Use F5’s Web Application Firewall (WAF) to protect web
applications deployed in Microsoft Azure.
Applications living in the Cloud still need protection. Data breaches,
compromised credentials, system vulnerabilities, DDoS attacks and shared
resources can all pose a threat to your cloud infrastructure. The Verizon DBIR notes
that web application attacks are the most likely vector for a data breach attack. While
attacks on web applications account for only 8% of reported incidents,
according to Verizon, they are responsible for over 40% of incidents that
result in a data breach. A 2015 survey found that 15% of logins for business
apps used by organizations had been breached by hackers.
One way to stay safe is using a Web Application Firewall (WAF) for your
cloud deployments.
Let’s dig in on how to use F5’s WAF to protect web applications deployed
in Microsoft Azure. This solution builds on BIG-IP Application Security Manager (ASM) and BIG-IP Local Traffic Manager (LTM) technologies as a preconfigured
virtual service within the Azure Security Center.
Some requirements for this deployment are:
- You have an existing web application deployed in Azure that you want to protect with BIG-IP ASM
- You have an F5 license token for each instance of BIG-IP ASM you want to use
To get started, log into your Azure dashboard and on the left pane, toward
the bottom, you’ll see Security
Center and click it.
Next, you’ll want to click the Recommendations area within the Security Center Overview.
And from the list of recommendations, click Add a web application firewall.
A list of available web applications opens in a new pane.
From the application list, select the application you want to secure.
And from there click Create
New. You’ll get a list of available vendors’ WAFs and choose F5 Networks.
A new page with helpful links and information appears and at
the bottom of the page, click Create.
First, select the number of machines you want to deploy – in
this case we’re deploying two machines for redundancy and high availability.
Review the host entry and then type a unique password for that field. When you
click Pricing Tier, you can get info
about sizing and pricing. When you are satisfied, at the bottom of that pane
click OK.
Next, in the License
token field, copy and paste your F5 license token. If you are only
deploying one machine, you’ll only see one field. For the Security Blocking Level, you can choose Low, Medium or High. You
can also click the icon for a brief description of each level. From the Application Type drop down, select the
type of application you want to protect and click OK (at the bottom of that pane).
Once you see two check marks, click the Create button.
Azure then begins the process of the F5 WAF for your
application. This process can take up to an hour. Click the little bell
notification icon for the status of the deployment.
You’ll receive another notification when the deployment is
complete.
After the WAF is successfully deployed, you’ll want to test
the new F5 WAF and finalize the setup in Azure including changing the DNS
records from the current server IP to the IP of the WAF.
When ready, click Security
Center again and the Recommendations
panel. This time we’ll click Finalize web application firewall setup.
And click your Web application.
Ensure your DNS settings are correct and check the I updated my DNS Settings box and when
ready, click Restrict Traffic at the bottom of the pane.
Azure will give you a notification that it is finalizing the
WAF configuration and settings, and you will get another notification when
complete.
And when it is complete, your application will be secured
with F5’s Web Application Firewall.
Check out the demo video and rest easy, my friend.
ps
Related:
No comments:
Post a Comment