For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

marek1_119131's avatar
marek1_119131
Icon for Nimbostratus rankNimbostratus
Mar 11, 2013

BIG-IP ASM security model

Hello!   I have been testing trial of virtual edition of big ip asm and I'm little confused while configuring it. I made a policy manually and enabled attack signatures too. It is now using positi...
app sec
BIG-IP Access Policy Manager (APM)
security
Mike_Maher's avatar
Mike_Maher
Icon for Nimbostratus rankNimbostratus
Mar 11, 2013
Yes....... kind of..... Personally I wouldn't say you are using either the positive or negative security model until you have refined your policy and have them in blocking not learning mode.

 

 

I would say you are in policy building mode right now as you are not enforcing anything yet, but yes essentially building a policy that tracks file types, URLs, parameters, parameter values and so on would be a positive security model, and the attack signatures, anomaly detection and such would be negative security.

 

 

Or another way of thinking of it

 

Positive Security = White Listing

 

Negative Security = Black Listing

 

 

If you want to test just using Attack Signatures then go into your policy blocking settings (Application Security > Policy > Blocking > Settings) and turn off Learn, Alarm, and Block for all violation, except Attack Signatures.