Security Insight 编辑
Web and web service applications that are exposed to the Internet have become increasingly vulnerable to attacks. To protect applications from attack, you must have a visibility into threats, real-time actionable data on attacks, and recommendations on countermeasures. Security Insight provides a single-pane solution to help you assess your application security status and take corrective actions to secure your applications.
Note
Security Insight is supported on Citrix Application Delivery Management (ADM) with Citrix ADC appliances running on version 11.0 Build 65.31 and later.
How Security Insight works
Security Insight is an intuitive dashboard-based security analytics solution that gives you full visibility into the threat environment associated with your applications. Security insight is included in Citrix ADM, and it periodically generates reports based on your Application Firewall and Citrix ADC system security configurations. The reports include the following information for each application:
Threat index. A single-digit rating system that indicates the criticality of attacks on the application, regardless if the application is protected or not protected by a Citrix ADC appliance. The more critical the attacks on an application, the higher the threat index for that application. Values range from 1 through 7.
The threat index is based on attack information. The attack-related information, such as violation type, attack category, location, and client details, gives you insight into the attacks on the application. Violation information is sent to Citrix ADM only when a violation or attack occurs. A large number of breaches and vulnerabilities lead to a high threat index value.
Safety index. A single-digit rating system that indicates how securely you have configured the Citrix ADC instances to protect applications from external threats and vulnerabilities. The lower the security risks for an application, the higher the safety index. Values range from 1 through 7.
The safety index considers both the application firewall configuration and the Citrix ADC system security configuration. For a high safety index value, both configurations must be strong. For example, if rigorous application firewall checks are in place but Citrix ADC system security measures, such as a strong password for the nsroot user, have not been adopted, applications are assigned a low safety index value.
Actionable Information. Information that you need for lowering the threat index and increasing the safety index, which significantly improves application security. For example, you can review information about violations, existing and missing security configurations for application firewall and other security features, the rate at which the applications are being attacked, and so on.
Configure Security Insight
Citrix ADM supports Security Insight from all Citrix ADC instances that have application firewall configured on them.
To configure security insight on an ADC instance, first configure an application firewall profile and an application firewall policy. Though you can then bind the application firewall policy globally, Citrix recommends that the policy is bound to the virtual server.
To view the analytics on Citrix ADM, enable the AppFlow feature on the instance, configure an AppFlow collector, action, and policy, and bind the policy globally. Here also though you can then bind the application firewall policy globally, Citrix recommends that the policy is bound to the virtual server. Citrix also recommends that you use Citrix ADM to deploy AppFlow configurations on the ADC instances. When you configure the collector, you must specify the IP address of the Citrix ADM server on which you want to monitor the reports.
To configure security insight on a Citrix ADC instance:
Run the following commands to configure an application firewall profile and policy, and bind the application firewall policy globally or to the load balancing virtual server.
add appfw profile <name> [-defaults ( basic advanced )] set appfw profile <name> [-startURLAction <startURLAction> …]
add appfw policy <name> <rule> <profileName>
bind appfw global <policyName> <priority>
or,
bind lb vserver <lb vserver> -policyName <policy> -priority <priority>
add appfw profile pr_appfw -defaults advanced set appfw profile pr_appfw -startURLaction log stats learn add appfw policy pr_appfw_pol "HTTP.REQ.HEADER(\"Host\").EXISTS" pr_appfw bind appfw global pr_appfw_pol 1 or, bind lb vserver outlook –policyName pr_appfw_pol –priority “20” <!--NeedCopy-->
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论