NetScaler-培训-新版.pptxVIP

Citrix NetScaler Application Firewall 培训;Agenda;网页应用程序防火墙;;WAF vs IPS vs Network Firewall;WAF运作机制 – 双向保护;NetScaler网页应用防火墙采用混合安全模型;DDos;Agenda;现网拓扑;NetScaler Architecture Overview;NetScaler-owned IP Addresses;NetScaler IP Address;Subnet IP Address;Virtual IP Address;Entity Management;High Availability Functionality;上线后全网配置调整;Hardware Components;Hardware components of the NetScaler system include: Network interfaces LCD Serial interface File system RAM drive(/) Flash memory (/flash) Hard disk (/var);NetScaler Architecture Overview;Agenda;操作流程;上线流??;Agenda;WAF技术介绍;;;;Complete Web App Protection with Learning;Positive Security;Application Firewall – Advanced profile;Application Firewall – sessionization;AppFw – why sessionization is needed?;AppFw – why sessionization is needed?;Appfw - sessionization;Appfw – URL Closure example;Appfw – Memory usage;Easy Deployment Mode Protects against SQL Injection Cross Site Scripting Cross site Request Forgery (Referrer header) Forceful Browsing (Start/Deny URLs) Buffer Overflow Form Field Formatting No sessionization required Learning aided deployment ;SQL Injection attacks;Cross-site Scripting (XSS) Attacks;Cross Site Request Forgery Attacks;CSRF: Referrer Header Protection;Forceful Browsing;;Advanced Defaults Session based enables additional protections Cookie Form Field Consistency URL Closure protection Tag Based Cross Site Request Forgery Includes all basic protections ;Cookie Poisoning defense: Prevents identity theft and session hijacking;Cookie Attack Protection – Encrypt Cookies;Cookie Attack Protection – Proxy Cookies;Cookie Attack Protection – Flag Cookies;CSRF: Form Tagging Protection;Citrix Confidential - Do Not Distribute;HTML Form Field Protection;Additional Security Measures;Click to Rule Application Firewall;Log using CEF-based logs Mar 15 16:48:14 50 CEF:0|Citrix|NetScaler|NS10.0|APPFW|APPFW_STARTURL|6|src=9 spt=52737 method=GET request=52/ msg=Disallow Illegal URL. cn1=69 cn2=3999 cs1=Application_Firewall_Profile