AMI Installation Guide for AWS - Indusface · PDF fileIndusGuard WAF AMI Installation Guide for AWS 3 Confidential ... Elastic Load Balancer feature will automatically redirect the

IGWAF Installation and Deployment Guide for AMI Instance

0 Confidential | Copyright © 2014Indusface | All Rights Reserved

AMI Installation Guide for AWS

Document Version 1.3 – 19/01/2015

IndusGuard WAF AMI Installation Guide for AWS


Copyright Notice

Copyright 2004-2014, Indusface Ltd.

www.indusface.com

All rights reserved. Use of this product and this manual is subject to license. Information in this document is subject to change without notice.

Trademarks

IGWAF is a trademark of Indusface. All other brand and product names mentioned in this document are registered trademarks or trademarks of their respective holders.

Revision History

Date Version Section Description

05/01/2014 1.0 Whole Document Initial Draft

10/01/2014 1.1 Whole Document Screenshots & Flow

30/10/2014 1.2 Whole Document Minor Changes

19/01/2015 1.3 Whole Document Minor Changes

Notice of Ownership

THIS DOCUMENT IS THE EXCLUSIVE PROPERTY OF INDUSFACE.

ALL RIGHTS RESERVED.

http://www.indusface.com/



Table of Contents

Introduction .......................................................................................................................... 3

Elastic Load Balancer support for VPC ...................................................................................................... 4

Prerequisites ............................................................................................................................................. 4

Domain/Website Information ................................................................................................ 5

User Checklist ........................................................................................................................ 5

Purchasing IGWAF AMI Instance ............................................................................................ 6

Prerequisite ............................................................................................................................................... 6

EC2 Compute Instance Installation Steps ................................................................................................. 7

IndusGuard WAF Logs and Reports ...................................................................................... 16

Summary ............................................................................................................................................. 16

Attack .................................................................................................................................................. 19

Performance ....................................................................................................................................... 19

Reports ................................................................................................................................................ 21

Settings ................................................................................................................................................ 22

Verify Web Server is protected by IGWAF ............................................................................ 22



Introduction A Web Application Firewall (WAF) is an operational security control that monitors the inbound/outbound HTTP/S traffic in order to safeguard the critical data and protect web applications from attacks. An application can be vulnerable regardless of the cautious development of application code. These vulnerabilities may prove to be disastrous for the brand reputation, thereby damaging the customer trust and business revenue directly. Securing an application therefore holds as much importance as preventing exceptions, either in security policy, or in the underlying system vulnerabilities in their design, development or deployment. IndusGuard WAF assists in securing a web application structure by monitoring the HTTP and HTTPS traffic and protecting it from malicious attacks in real time. It is industry’s first WAF to guarantee Zero WAF False Positive. It is also the only Security-as-a-Service (SECaaS) WAF to offer integrated fully managed application DDoS solution that blocks application layer attacks by combining human intelligence based expert tuning along with application profiling.

Diagram – IndusGuard Web Application Firewall (WAF)

This document provides information about installation and configuration of IGWAF using AMI instance. It covers the following configuration processes:

Domain/Website Information

User Checklist

SSL Certificate



Purchasing IGWAF AMI Instance

PuTTY Installation

Getting Started with IGWAF/HA Configuration

IGWAF and HA Configuration

System Configuration

Performance Statistics Configuration

Web Server behind IGWAF verification

Indusface WAF Logs and Reports

Elastic Load Balancer Support for VPC Elastic Load Balancer works with virtual private cloud to automatically distribute inbound web traffic amongst several Amazon EC2 instances. The term ‘Elastic’ signifies that if any of the instances is receiving high traffic or even fails, Elastic Load Balancer feature will automatically redirect the traffic to the other configured instances. In case failed instance is restored, the instance will be included as a participating member of the group and the traffic will be redirected through it. The ELB thus provides robust networking and security features.

Prerequisites

Sr. No. Elements Description Details

1. EC2 Compute Instances*

* - Deployment dependent

1 EC2 Instances (1 IGWAF)

Or

2 EC2 Instances (1 IGWAF and 1 HA)

Or

3 EC2 Instances (2 IGWAF and

1 HA)

Or

4 EC2 Instances (2 IGWAF and 2 HA)

Details required for each

appliance:

IP Address

Network Mask

Gateway IP Address

NameServer



Domain/Website Information IndusGuard WAF MSS team will need some vital information prior to IGWAF and HA instance

configuration. MSS team will send a prerequisite form requesting following information:

Company Name

Date

Application URL

Is Webserver deployed behind Elastic Load Balancer?

If yes, Elastic Load Balancer IP Address

Webserver Internal IP Address

Virtual IP Address (VIP) for HA

Private IP for IG WAF

SSL keys, if applicable

Preferred Date And Time for Vulnerability Assessment (VA) Activity

Preferred Date And Time for IGWAF Configuration

Point of Contact

Email Address

Phone Number

Note: Firewall configuration requirements:

Firewall to HA - Port 80, 443 or both must be kept open

HA to Webserver - One port on which application is running, needs to be kept open

IGWAF to Webserver - One port on which application is running, needs to be kept open

Port 80/443 outbound from WAF to IGWAF portal

User Checklist User must receive following details from IndusGuard WAF MSS team before initiating installation.

Portal Username Password (Auto-generated and sent at User Email Address)

Note: In absence of any information, user must contact IndusGuard WAF MSS team at [email protected]

mailto:[email protected]



Purchasing IGWAF AMI Instance

Prerequisite 1. Login Credentials – Amazon Username and Password

2. Create an AMI instance – m3.large EC2 Compute Instance (m3.large) details:

Elements Details

vCPU 2

Memory (GiB) 7.5

Storage (GB) 1 x 32 SSD

Networking Performance Moderate

Physical Processor Intel Xeon E5-2670 v2*

M3 instances may also launch as an Intel Xeon

E5-2670 (Sandy Bridge) Processor running at

2.6 GHz.

Clock Speed (GHz) 2.5

Intel® AES-NI Yes

Intel® AVX† Yes

Intel® Turbo Yes

EBS OPT -

Enhanced Networking -



EC2 Compute Instance Installation Steps

To create AMI instance, follow the steps below:

1. Browse to https://console.aws.amazon.com and specify AWS account using valid credentials,

now click ‘Sign in using our secure server’.

https://console.aws.amazon.com/



2. Click ‘CloudFormation’ to use template AWS Resource.

3. Click on ‘Create Stack’.



4. Provide a name to the Stack.

5. Click ‘Choose File’ to browse and select the Amazon S3 Template.



6. Browse and select the CFN template. Click ‘Open’.

7. Click ‘Next’ to proceed.



8. Specify the details of environment.

9. Click ‘next’ and tag it.



10. Click ‘next’ to review it.

11. Click ‘Create Stack’ and wait until it says ‘create complete’.



12. Once ‘Create Stack’ process is complete, check out for the public facing Elastic Load Balancer

created by this template using this link https://console.aws.amazon.com/ec2/v2/home?region=us-east-1#LoadBalancers

https://console.aws.amazon.com/ec2/v2/home?region=us-east-1#LoadBalancers



13. Select the ELB launch for WAF



14. Place the ELB DNS address on browser and check the application availability.

Note: Once the above configuration is completed, please contact IGWAF support at [email protected] to receive the user login credentials.

mailto:[email protected]



IndusGuard WAF Logs and Reports Access https://waf.indusguard.com/ with user credentials for viewing the detailed logs and event reports. A user dashboard will segregate logs and event information under tabs, namely, Summary, Attack, Performance, Reports and Settings.

Summary

Summary page provides an overview of the real-time attacks that are logged and/or blocked by IndusGuard WAF. Page attributes can be customized for sites, number of days, priority, type of events, type of attack and the attack origin country. A quick report can also be generated with the default filters set. This page will even display geo-locations of various attack counts. Further, a real time top incidents graphs covering all the top hits is also included on the page.

Screen – Total Attacks Summary Graph

https://waf.indusguard.com/



Screen – Top Event Traffic Report

Screen – Top Incident Classification



Screen – Top Incident Sources



Attack

A comprehensive information about all the attacks and any rule violations are displayed on the Attack page.

Screen – Total Attacks Summary Graph

Screen – Rule Violation Details

Performance

This page can be used to track health status of IndusGuard WAF Appliance. It displays multiple values including time line graph to represent the bandwidth, CPU utilization disk space and memory utilization.



Screen – IndusGuard WAF Appliance Performance Chart



Reports

Different reports can be accessed from the Reports Page, which are also sent to configured email address. These reports can be scheduled and filtered as per requirements.

Screen – Reports page



Settings

Settings page helps manage and configure general settings for websites using IGWAF parameter analytics including IP Address, country, severity and URI. Based on the analytics, a user can block or whitelist the traffic to the website from specific IP Address. User can even add an exception by compiling a list of URI considered safe to allow traffic overriding any configured rules. Here, user can also update the password by modifying the existing one using sub-menu Change Password option.

Screen – Settings page

Verify Web Server Protected by IGWAF Follow the below procedure to verify if the web server is successfully configured behind IGWAF:

Login to IGWAF Portal

1. Open the protected website and perform a simple attack for e.g. <script>

2. Login to the IndusGuard WAF Portal using the username and password received from the automated email.

3. Verify the summary and attacks tab graphs for details.

Documents

AMI Installation Guide for AWS - Indusface · PDF fileIndusGuard WAF AMI Installation Guide for AWS 3 Confidential ... Elastic Load Balancer feature will automatically redirect the