Click Start Learning. > Either manually visit the application (recommended), or crawl the application. > Let the "Adaptive Profiling" feature populate the URL and parameter profiles automatically. > Visit the created profiles and review them. If found satisfactory, click Stop Learning. > The profiles will be in "Passive" state. Look out for any false positives in the logs. Also, check the "Hits" statistics. If found satisfactory, select Lock all Profiles from the More Actions drop-down list to turn all profiles to "Active". > If "Exception Profiling" is enabled, that would take care of any missing URL spaces which went uncovered during "Adaptive profiling". > If possible, manually coalesce the learned profiles to optimize the configuration. > If your back-end application or a portion of it has changed, you can 'relearn' the space by choosing "Resume Learning from the More Actions drop-down list. Note: Ensure that learning is not running for a longer time resulting in enormous amount of profiles."> Click Start Learning. > Either manually visit the application (recommended), or crawl the application. > Let the "Adaptive Profiling" feature populate the URL and parameter profiles automatically. > Visit the created profiles and review them. If found satisfactory, click Stop Learning. > The profiles will be in "Passive" state. Look out for any false positives in the logs. Also, check the "Hits" statistics. If found satisfactory, select Lock all Profiles from the More Actions drop-down list to turn all profiles to "Active". > If "Exception Profiling" is enabled, that would take care of any missing URL spaces which went uncovered during "Adaptive profiling". > If possible, manually coalesce the learned profiles to optimize the configuration. > If your back-end application or a portion of it has changed, you can 'relearn' the space by choosing "Resume Learning from the More Actions drop-down list. Note: Ensure that learning is not running for a longer time resulting in enormous amount of profiles.">

Presentation is loading. Please wait.

Presentation is loading. Please wait.

Learning Adaptive profiling Exception profiling Exception heuristics

Published byちとら みおか Modified over 5 years ago

Similar presentations

Presentation on theme: "Learning Adaptive profiling Exception profiling Exception heuristics"— Presentation transcript:

1 Learning Adaptive profiling Exception profiling Exception heuristics URL/Parameter Optimizers

2 Learning Learning a positive way of discovering the URL spaces and parameters existing on the back-end application and creating the profiles for enforcing different policies on these spaces. It results in a positive security stance Recommended way to use the "Learning" feature: > Click Start Learning. > Either manually visit the application (recommended), or crawl the application. > Let the "Adaptive Profiling" feature populate the URL and parameter profiles automatically. > Visit the created profiles and review them. If found satisfactory, click Stop Learning. > The profiles will be in "Passive" state. Look out for any false positives in the logs. Also, check the "Hits" statistics. If found satisfactory, select Lock all Profiles from the More Actions drop-down list to turn all profiles to "Active". > If "Exception Profiling" is enabled, that would take care of any missing URL spaces which went uncovered during "Adaptive profiling". > If possible, manually coalesce the learned profiles to optimize the configuration. > If your back-end application or a portion of it has changed, you can 'relearn' the space by choosing "Resume Learning from the More Actions drop-down list. Note: Ensure that learning is not running for a longer time resulting in enormous amount of profiles.

3 Exception profile The concept of "Exception Profiling" in the Barracuda Web Application Firewall is to apply a set of heuristics on the "violations" generated by clients, and either recommend or auto create exceptions to the policies existing on the Barracuda Web Application Firewall, so as to minimize the false positives by providing a mechanism to adjust the originally created policies. Exception profiling level 1. None 2. Low 3. Medium 4. High List of important headers to keep in mind …

4 URL Optimizers When learning is enabled for a web application, URL profiles and parameter profiles are created based on the traffic processed by the Barracuda Web Application Firewall according to a set of matching criteria specified in the WEBSITES > Adaptive Profiling page, Adaptive Profiling section. This may also result in populating large number of profiles with the same parameters. For example: Lets consider is a web application for which Learning was enabled and resulted in the following URL profiles: html html html html html Managing huge number of profiles having same security requirement can become unnecessarily complex to handle. You can handle such issues by categorizing specific URL space and coalescing multiple URL profiles into one. The URL profiles mentioned in the example above can be coalesced as: Start Token: /abc/ End Delimiter: period/dot (.) This will coalesce all the URL profiles into one URL profile i.e. /abc/*.html. Any request sent to /abc/example1.html to /abc/example200.html will match to /abc/*.html URL profile.

5 Parameter Optimizers When learning is enabled for a web application, URLs and parameters are created based on the traffic processed by the Barracuda Web Application Firewall according to a set of matching criteria specified in the WEBSITES > Adaptive Profiling page, Adaptive Profiling section. This configuration may result in populating large number of profiles with the same parameters. For example: Lets consider 'Learning' was enabled for a particular service and the 'Learning Utility' creates the following parameters: param1 param2 ... param100 Managing huge number of profiles having same security requirement can become unnecessarily complex to handle. You can handle such issues by properly identifying the pattern within the parameters and coalescing multiple parameter profiles into one. The parameter profiles mentioned in the example above can be coalesced as: Start Token: param This will coalesce all parameter profiles into one i.e. param*. Click Add next to the service for which you want to add a parameter optimizer.

Download ppt "Learning Adaptive profiling Exception profiling Exception heuristics"

Similar presentations

Using EBSCOs Search Box Builder Tool Tutorial. Would you like to promote your EBSCOhost resources by adding an easy-to-use search box to your website?

Using EBSCOs Search Box Builder Tool Tutorial. Would you like to promote your EBSCOhost resources by adding an easy-to-use search box to your website?
Using MicroStrategy with Excel

Using MicroStrategy with Excel
MWD1001 Website Production Using JavaScript with Forms.

MWD1001 Website Production Using JavaScript with Forms.
 The Citrix Application Firewall prevents security breaches, data loss, and possible unauthorized modifications to Web sites that access sensitive business.

 The Citrix Application Firewall prevents security breaches, data loss, and possible unauthorized modifications to Web sites that access sensitive business.
Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.

Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
CLUSTER WEBLOGIC SERVER. 1.Creating clusters and understanding its concept GETTING STARTED.

CLUSTER WEBLOGIC SERVER. 1.Creating clusters and understanding its concept GETTING STARTED.
Form Handling, Validation and Functions. Form Handling Forms are a graphical user interfaces (GUIs) that enables the interaction between users and servers.

Form Handling, Validation and Functions. Form Handling Forms are a graphical user interfaces (GUIs) that enables the interaction between users and servers.
Updated 08/10/2013 https://enet.miami.edu.   This user guide serves the following purposes:  Introduce users to UMeNET login procedures and UMeNET.

Updated 08/10/   This user guide serves the following purposes:  Introduce users to UMeNET login procedures and UMeNET.
W3af LUCA ALEXANDRA ADELA – MISS 1. w3af  Web Application Attack and Audit Framework  Secures web applications by finding and exploiting web application.

W3af LUCA ALEXANDRA ADELA – MISS 1. w3af  Web Application Attack and Audit Framework  Secures web applications by finding and exploiting web application.
1 ISA Server 2004 Installation & Configuration Overview By Nicholas Quinn.

1 ISA Server 2004 Installation & Configuration Overview By Nicholas Quinn.
PHP Tutorials 02 Olarik Surinta Management Information System Faculty of Informatics.

PHP Tutorials 02 Olarik Surinta Management Information System Faculty of Informatics.
CSC 2720 Building Web Applications Cookies, URL-Rewriting, Hidden Fields and Session Management.

CSC 2720 Building Web Applications Cookies, URL-Rewriting, Hidden Fields and Session Management.
Using Windows Firewall and Windows Defender

Using Windows Firewall and Windows Defender
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.

Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.
London April 2005 London April 2005 Creating Eyeblaster Ads The Rich Media Platform The Rich Media Platform Eyeblaster.

London April 2005 London April 2005 Creating Eyeblaster Ads The Rich Media Platform The Rich Media Platform Eyeblaster.
(Business) Process Centric Exchanges

(Business) Process Centric Exchanges
Overview Managing a DHCP Database Monitoring DHCP

Overview Managing a DHCP Database Monitoring DHCP
Extending ISA/IAG beyond the limit. AGAT Security suite - introduction AGAT Security suite is a set of unique components that allow extending ISA / IAG.

Extending ISA/IAG beyond the limit. AGAT Security suite - introduction AGAT Security suite is a set of unique components that allow extending ISA / IAG.
Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.

Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.

Similar presentations

Ads by Google