30 days of ADM: Day 21 October 21, 2022
Distributed learning rule across your NetScaler estate..
I am back, it is day 21.
I know what you are thinking, the internet can be a dangerous place. There are tools to try and make the services that you host safer, as when you have an online service it is likely that attempts will be made to break into various bits of it.
Asking people to be nice is not a good defense, unfortunately!
The use of firewalls is a common mechanism to help put barriers up to those unwanted access attempts. There are actually a number of different firewall types, with a web service a layer 7 or Web Application Firewall(WAF), is the thing to use. AWAF typically works in two ways, signatures and learning. Using both is a more complete solution. Of course, NetScaler has this covered and the performance is Rapid.
Signatures are simple, with static files added to address known vulnerabilities.
What about the unknown ones? We have a secret sauce for that!
You have been selected for a training course in Citrix ADM, the goal is to provide you with enough information to be actually dangerous when talking to a customer or client. 30 days is a bit of an arbitrary number, but I am prepared to give you 2minutes of material, can I get 2 minutes of your time?
I have talked about Fleet management, general analytics, security analytics, AI / ML, Stylebooks, Pooled Capacity, instance advisory upgrade, security advisory, Autoscaling, onboarding, RESTful API, CADS self-managed, Service Graph, Web Transaction Analytics, Config Jobs, Network Reporting, SSL Dashboard, RBAC, event handling and config drift.
Today is all about WAF Learning
Honestly, what are you talking about?
WAF learning is a mechanism where the WAF is taught what is ‘good behaviour’, if something falls outside of this profile, it is likely to be bad. We get to block the bad stuff.
Simple really.
So what? What problem does it solve?
The assumption is that you have a number of entry points to your killer website, they are scattered globally to best serve your growing user base. As in this scenario, you run a successful multinational! So, you have multiple datacentres. Having the WAF hosted in different places, then requires that you have a way to teach those different appliances their WAF rules.
You need an orchestrator to disseminate policy. This is where ADM does its magic, it is another superpower!
Who would be interested in this?
Almost any customer uses a few different NetScaler appliances within their infrastructure hosting services in several DC’s. That’s everyone, right?
How does it all work?
Let us say that you have three appliances in three different DC’s, they each have a WAF profile and this feeds into a learning profile. ADM then offers the admin the option to deploy the rules as is or skip them. It would look like this:
It looks pretty simple as it is. There are a few prerequisites for this all to work.
1. Support for some of the security checks requires a recent firmware (13.1-14.10 or later) depending on the check.
2. The supported security checks are: Start URL, Cookie Consistency, Credit Card, Content Type, Form Field Consistency, Field Formats, CSRF Form Tagging, HTML Cross-Site Scripting, HTML SQL Injection, HTML Command Injection, JSON SQL, JSON Command Injection and JSON XSS. There is some specifics on these checks, a little more detail, which is covered here: https://tinyurl.com/28ahym56
What does this look like on ADM?
Managing the learned rule looks like this:
This console gives you what you could push out, and what has been pushed out and it also gives you options to modify the learned rule.
Show me more.
Dave Potter has this great walk though of the whole thing.
Summary
Having ADM facilitate learning with dynamic deployment of rules
It’s funny, that this lowly capability is not given more press!
Insight into what changes have been made by who is also very useful, as it allows you to understand if there was an unneeded change made which affected service.
All of this will help you stay on top of your environment. With tools like this, you can save time and ensure that you get back to high-value tasks.
Ultimately, it is another killer feature that is enabled with ADM service.
It is free too.
What’s not to like?