Advanced Administration for Citrix NetScaler 9.0 Platinum Edition

Transcription

1 Advanced Administration for Citrix NetScaler 9.0 Platinum Edition Course Length: 5 Days Course Code: CNS-300 Course Description This course provides the foundation to manage, configure and monitor advanced features and components of Citrix NetScaler 9.0 Platinum Edition. Interactive discussion and hands-on labs guide learners through advanced administration tasks such as troubleshooting, configuring application security with the Citrix Application Firewall feature, tuning the NetScaler for high traffic, configuring Authentication Authorization and Accounting for system management, and configuring Advanced Policies using service callouts. Advanced monitoring and management tasks such as configuring and using EdgeSight for NetScaler, Command Center, and NetScaler Web Logging are also covered. Prior NetScaler knowledge is strongly recommended. Target Audience This course is intended for system administrators or network operations personnel, who configure and administer Citrix NetScaler products. Prerequisites Experience with configuring NetScaler systems, including an understanding of services, virtual servers, and policies Experience with network devices, such as routers and switches, various networking protocols and aspects of application and site architectures (such as DMZs and VLANs) Knowledge of network security threats and site protection concepts such as firewalls, worms, and DDoS attacks Understanding of concepts related to monitoring and management including basics of SNMP Attended one of the following courses CNS-200-1I - Basic Administration for Citrix NetScaler 9.0 NS-BOA Citrix NetScaler Basic Operations and Administration CTX-1730 Citrix NetScaler: Basic Operations, and CTX-1731 Citrix NetScaler: Administration Or, equivalent experience with Citrix NetScaler version 6.1, 7.0, 8.0, 8.1 or 9.0 Course Content Module 1: Advanced Troubleshooting Troubleshooting Resources o Citrix Knowledge Center o Citrix Product Documentation o Citrix Technical Support o Collected NetScaler Data o Troubleshooting Log NetScaler System Overview o NetScaler Processes ncore Configuration Architecture Built-In Tools o Nsconmsg o Network Traffic Capture o show and stat Commands o Reporting Tool o Shell Tools o Command-Line Tools o Configuration Tools Third-Party Tools o Network Protocol Analyzers o Web Browser Plug-ins o SNMP Browsers o FTP Clients

2 Module 2: Introducing Application Firewall Application Attacks o Application Attack Description o Goals of Application Attacks o Most Common Types of Web Application Attacks o The Application Firewall Solution o Business Problems The Benefits of Application Firewall o Application Layer Protection o Positive Security Model o Negative Security Model o Deep Stream Inspection o Adaptive Learning Engine o Web Application Vulnerabilities o Security Audits and Application Firewalls Payment Card Industry Data Security Standard o Importance of PCI o Common Coding Vulnerabilities o PCI-DSS Report o Packet Processing and Inspection o Request Process o Response Process o Deployment Considerations Profiles and Policies o Profiles o Policies Module 3: Profiles and Policies Profiles o Profile Types o Default Profiles o Creating a Profile in the Configuration o Creating a Profile in the Command-Line o Action Settings o Sessionization and Security Checks o Profile Settings o Error Page o HTML Comment Stripping o XML Error Object o Other Profile Settings Policies o Policy Creation o Policy Binding o Policy State o Policy Priorities o Creating a Policy in the Configuration o Creating Policies in the Command-Line o Binding and Prioritizing a Policy in the Configuration o Binding Policies in the Command-Line Engine Settings Module 4: Regular Expressions Regular Expressions Forms of Regular Expressions Using Regular Expressions Metacharacters and Literal Characters Metacharacters Escapes Quantifiers Backreferencing Lookaheads Regular Expression Scope Module 5: Attacks and Protections Security Checks o Profile Types o Common Security Checks o HTML Security Checks o XML Security Checks o Request-Side and Response-Side Checks HTTPS Web Applications Buffer Overflow Exploits o Goals of a Buffer Overflow Attack o Consequences of a Buffer Overflow Attack Buffer Overflow Protection o Default Maximum Values o Modifying Buffer Overflow Settings Parameter Manipulation o Parameter Manipulation Example Server Misconfiguration Deny URL Protection o The Deny URL List o Adding a Deny URL in the Command-Line o Deleting a Deny URL in the Command-Line SQL Injection o How SQL Injection Works HTML SQL Injection Protection o SQL Keywords and Special Characters o Modifying SQL Injection Action Settings o XML SQL Injection Security Check o Cross-Site Scripting o Attacking the Trust Relationship o How Cross-Site Scripting Attacks Work o Results of a Cross-Site Scripting Attack o Preventing Cross-Site Scripting Attacks o HTML Cross-Site Scripting Protection o Cross-Site Scripting Action Settings o Transform Cross-Site Scripts o Check Complete URLs for Cross-Site Scripting o Additional Action Settings o Relaxations o Modifying Cross-Site Scripting Action Settings

3 o Adding a Cross-Site Scripting Relaxation Using the Command-Line o Deleting a Cross-Site Scripting Relaxation Using the Command-Line o XML Cross-Site Scripting Security Check Command Injection o Command Injection Examples Field Format Protection o Field Types and Field Formats o Predefined Field Types o Custom Field Types o Field Format Configuration o Default Field Format o Confidential Fields o Adding a Custom Field Type o Setting a Default Field Type o Modifying Field Format Settings o Adding a Confidential Field o Modifying a Confidential Field Cookie Tampering and Poisoning o Types of Cookies o How Cookies Are Added o Web Server Sessions Cookie Consistency Protection o Sessionization and Cookies o Relaxations o Adding a Cookie Consistency Relaxation in the Command-Line o Deleting a Cookie Relaxation in the Command- Line Form/Hidden Field Manipulation o Example of Hidden Field Manipulation Form Field Consistency Protection o Field Consistencies o User Sessions o Adding a Form Field Consistency Relaxation Using the Command-Line o Deleting a Form Field Consistency Relaxation Using the Command-Line Forceful Browsing o Forceful Browsing Protection Start URLs o The Start URL List o Sessionization and Start URLs o Modify Start URL Check o Adding a Start URL in the Command-Line o Deleting a Start URL in the Command-Line Backdoors and Misconfigurations URL Closure o Enforcing URL Closure in the Configuration o Enforcing URL Closure in the Command-Line Identity Theft Attacks o Types of Identity Theft Attacks o Application Firewall Protection Against Identity Theft Credit Card Protection o Predefined Credit Cards o Credit Card Settings Protecting Credit Cards o Protecting Credit Cards in the Configuration o Protecting Credit Cards in the Command-Line Errors Triggering Sensitive Information Leaks Safe Object Protection o Defining a Safe Object o Adding a Safe Object o Adaptive Learning for Security o Learning Over Time o Learning Thresholds o Generalized and Simple Rules o Learned Rules o Enabling Learning o Setting Learning Thresholds o Managing Learned Rules Module 6: Application Firewall Troubleshooting Application Firewall and Applications o HTTP Headers o HTML Comment Stripping Configuration Issues o Policy Issues o Profile Issues o Suggested Actions Module 7: Queuing and Connection Tuning HTTP Connections o Keep-alive HTTP Connections o HTTP 1.0 and 1.1 Behavior o Pipelined Requests HTTP Connection Management and NetScaler HTTP Behavior o Client Keep-Alive o Connection IP Address Control o Maximum Requests and Maximum Connections o Connection Idle Settings o Trackable Connections TCP Buffering o Down-State Flush and Access Down Connection Settings o TCP Optimization o Advertised Window Size o Window Scaling o Selective Acknowledgement Surge Queue

4 Surge Protection o Request and Response Rates o Throttle Rate o Disabling Surge Protection in the Configuration o Disabling Surge Protection for a Service in the Configuration o Setting Thresholds in the Configuration Priority Queuing o Enabling Priority Queuing in the Configuration o Creating a Priority Queuing Policy in the Configuration o Binding Priority Queuing Policies in the Configuration o Weighted Queuing HTTP Denial-of-Service Protection o Enabling HTTP DoS Protection in the Configuration o Adding a HTTP DoS Policy in the Configuration o Challenged JavaScript Responses o Client Detection Tuning and JavaScript Challenge Response Rate o HTTP DoS Protection Deployment Guidelines o Attack Characteristics IP Rate Limiting o Rate Control by Subnet Example o IP Rate Limiting Best Practices Module 8: Authentication, Authorization, and Auditing Users, Groups and Command Policies o Authentication, Authorization, and Auditing o Systems and AAA Users Groups o Local Accounts o External Authentication External Authentication for System Users o Authentication Actions and Policies o Configuring Local Authentication o Configuring External Authentication with Explicit Accounts o Configuring External Authentication with Group Extraction o Creating an External Authentication Policy o Creating local groups in the Command-Line o Binding Groups in the Command-Line o Creating an LDAP Authentication Action in the Command-Line o Creating an Authentication Policy in the Command-Line o Binding the Policy in the Command Line o Authentication Troubleshooting o External Authentication Common Issues AAA for Traffic Management o Enabling AAA for Traffic Management o AAA for Application Traffic o Basic AAA Setup for Application Traffic o Workflow for AAA Traffic Management Configuration o Creating an Authentication Virtual Server o Creating an Authentication Virtual Server in the Command-Line o Binding an SSL Certificate in the Command-Line o Binding a Virtual Server to an Authentication Policy in the Command-Line o Configuring a Virtual Server to use an Authentication Virtual Server in the Command- Line o Configuring Authorization Policies for Traffic Management o Setting the Default Traffic Management Authentication Action to Deny in the Command- Line o Creating an Authorization Policy to Allow Access Audit Logging o Audit Logging Troubleshooting

5 Module 9: HTTP Service Callouts HTTP Callouts Configuring HTTP Callouts o Configuring HTTP Callouts in the Configuration o Configuring HTTP Callouts in the Command- Line o Callout Examples o HTTP Callout Response Parsing HTTP Callout Use Cases Scenario 1: Filter Clients Based on an IP Address Blacklist Scenario 2: Fetch and Update Content HTTP Callout Auditing Module 10: EdgeSight for NetScaler Data Flow Overview JavaScript Response Injection o User Metrics o NetScaler Metrics o NetScaler Metric Example o Data Validity EdgeSight for NetScaler Server Components o Component Installation Scenarios EdgeSight for NetScaler Installation Considerations o Installing EdgeSight for Netscaler o SQL Server o SQL Reporting Services o EdgeSight for NetScaler Components o Installing EdgeSight Database Components o Installing EdgeSight Report Console and Data Collector Components o EdgeSight Post-Installation Wizard o Upgrading EdgeSight for NetScaler Reporting Services Initial Configuration o NetScaler Configuration Overview o Configuring HTML Injection o Editing the prebody.js script o Configuration Example in the Command-Line o Add NetScaler System to EdgeSight for NetScaler Data Collector o Topology Data Collectors with SSL EdgeSight Charts and Reports EdgeSight Troubleshooting o Troubleshooting OS Components o Troubleshooting HTML Injection o Troubleshooting Injection Request o Troubleshooting Unknown Device o Troubleshooting from the NetScaler Command- Line Module 11: Command Center Command Center Introduction o Command Center NetScaler Features o NetScaler and WANScaler Support Command Center Clients o Connecting to Command Center Server Requirements o Disk Space Requirements o MySQL Considerations o Microsoft SQL Server 2005 Considerations Port Setting Requirements o Command Center Installation o Linux Considerations o Installation o Capacity Planning o Backup o Installation Modes o Installation Considerations Command Center Functionality o Command Center Home Page o Discovery o Fault Management o Configuration Management o Change Management o Centralized Certificate Management o Performance Monitoring Command Center Administration o Security Administration o Administration Operations o Administration Configuration o Server Details Command Center Troubleshooting o Microsoft SQL Database Issues o Discovery Issues o Performance Data Issues o Linux Command-Line Access Issues o Reporting Issues

6 Module 12: NetScaler Web Logging NetScaler Web Logging Introduction o Architecture Overview o Communication Process NetScaler System Configuration o Enabling Web Logging in the Configuration o Enabling Web Logging in the Command-Line o Configuring the Buffer Size in the Configuration o Configuring the Buffer Size in the Command- Line NSWL Client Installation o Logging System Components o Installing the NSWL Client on Windows o NSWL Options o Windows Service Registry Key NSWL Client Configuration o NetScaler IP Addresses o Log Filters o Defining Log Properties o Running NSWL o Verifying the Configuration Troubleshooting Web Logging o NSWL Troubleshooting o NetScaler Troubleshooting o Buffer Overflow