameters in GA
Centralized Management for Barracuda Networks products
Configuring ALSMS Remote Navigation
Configuring Attendant Console
COM Made Easy A step-by-step guide for working with COM’s.
Section 13 - Integrating with Third Party Tools
Travel Authorization -step by step-
Data Virtualization Tutorial… CORS and CIS
Plan of Study: A Student’s Road Map to Success
Network Load Balancing
Two-factor authentication
Discover How Your Business Can Benefit from a Facebook Fanpage
A Tutorial on How to Turn PowerPoint Presentations into Slideshows
Web Caching? Web Caching:.
Introduction to Networking
The Price IS Right: What can the billing module do for me?
Utilization of Azure CDN for the large file distribution
Domain Matching for BID Association Requests
Lesson #10 MCTS Cert Guide Microsoft Windows 7, Configuring Chapter 10 Configuring Network and Firewall Settings.
What’s New in Fireware v12.1.1
Domain Matching for Contract Association Requests
QuickBooks is a high-tech accounting software that is trusted by millions of small and mid-sized business owners across the world. However, despite being.
COM Made Easy A step-by-step guide for working with COM’s.
The Consolidation Process The Intercompany Integration Solution for SAP Business One Version 2.0 for SAP Business One 9.1 Welcome to the course on the.
NDSA Online Assessment Training 2016
Computer Maintenance Software Configuration: Evaluating Software Packages, Software Licensing, and Computer Protection through the Installation and Maintenance.
Focus on Reports Session 3 LD_Pay & Distribution Adj History To print:
Optimizing Efficiency + Funding
Welcome and thank you for choosing SharkGate
Controllers.
Comparative Reporting & Analysis (CR&A)
Lecture 5: Functions and Parameters
Your Checklist for Managing Events and Schedules
Working with NNRP Sites General Country Information
DMIS Tools Course Lesson 2 - DMIS Messenger
Lesson Nine: Epic Appointment Scheduling Referrals Reports
Table of contents Getting started Panel configuration with Eldes Utility Tool Setting automation parameters Practical examples.
Complete exercise 8-11 in the workbook.
System Center Third Party Tools Ivanti Patch and RCT Recast April 2019.
Presentation transcript:

Learning Adaptive profiling Exception profiling Exception heuristics URL/Parameter Optimizers

Learning Learning a positive way of discovering the URL spaces and parameters existing on the back-end application and creating the profiles for enforcing different policies on these spaces. It results in a positive security stance Recommended way to use the "Learning" feature: > Click Start Learning. > Either manually visit the application (recommended), or crawl the application. > Let the "Adaptive Profiling" feature populate the URL and parameter profiles automatically. > Visit the created profiles and review them. If found satisfactory, click Stop Learning. > The profiles will be in "Passive" state. Look out for any false positives in the logs. Also, check the "Hits" statistics. If found satisfactory, select Lock all Profiles from the More Actions drop-down list to turn all profiles to "Active". > If "Exception Profiling" is enabled, that would take care of any missing URL spaces which went uncovered during "Adaptive profiling". > If possible, manually coalesce the learned profiles to optimize the configuration. > If your back-end application or a portion of it has changed, you can 'relearn' the space by choosing "Resume Learning from the More Actions drop-down list. Note: Ensure that learning is not running for a longer time resulting in enormous amount of profiles.

Exception profile The concept of "Exception Profiling" in the Barracuda Web Application Firewall is to apply a set of heuristics on the "violations" generated by clients, and either recommend or auto create exceptions to the policies existing on the Barracuda Web Application Firewall, so as to minimize the false positives by providing a mechanism to adjust the originally created policies. Exception profiling level 1. None 2. Low 3. Medium 4. High List of important headers to keep in mind …

URL Optimizers When learning is enabled for a web application, URL profiles and parameter profiles are created based on the traffic processed by the Barracuda Web Application Firewall according to a set of matching criteria specified in the WEBSITES > Adaptive Profiling page, Adaptive Profiling section. This may also result in populating large number of profiles with the same parameters. For example: Lets consider www.foobar.com is a web application for which Learning was enabled and resulted in the following URL profiles: www.foobar.com/abc/example1. html www.foobar.com/abc/example2. html www.foobar.com/abc/example3. html www.foobar.com/abc/example4. html ... www.foobar.com/abc/example200. html Managing huge number of profiles having same security requirement can become unnecessarily complex to handle. You can handle such issues by categorizing specific URL space and coalescing multiple URL profiles into one. The URL profiles mentioned in the example above can be coalesced as: Start Token: /abc/ End Delimiter: period/dot (.) This will coalesce all the URL profiles into one URL profile i.e. /abc/*.html. Any request sent to /abc/example1.html to /abc/example200.html will match to /abc/*.html URL profile.

Parameter Optimizers When learning is enabled for a web application, URLs and parameters are created based on the traffic processed by the Barracuda Web Application Firewall according to a set of matching criteria specified in the WEBSITES > Adaptive Profiling page, Adaptive Profiling section. This configuration may result in populating large number of profiles with the same parameters. For example: Lets consider 'Learning' was enabled for a particular service and the 'Learning Utility' creates the following parameters: param1 param2 ... param100 Managing huge number of profiles having same security requirement can become unnecessarily complex to handle. You can handle such issues by properly identifying the pattern within the parameters and coalescing multiple parameter profiles into one. The parameter profiles mentioned in the example above can be coalesced as: Start Token: param This will coalesce all parameter profiles into one i.e. param*. Click Add next to the service for which you want to add a parameter optimizer.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.