IndusGuard Web Application Firewall Test Drive User Registration Document Version 1.0 24/06/2015
Confidentiality INDUSFACE HAS PREPARED THIS DOCUMENT FOR INTERNAL PURPOSE. NEITHER THIS DOCUMENT NOR ITS CONTENT MAY BE COPIED OR DISTRIBUTED OUTSIDE INDUSFACE, WITHOUT PRIOR WRITTEN APPROVAL FROM INDUSFACE THE CONTENTS OF THIS DOCUMENT ARE PROVIDED TO INDUSGUARD WAF R&D TEAM IN CONFIDENCE SOLELY FOR THE PURPOSE OF EVALUATING WHETHER THE CONTRACT SHOULD BE AWARDED TO INDUSFACE. Revision History Date Version Section Description 24/06/2015 1.0. Introduction IndusGuard WAF Test Drive User Registration Notice of Ownership THIS DOCUMENT IS THE EXCLUSIVE PROPERTY OF INDUSFACE ALL RIGHTS RESERVED 1 Confidential Copyright 2015 Indusface All Rights Reserved
Table of Contents IndusGuard Web Application Firewall Test Drive User Registration Introduction... 3 Test Drive the IndusGuard WAF for AWS...4 User Registration... 5 Modifying the Hosts File... 11 What is a Hosts File?... 11 Why you need to modify the Hosts File?... 11 Without IndusGuard WAF Appliance deployed in the Network... 11 With IndusGuard WAF Appliance deployed in the Network... 12 How to edit Hosts File?... 13 Windows... 13 Linux... 14 2 Confidential Copyright 2015 Indusface All Rights Reserved
Introduction A Web Application Firewall (WAF) is an operational security control that monitors the inbound/outbound HTTP/S traffic in order to safeguard the critical data and protect Web applications from attacks. An Application can be vulnerable regardless of the cautious development of application code. These vulnerabilities may prove to be disastrous for the brand reputation, thereby losing the customer trust and business revenue directly. Securing an Application, therefore holds as much importance as preventing exceptions, either in security policy, or in the underlying system vulnerabilities in their design, development or deployment. IndusGuard WAF assists in securing a Web Application structure by monitoring the HTTP and HTTPS traffic and protecting the Web Application from malicious attacks in real time. It is industry s first WAF to guarantee Zero WAF False Positive. It is also the only Security-as-a-Service (SECaaS) WAF to offer integrated fully managed application DDoS solution that blocks application layer attacks by combining human intelligence based expert tuning along with application profiling. Diagram IndusGuard Web Application Firewall (WAF) This document provides the information on most common Web Application attacks. It further also illustrates the attacks for better user understanding. 3 Confidential Copyright 2015 Indusface All Rights Reserved
Note User must have Administrative privileges. Test Drive the IndusGuard WAF for AWS A set of exclusive exercise is designed for users to simulate and understand the most common Application layer attacks and the way to mitigate each of them using IndusGuard WAF. The exercises are to be performed using URL s http://vulndemo.indussecure.com and http://wafdemo.indussecure.com:81 To perform the exercises, you must 1. Register the User 2. Modify the Hosts File 4 Confidential Copyright 2015 Indusface All Rights Reserved
User Registration 1. Browse to http://www.indusface.com/testdrive/ and click Try it for free to begin the user registration and account creation. Screen IndusGuard Web Application Firewall (WAF) Test Drive Portal for AWS 2. A Signup page appears. Provide all the details and click Signup. 5 Confidential Copyright 2015 Indusface All Rights Reserved
Screen Signup page If you are already a registered member, click Login. 6 Confidential Copyright 2015 Indusface All Rights Reserved
Screen Login page 3. Click Test Drives button to launch the test drive. Click Enter to proceed. Screen User Account Detail 7 Confidential Copyright 2015 Indusface All Rights Reserved
Screen Test Drive page 4. Click Launch Test Drive. It will take few minutes depending upon your system and Internet connectivity for the test drive to launch. Screen Launch Test Drive 8 Confidential Copyright 2015 Indusface All Rights Reserved
Screen Launching Test Drive Environment 5. Once the test drive is launched, the instance will be available for two hours. An IP Address will be displayed as marked in the screen shot below. Note The displayed IP Address must be added in the Hosts File before proceeding. Refer section Modifying the Hosts File for more information. 9 Confidential Copyright 2015 Indusface All Rights Reserved
Screen Test Drive Ready for use 10 Confidential Copyright 2015 Indusface All Rights Reserved
Modifying the Hosts File What is a Hosts File? The HOSTS file is a plain text file and is used by an operating system for mapping IP Addresses to hostnames or fully qualified domain name (FQDN). Why you need to modify the Hosts File? For better understanding and to illustrate the attacks, exclusive exercises have been designed for IndusGuard WAF users. Each exercise is divided into two sections: 1. Without IndusGuard WAF Appliance deployed in the Network 2. With IndusGuard WAF Appliance deployed in the Network For performing the attack based exercises, the host file must be modified to redirect traffic from intended destination sites to websites with vulnerable application vulndemo.indussecure.com and the IndusGuard WAF demo website wafdemo.indussecure.com. Without IndusGuard WAF Appliance deployed in the Network For exercises designed for network that do not have IndusGuard WAF deployed, consider a website vulndemo.indussecure.com and one (1) or more users. Diagram Traffic communication in absence of IndusGuard WAF 11 Confidential Copyright 2015 Indusface All Rights Reserved
The website vulndemo.indussecure.com is a vulnerable application which can be exploited by malicious users using the attacking methods described in section IndusGuard Web Application Firewall Testing Guide for AWS Test Drive.pdf. The traffic flow will be as depicted in diagram above. With IndusGuard WAF Appliance deployed in the Network For exercises designed for network that have IndusGuard WAF deployed, consider a website wafdemo.indussecure.com hosted on port 81 and one (1) or more users. All the traffic will traverse through website wafdemo.indussecure.com which is an IndusGuard WAF instance running on port 81. The traffic flow will be as depicted in diagram below: Diagram Traffic communication in presence of IndusGuard WAF IndusGuard WAF Appliance is configured with signatures that inspects all inbound/outbound requests coming from the end-users for website vulndemo.indussecure.com. It allows only legitimate user traffic to vulndemo.indussecure.com. If IndusGuard WAF detects any malicious or suspicious traffic, it immediately drop that request and logs the same with the details like type of attack, geo-location from which the attack is being executed, time of the attack. 12 Confidential Copyright 2015 Indusface All Rights Reserved
How to edit Hosts File? Note User must have Administrative privileges to modify the Hosts File. Follow the below given procedure to modify the hosts file: Windows 1. Browse to Start > All Programs > Accessories. 2. Right-click Notepad, and select Run as administrator. 3. Click File > Open and browse and select to c:\windows\system32\drivers\etc. 4. Change the file filter drop-down box from Text Document (*.txt) to All Files (*.*). Select hosts and click Open. 13 Confidential Copyright 2015 Indusface All Rights Reserved
5. Add the IP Addresses as provided to you once the test drive is launched. Add URL for wafdemo.indussecure.com and vulndemo.indussecure.com against the respective IP Address. Example: xxx.xxx.xxx.xxx wafdemo.indussecure.com xxx.xxx.xxx.xxx vulndemo.indussecure.com Where xxx.xxx.xxx.xxx = IP Address Example: xxx.xxx.xxx.xxx = IP Address 54.211.73.150 received during the User Registration. 6. Close the notepad and Save when prompted. Linux 1. Open Terminal window. 2. Run the following command: sudo vim etc/hosts. 3. Provide administrative password if needed and press Enter. 4. On the new screen add the IP Addresses as provided to you once the test drive is launched. Add URL for wafdemo.indussecure.com and vulndemo.indussecure.com against the respective IP Address. Example: xxx.xxx.xxx.xxx wafdemo.indussecure.com xxx.xxx.xxx.xxx vulndemo.indussecure.com Where xxx.xxx.xxx.xxx = IP Address 14 Confidential Copyright 2015 Indusface All Rights Reserved
Example: xxx.xxx.xxx.xxx = IP Address 54.211.73.150 received during the User Registration. 5. Save the hosts file. 6. Close the Terminal window. After modifying the hosts file, the following URLs will be accessible: 1. http://vulndemo.indussecure.com/ 2. http://wafdemo.indussecure.com:81/ Refer IndusGuard Web Application Firewall Testing Guide for AWS Test Drive.pdf to perform the tests on IndusGuard WAF. 15 Confidential Copyright 2015 Indusface All Rights Reserved