Forum Discussion

marek1_119131

Nimbostratus

Mar 11, 2013

BIG-IP ASM security model

Hello! I have been testing trial of virtual edition of big ip asm and I'm little confused while configuring it. I made a policy manually and enabled attack signatures too. It is now using positi...

app sec

BIG-IP Access Policy Manager (APM)

security

Mike_Maher

Nimbostratus

Mar 11, 2013

Yes....... kind of..... Personally I wouldn't say you are using either the positive or negative security model until you have refined your policy and have them in blocking not learning mode.

I would say you are in policy building mode right now as you are not enforcing anything yet, but yes essentially building a policy that tracks file types, URLs, parameters, parameter values and so on would be a positive security model, and the attack signatures, anomaly detection and such would be negative security.

Or another way of thinking of it

Positive Security = White Listing

Negative Security = Black Listing

If you want to test just using Attack Signatures then go into your policy blocking settings (Application Security > Policy > Blocking > Settings) and turn off Learn, Alarm, and Block for all violation, except Attack Signatures.

Forum Discussion

BIG-IP ASM security model

Recent Discussions

Azure DP-100 Exam Questions

Deploying F5 WAF in front of Azure Web App Services

What happens if I only enable ASM in BIG-IP Under System > Resource Provisioning

What is the meaning is 52% block in WAF

Rundeck ansible F5 errors

Related Content

Guarding Large Language Models: Advanced Approaches to Preventing Model Theft

Crafting Secure Paths: The Intricacies of VPN Solutions on BIG-IP APM

Re: Mitigating OWASP API Security risks using BIG-IP

F5 Distributed Cloud (XC) API Security in Out-of-Band Mode using BIG-IP

F5 BIG-IP and NGINX - Securing Your AWS VPC Lattice Applications for External Clients