Mastering NetScaler Console: Zero to hero in 31days - Day 12

Security Analytics

Hello, my name is Andrew and I tend to get a lot of questions about NetScaler Console. The purpose of this series is to offer some pointers on what it is, what it can offer and why you should take some notice. This is the twelfth and a bit post in a set which is designed to cover the top topics that will get you trained up.

Knowledge is power, right? 📖📖📖📖

31 days seems an arbitrary number. Today is all about NetScaler Console Analytics for security.

How does this normally come up?

I spoke with Customer X, we talked at length about the various NetScaler’s they will be deploying. During the discussion, I typically ask something like this:

As you have a public facing service, will you be tapping in to some of the security features of the NetScaler? Would it be handy to have that segmented into a specific view that offers details about the level of security and potential issues?

The answer is of course yes, that would be very handy.

NetScaler Console can offer that. The next question is what kinds of applications that you have and the services that they offer? This piece will show you how that can be achieved with NetScaler Console and the Service based Console( on-premises or service).

Who would be interested in this?

Any Network Admin with multiple NetScaler’s deployed. When there are public facing services, running on those NetScaler appliances, there are some options to switch on some of the security suite setup offered by the appliance.

Why do that?

It can then protect the application from certain types of attack, using the analytics console you can see the who/what and if there was a mitigation of some sort. As it might have been setup to only log….. :-)

Mastering sounds 'heavy'?

Ultimately, this is substack, who would be crazy enough to write technical content on this platform? 

What can NetScaler Console offer within the Security Analytics view?

To backup a little bit, lets say you have just signed into the Console, there is a default view that gives you the 85,000 feet view (SR-71 altitude, so above controlled airspace). Part of that main overview, which will get covered in a future session is this:

High Level security dashboard.

You can see a few key things right away.

• The NetScaler(s) that this Console is monitoring has 7 applications under security management.

• Looks like the WAF is up and running, with 1200 violations in the last hour.

• BOT does not look to be enabled.

The ‘View Security dashboard’ will take the admin to a more detailed view. Opening that up we get this:

Detailed dashboard

The details now provide some metrics to access the relative security in two ways,

• Threat index - this describes criticality of the attacks against your app(s). The higher the number, the more serious the attack(s) are/is.

• Safety index - this is the level of configuration resilience you have. Higher numbers indicate a better level of baseline security.

The applications are displayed in a way to give the admin an overview of all the web applications and how the defences are holding up. The admin can then drill into an application and see more information about the kind of attack that the system sees.

Attack details

From the console I can see that someone if is trying to trigger URL’s that are not on the allowed list. Looks like the source is in India and the NetScaler has ‘blocked’ the attempt.

What else?

The Safety Index is all about setting up a good baseline, the Console can offer some pointer(s) on what should be set up (and what might have been missed - Not Configured).

Improve your Safety index.

If it is not clear, here is a scenario.

Bob and Alice have been using NetScaler Console Service in the scenarios for the last few days. 

Alice and Bob have been using NetScaler Console for the management of their estate. Stan and Bridget are more application focused. They all use NetScaler Console to review the application security that they have in-place. They can make configuration changes based on the changing landscape they see.

This also helps Bob and Alice, as they are not ‘checking’ things for the App team.

Happy days, as this allows Bob and Alice to focus time on other tasks that are important to Acme.

The Call to Action

Let me know if this piece raises any questions/comments, drop them into the space below. I will endeavour to answer directly or update the post to better address the question(s).

Summary

Buckle up. The NetScaler Console is the best tool for many different jobs when working in conjunction with the NetScaler Appliance. They are the perfect tag team. 🤼. The NetScaler Console can offer a one-stop shop to see all your appliances from one place, and deploy and update them and track those applications and the level of Security in-place that your business needs.

Let me show you how to make the most of it!

Have a good one.