IndusGuard Web Application Firewall Test Drive User Registration



Similar documents
Where every interaction matters.

SecureAnywhereTM Web Security Service

Web Application Firewall

F-Secure Internet Gatekeeper Virtual Appliance

Cisco IPS Tuning Overview

Guidelines for Web applications protection with dedicated Web Application Firewall

NSFOCUS Web Application Firewall White Paper

Web Application Security. Radovan Gibala Senior Field Systems Engineer F5 Networks

Quick Start 5: Introducing and configuring Websense Cloud Web Security solution

REQUIREMENTS AND INSTALLATION OF THE NEFSIS DEDICATED SERVER

Mingyu Web Application Firewall (DAS- WAF) All transparent deployment for Web application gateway

Managing Qualys Scanners

IP Application Security Manager and. VMware vcloud Air

Configuring PA Firewalls for a Layer 3 Deployment

Many network and firewall administrators consider the network firewall at the network edge as their primary defense against all network woes.

10 Things Every Web Application Firewall Should Provide Share this ebook

NETASQ ACTIVE DIRECTORY INTEGRATION

Setting Up a Unisphere Management Station for the VNX Series P/N Revision A01 January 5, 2010

How To Set Up The Barclaycard Epdq Cardholder Payment Interface (Cpi) On Papercut (Barclay Card) On A Microsoft Card (For A Credit Card) With A Creditcard (For An Account)

PaperCut Payment Gateway Module - PayPal Payflow Link - Quick Start Guide

How to Use Print from Register the printer

F-Secure Messaging Security Gateway. Deployment Guide

The Hillstone and Trend Micro Joint Solution

How to Configure Active Directory based User Authentication

1. Please login to the Own Web Now Support Portal ( with your address and a password.

A Layperson s Guide To DoS Attacks

Deploying Virtual Cyberoam Appliance in the Amazon Cloud Version 10

ICSA Labs Web Application Firewall Certification Testing Report Web Application Firewall - Version 2.1 (Corrected) Radware Inc. AppWall V5.6.4.

Lab Editing the HOSTS File in Windows

Security Guidelines for MapInfo Discovery 1.1

S E C U R I T Y A S S E S S M E N T : B o m g a r A p p l i a n c e s

Citrix Application Firewall 8.0: Administration Exam

PaperCut Payment Gateway Module - PayPal Payflow Link - Quick Start Guide

Using Microsoft Windows Authentication for Microsoft SQL Server Connections in Data Archive

Integrated SSL Scanning

DameWare Server. Administrator Guide

Semantic based Web Application Firewall (SWAF V 1.6) Operations and User Manual. Document Version 1.0

AlienVault. Unified Security Management (USM) 5.x Policy Management Fundamentals

FortiWeb 5.0, Web Application Firewall Course #251

Integrated Citrix Servers

Configuring Security for FTP Traffic

Next Generation IPS and Reputation Services

1 You will need the following items to get started:

WhatsUp Gold v16.3 Installation and Configuration Guide

School of Information Science (IS 2935 Introduction to Computer Security, 2003)

Load Balancing. Outlook Web Access. Web Mail Using Equalizer

Contemporary Web Application Attacks. Ivan Pang Senior Consultant Edvance Limited

THE OPEN UNIVERSITY OF TANZANIA

Two Factor Authentication in SonicOS

Access Control Rules: URL Filtering

How To - Implement Clientless Single Sign On Authentication in Single Active Directory Domain Controller Environment

FTP Server Configuration

Inspection of Encrypted HTTPS Traffic

Creating an ESS instance on the Amazon Cloud

SANS Top 20 Critical Controls for Effective Cyber Defense

Resonate Central Dispatch

TECHNICAL NOTE Stormshield Network Firewall AUTOMATIC BACKUPS. Document version: 1.0 Reference: snentno_autobackup

Lab Configuring Access Policies and DMZ Settings

UTM Quick Installation Guide

DreamFactory on Microsoft SQL Azure

Configuring SonicWALL TSA on Citrix and Terminal Services Servers

SHARE THIS WHITEPAPER. Top Selection Criteria for an Anti-DDoS Solution Whitepaper

Bridging the gap between COTS tool alerting and raw data analysis

Remote Desktop Services Overview. Prerequisites. Additional References

Virtual Appliance Setup Guide

Active Directory Self-Service FAQ

Introducing FortiDDoS. Mar, 2013

FileMaker Server 14. Network Install Setup Guide

Installation and configuration guide

Borderware MXtreme. Secure Gateway QuickStart Guide. Copyright 2005 CRYPTOCard Corporation All Rights Reserved

STARTER KIT. Infoblox DNS Firewall for FireEye

Connection Broker Managing User Connections to Workstations, Blades, VDI, and More. Quick Start with Microsoft Hyper-V

Getting Started Guide

Pravail 2.0 Technical Overview. Exclusive Networks

Installing and Configuring vcloud Connector

Nexio Connectus with Nexio G-Scribe

Introduction to Endpoint Security

STOPPING LAYER 7 ATTACKS with F5 ASM. Sven Müller Security Solution Architect

Table of Contents. Chapter 1: Installing Endpoint Application Control. Chapter 2: Getting Support. Index

DocuSign Single Sign On Implementation Guide Published: March 17, 2016

Cisco RSA Announcement Update

MultiSite Manager. Setup Guide

BlackShield ID Agent for Remote Web Workplace

McAfee SMC Installation Guide 5.7. Security Management Center

COORDINATED THREAT CONTROL

How To - Implement Clientless Single Sign On Authentication with Active Directory

F-SECURE MESSAGING SECURITY GATEWAY

FortyCloud Installation Guide. Installing FortyCloud Gateways Using AMIs (AWS Billing)

NEFSIS DEDICATED SERVER

WDM Security Guidelines

The Benefits of SSL Content Inspection ABSTRACT

The Internet (Computer Networking)

Setting Up Scan to SMB on TaskALFA series MFP s.

On-Premises DDoS Mitigation for the Enterprise

Clientless SSL VPN End User Set-up

Biznet GIO Cloud Connecting VM via Windows Remote Desktop

Introduction to the EIS Guide

Parallels Plesk Panel User Guide

Deploy Remote Desktop Gateway on the AWS Cloud

DOSarrest Security Services (DSS) Version 4.0

Transcription:

IndusGuard Web Application Firewall Test Drive User Registration Document Version 1.0 24/06/2015

Confidentiality INDUSFACE HAS PREPARED THIS DOCUMENT FOR INTERNAL PURPOSE. NEITHER THIS DOCUMENT NOR ITS CONTENT MAY BE COPIED OR DISTRIBUTED OUTSIDE INDUSFACE, WITHOUT PRIOR WRITTEN APPROVAL FROM INDUSFACE THE CONTENTS OF THIS DOCUMENT ARE PROVIDED TO INDUSGUARD WAF R&D TEAM IN CONFIDENCE SOLELY FOR THE PURPOSE OF EVALUATING WHETHER THE CONTRACT SHOULD BE AWARDED TO INDUSFACE. Revision History Date Version Section Description 24/06/2015 1.0. Introduction IndusGuard WAF Test Drive User Registration Notice of Ownership THIS DOCUMENT IS THE EXCLUSIVE PROPERTY OF INDUSFACE ALL RIGHTS RESERVED 1 Confidential Copyright 2015 Indusface All Rights Reserved

Table of Contents IndusGuard Web Application Firewall Test Drive User Registration Introduction... 3 Test Drive the IndusGuard WAF for AWS...4 User Registration... 5 Modifying the Hosts File... 11 What is a Hosts File?... 11 Why you need to modify the Hosts File?... 11 Without IndusGuard WAF Appliance deployed in the Network... 11 With IndusGuard WAF Appliance deployed in the Network... 12 How to edit Hosts File?... 13 Windows... 13 Linux... 14 2 Confidential Copyright 2015 Indusface All Rights Reserved

Introduction A Web Application Firewall (WAF) is an operational security control that monitors the inbound/outbound HTTP/S traffic in order to safeguard the critical data and protect Web applications from attacks. An Application can be vulnerable regardless of the cautious development of application code. These vulnerabilities may prove to be disastrous for the brand reputation, thereby losing the customer trust and business revenue directly. Securing an Application, therefore holds as much importance as preventing exceptions, either in security policy, or in the underlying system vulnerabilities in their design, development or deployment. IndusGuard WAF assists in securing a Web Application structure by monitoring the HTTP and HTTPS traffic and protecting the Web Application from malicious attacks in real time. It is industry s first WAF to guarantee Zero WAF False Positive. It is also the only Security-as-a-Service (SECaaS) WAF to offer integrated fully managed application DDoS solution that blocks application layer attacks by combining human intelligence based expert tuning along with application profiling. Diagram IndusGuard Web Application Firewall (WAF) This document provides the information on most common Web Application attacks. It further also illustrates the attacks for better user understanding. 3 Confidential Copyright 2015 Indusface All Rights Reserved

Note User must have Administrative privileges. Test Drive the IndusGuard WAF for AWS A set of exclusive exercise is designed for users to simulate and understand the most common Application layer attacks and the way to mitigate each of them using IndusGuard WAF. The exercises are to be performed using URL s http://vulndemo.indussecure.com and http://wafdemo.indussecure.com:81 To perform the exercises, you must 1. Register the User 2. Modify the Hosts File 4 Confidential Copyright 2015 Indusface All Rights Reserved

User Registration 1. Browse to http://www.indusface.com/testdrive/ and click Try it for free to begin the user registration and account creation. Screen IndusGuard Web Application Firewall (WAF) Test Drive Portal for AWS 2. A Signup page appears. Provide all the details and click Signup. 5 Confidential Copyright 2015 Indusface All Rights Reserved

Screen Signup page If you are already a registered member, click Login. 6 Confidential Copyright 2015 Indusface All Rights Reserved

Screen Login page 3. Click Test Drives button to launch the test drive. Click Enter to proceed. Screen User Account Detail 7 Confidential Copyright 2015 Indusface All Rights Reserved

Screen Test Drive page 4. Click Launch Test Drive. It will take few minutes depending upon your system and Internet connectivity for the test drive to launch. Screen Launch Test Drive 8 Confidential Copyright 2015 Indusface All Rights Reserved

Screen Launching Test Drive Environment 5. Once the test drive is launched, the instance will be available for two hours. An IP Address will be displayed as marked in the screen shot below. Note The displayed IP Address must be added in the Hosts File before proceeding. Refer section Modifying the Hosts File for more information. 9 Confidential Copyright 2015 Indusface All Rights Reserved

Screen Test Drive Ready for use 10 Confidential Copyright 2015 Indusface All Rights Reserved

Modifying the Hosts File What is a Hosts File? The HOSTS file is a plain text file and is used by an operating system for mapping IP Addresses to hostnames or fully qualified domain name (FQDN). Why you need to modify the Hosts File? For better understanding and to illustrate the attacks, exclusive exercises have been designed for IndusGuard WAF users. Each exercise is divided into two sections: 1. Without IndusGuard WAF Appliance deployed in the Network 2. With IndusGuard WAF Appliance deployed in the Network For performing the attack based exercises, the host file must be modified to redirect traffic from intended destination sites to websites with vulnerable application vulndemo.indussecure.com and the IndusGuard WAF demo website wafdemo.indussecure.com. Without IndusGuard WAF Appliance deployed in the Network For exercises designed for network that do not have IndusGuard WAF deployed, consider a website vulndemo.indussecure.com and one (1) or more users. Diagram Traffic communication in absence of IndusGuard WAF 11 Confidential Copyright 2015 Indusface All Rights Reserved

The website vulndemo.indussecure.com is a vulnerable application which can be exploited by malicious users using the attacking methods described in section IndusGuard Web Application Firewall Testing Guide for AWS Test Drive.pdf. The traffic flow will be as depicted in diagram above. With IndusGuard WAF Appliance deployed in the Network For exercises designed for network that have IndusGuard WAF deployed, consider a website wafdemo.indussecure.com hosted on port 81 and one (1) or more users. All the traffic will traverse through website wafdemo.indussecure.com which is an IndusGuard WAF instance running on port 81. The traffic flow will be as depicted in diagram below: Diagram Traffic communication in presence of IndusGuard WAF IndusGuard WAF Appliance is configured with signatures that inspects all inbound/outbound requests coming from the end-users for website vulndemo.indussecure.com. It allows only legitimate user traffic to vulndemo.indussecure.com. If IndusGuard WAF detects any malicious or suspicious traffic, it immediately drop that request and logs the same with the details like type of attack, geo-location from which the attack is being executed, time of the attack. 12 Confidential Copyright 2015 Indusface All Rights Reserved

How to edit Hosts File? Note User must have Administrative privileges to modify the Hosts File. Follow the below given procedure to modify the hosts file: Windows 1. Browse to Start > All Programs > Accessories. 2. Right-click Notepad, and select Run as administrator. 3. Click File > Open and browse and select to c:\windows\system32\drivers\etc. 4. Change the file filter drop-down box from Text Document (*.txt) to All Files (*.*). Select hosts and click Open. 13 Confidential Copyright 2015 Indusface All Rights Reserved

5. Add the IP Addresses as provided to you once the test drive is launched. Add URL for wafdemo.indussecure.com and vulndemo.indussecure.com against the respective IP Address. Example: xxx.xxx.xxx.xxx wafdemo.indussecure.com xxx.xxx.xxx.xxx vulndemo.indussecure.com Where xxx.xxx.xxx.xxx = IP Address Example: xxx.xxx.xxx.xxx = IP Address 54.211.73.150 received during the User Registration. 6. Close the notepad and Save when prompted. Linux 1. Open Terminal window. 2. Run the following command: sudo vim etc/hosts. 3. Provide administrative password if needed and press Enter. 4. On the new screen add the IP Addresses as provided to you once the test drive is launched. Add URL for wafdemo.indussecure.com and vulndemo.indussecure.com against the respective IP Address. Example: xxx.xxx.xxx.xxx wafdemo.indussecure.com xxx.xxx.xxx.xxx vulndemo.indussecure.com Where xxx.xxx.xxx.xxx = IP Address 14 Confidential Copyright 2015 Indusface All Rights Reserved

Example: xxx.xxx.xxx.xxx = IP Address 54.211.73.150 received during the User Registration. 5. Save the hosts file. 6. Close the Terminal window. After modifying the hosts file, the following URLs will be accessible: 1. http://vulndemo.indussecure.com/ 2. http://wafdemo.indussecure.com:81/ Refer IndusGuard Web Application Firewall Testing Guide for AWS Test Drive.pdf to perform the tests on IndusGuard WAF. 15 Confidential Copyright 2015 Indusface All Rights Reserved

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information