Security Insight 编辑

Note

If your Citrix ADM build is earlier than 13.0-79.x, you can view security insight by navigating to Analytics > Security > Security Insight. For build 13.0-79.x or later, you can view the WAF violation details by navigating to Analytics > Security > Security Violations > Application overview and clicking WAF under Breakdown of Applications By.

Web and web service applications that are exposed to the Internet have become increasingly vulnerable to attacks. To protect applications from attack, you need visibility into the nature and extent of past, present, and impending threats, real-time actionable data on attacks, and recommendations on countermeasures. Security Insight provides a single-pane solution to help you assess your application security status and take corrective actions to secure your applications.

Note

Security Insight is supported on Citrix Application Delivery Management (ADM) with Citrix ADC appliances running on version 11.0 Build 65.31 and later.

How Security Insight works

Security Insight is an intuitive dashboard-based security analytics solution that gives you full visibility into the threat environment associated with your applications. Security insight is included in Citrix ADM, and it periodically generates reports based on your Application Firewall and Citrix ADC system security configurations. The reports include the following information for each application:

• Threat index. A single-digit rating system that indicates the criticality of attacks on the application, regardless if the application is protected or not protected by a Citrix ADC appliance. The more critical the attacks on an application, the higher the threat index for that application. Values range from 1 through 7.

  The threat index is based on attack information. The attack-related information, such as violation type, attack category, location, and client details, gives you insight into the attacks on the application. Violation information is sent to Citrix ADM only when a violation or attack occurs. Many breaches and vulnerabilities lead to a high threat index value.

• Safety index. A single-digit rating system that indicates how securely you have configured the Citrix ADC instances to protect applications from external threats and vulnerabilities. The lower the security risks for an application, the higher the safety index. Values range from 1 through 7.

  The safety index considers both the application firewall configuration and the Citrix ADC system security configuration. For a high safety index value, both configurations must be strong. For example, if rigorous application firewall checks are in place but Citrix ADC system security measures, such as a strong password for the nsroot user, have not been adopted, applications are assigned a low safety index value.

• Actionable Information. The information that you need for lowering the threat index and increasing the safety index, which significantly improves application security. For example, you can review information about violations, existing and missing security configurations for application firewall and other security features, the rate at which the applications are being attacked, and so on.

Configure Security Insight

Citrix ADM supports Security Insight from all Citrix ADC instances that have application firewall configured on them.

To configure security insight on an ADC instance, first configure an application firewall profile and an application firewall policy. Though you can then bind the application firewall policy globally, Citrix recommends that the policy is bound to the virtual server.

To view the analytics on Citrix ADM, enable the AppFlow feature on the instance, configure an AppFlow collector, action, and policy, and bind the policy globally. Here also though you can then bind the application firewall policy globally, Citrix recommends that the policy is bound to the virtual server. Citrix also recommends that you use Citrix ADM to deploy AppFlow configurations on the ADC instances. When you configure the collector, you must specify the IP address of the Citrix ADM server on which you want to monitor the reports.

To configure security insight on a Citrix ADC instance:

1. Run the following commands to configure an application firewall profile and policy, and bind the application firewall policy globally or to the load balancing virtual server.

   add appfw profile <name> [-defaults ( basic

   advanced )]

   set appfw profile <name> [-startURLAction <startURLAction> …]

   add appfw policy <name> <rule> <profileName>

   bind appfw global <policyName> <priority>

    or,

   bind lb vserver <lb vserver> -policyName <policy> -priority <priority>

   add appfw profile pr_appfw -defaults advanced
   set  appfw profile pr_appfw -startURLaction log stats learn
   add appfw policy pr_appfw_pol "HTTP.REQ.HEADER(\"Host\").EXISTS" pr_appfw
   bind appfw global pr_appfw_pol 1
   or,
   bind lb vserver outlook –policyName pr_appfw_pol –priority “20”
   <!--NeedCopy-->