Download Citrix Application Firewall

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
Document related concepts

Cross-site scripting wikipedia , lookup

Deep packet inspection wikipedia , lookup

Unix security wikipedia , lookup

Distributed firewall wikipedia , lookup

Transcript 


The Citrix Application Firewall prevents
security breaches, data loss, and possible
unauthorized modifications to Web sites that
access sensitive business or customer
information.
It accomplishes this by filtering both requests
and responses, examining them for evidence
of malicious activity and blocking those that
exhibit it.



To use the Application Firewall, you must
configure at least one profile to tell it what to
do with the connections it filters, one policy
to tell it which connections to filter, and then
associate the profile with the policy.
You can configure an arbitrary number of
different profiles and policies to protect more
complex Web sites.
You can adjust how the Application Firewall
operates on all connections in the Engine
Settings.


You can enable, disable, and adjust the
setting of each security check separately.
Finally, you can configure and use the
included PCIDSS report to assess your
security configuration for compliance with
PCI-DSS standard.



The Application Firewall is a filter that sits
between Web applications and users, examining
requests and responses and blocking dangerous
or inappropriate traffic.
The Application Firewall protects Web servers and
Web sites from unauthorized access and misuse
by hackers and malicious programs, such as
viruses and trojans (or malware).
It provides protection against security
vulnerabilities in legacy CGI code or scripts, Web
server software, and the underlying operating
system.



The simplest Application Firewall
configuration consists of one profile and one
associated policy.
Such a configuration, which requires little
customization or detailed knowledge about
the Application Firewall’s operation, is
sufficient for many users.
Users with more complex Web sites can
perform a simple configuration to provide
immediate protection, and then do additional
configuration later.

To perform a simple configuration, you
enable the Application Firewall, create profile,
create a policy, and bind the profile to the
policy.
To enable the Application Firewall using the
configuration utility
1. In the navigation pane, expand System and
click Settings.
2. In the Settings pane, under Modes &
Features, click basic features.
3. In the Configure Basic Features dialog box,
select the Application Firewall check box.
4. Click OK.





A profile is a collection of security settings that
are used to protect specific types of web content
or specific parts of your Web site or application.
The Application Firewall has two categories of
profile: built-in profiles and user-created
profiles.
Built-in profiles provide out-of-the-box tools for
handling simple content that can either be
passed on without further filtering, or blocked
without further filtering.
User-created profiles provide tools for handling
more complex content that cannot simply be
passed on or blocked without filtering




When configuring a new Application Firewall,
after you create your profiles, you must create a
policy for each profile.
Policies are used to determine whether a request
or a response meets specific criteria.
When a request or response meets a policy’s
criteria, or matches a policy, the Application
Firewall then filters the request or response
using the associated profile.
A policy is a set of parameters that defines a
particular type of web content or particular part
of a Web site.



The Application Firewall uses policies to
determine which profile to use when filtering
specific requests or responses.
During initial configuration, you create a
policy that protects all vulnerable content on
your Web sites.
Later, if necessary, you can create additional
policies that better protect specific parts of
your Web site.



If you create more than one policy, you also
must set the order in which the Application
Firewall tests requests and responses against
each policy.
This lets you easily create specific policies for
special content without requiring changes to
the more general policy.
You simply set a higher priority for a specific
policy than a more general policy.



You can create significantly more complex
policies in the Application Firewall, policies
that designate specific web pages, specific
types of connections, or a complex
combination of factors.
You can use either classic or advanced
policies and expressions to configure the
Application Firewall.
Classic expressions are simpler, and provide
a basic set of tools that allow you to filter
requests based on the HTTP header.



Advanced expressions are more complex, and
provide a considerably richer set of expression
elements, along with options to control the flow
of evaluation within a policy bank.
These elements and options enable you to
maximize the capabilities of Application Firewall.
Advanced policies, which comprise a set of rules
and actions that use the advanced expression
format, further enhance your ability to analyze
data at various network layers and at different
points along the flow of traffic.



To put a policy and its associated profile into
effect, you bind the policy, either globally or to a
bind point, and assign it a priority.
You bind each policy to activate that policy, so
that the NetScaler operating system knows to
implement it.
The priority you assign determines the order in
which your policies are evaluated, allowing you to
evaluate the most specific policy first, and more
general policies in descending order, finishing
with your most general policy.

When you are binding your first policy, which
is generic and should apply to all HTTP traffic
that is not covered by a more specific policy,
you should assign that policy a low priority,
so that you can create and bind other,
higher-priority policies later without having
to reconfigure your first policy.
Related documents
Firewall Configuration
Firewall Configuration
Read more
Read more
homework 8
homework 8
CS572: Computer Security
CS572: Computer Security
Document 62752
Document 62752
I get the error message “An error occurred while
I get the error message “An error occurred while
Denial of Service Attacks
Denial of Service Attacks
Firewall
Firewall
firewall_audit - Cisco Support Community
firewall_audit - Cisco Support Community
Part II. Project Information, to be completed by the proposer (Faculty
Part II. Project Information, to be completed by the proposer (Faculty
Ch10 - Protection Mechanism
Ch10 - Protection Mechanism
Network Security
Network Security
Windows Firewall
Windows Firewall
DumpsReview
DumpsReview
Hardware firewall vs Software firewall
Hardware firewall vs Software firewall
Network Security (Firewall)
Network Security (Firewall)
Server Security Policy
Server Security Policy
VERIZON HELPS CLIENTS IMPROVE SECURITY AND BUSINESS
VERIZON HELPS CLIENTS IMPROVE SECURITY AND BUSINESS
The Inexact Science of Internet Filtering for the K
The Inexact Science of Internet Filtering for the K
PAN‐OS Administrator`s Guide
PAN‐OS Administrator`s Guide