how to setup total application security · 6. your domain is now configured with total application...

How to Setup Total Application Security


1 Confidential | Copyright © 2016 Indusface | All Rights Reserved

TABLE OF CONTENTS

Access Total Application Security on AWS Marketplace .............................................................................................................. 2

Configuring Total Application Security ....................................................................................................................................... 12

Total Application Security – Portal Access ................................................................................................................................. 17

Indusface Total Application Security Portal Tour ....................................................................................................................... 19

Summary ................................................................................................................................................................................... 19 Detect ........................................................................................................................................................................................ 20 Protect ....................................................................................................................................................................................... 21 Monitor ..................................................................................................................................................................................... 22

Appendix A: Creating new Security Group ..................................................................................................................................... 23

Appendix B: SSL Configuration ....................................................................................................................................................... 27 Steps to follow with other file formats (P12, PFX, PEM, JKS) .................................................................................................... 27 Steps to follow with .crt format files ......................................................................................................................................... 28

Appendix C: Routing Traffic ........................................................................................................................................................... 29



Access Total Application Security on AWS Marketplace

1. Please visit the AWS Marketplace https://aws.amazon.com/marketplace. Look for Total Application Security: Scan, Pen-Testing, Managed WAF & DDoS page, and click GO.

2. Go through What is the correct instance type for my website? link under Resources section to determine the right

instance for your website and then click Continue.

https://aws.amazon.com/marketplace

https://tas.indusface.com/docs/AMI-instance-type-guidelines.html



3. Click 1-Click Launch tab.

4. In the Software Pricing widget, select Subscription Term and Applicable Instance Type.

5. In the Version widget, select the default version.

6. In the Region widget, click Region drop down box to select the region to host the AMI. This region will guide what

subnet and VPC can use for the AMI.



7. In the EC2 Instance Type widget, select an instance of your choice. Not sure of which instance type to select? We have made an Instance Selection Guide too.

8. Now under the VPC Settings widget, do one of the following:

Click VPC dropdown box to select the VPC ID to deploy instance. The Subnet drop-down will appear, select appropriate subnet.

To create one new VPC, click Create a VPC

Note: If subnet is private then provide NAT router and Gateway details.

Click VPC dropdown box to select the EC2 Classic.

https://tas.indusface.com/docs/AMI-instance-type-guidelines.html

https://console.aws.amazon.com/vpc/home?region=us-east-1



9. Create one Security Group and in Security Group widget, select created security group from the drop down.

Note: A security group is a set of firewall rules that control traffic for a particular instance. Click Security Groups for more information.

For HTTP Website For HTTPS Website For HTTP & HTTPS websites

HTTP HTTPS HTTPS & HTTP

SSH SSH SSH

Port (8080) Port (8080) Port (8080)

Connection Method Protocol Port Range Source (IP or Group)

HTTPS TCP 443 - 443 0.0.0.0/0

HTTP TCP 80 - 80 0.0.0.0/0

Custom TCP Rule TCP 8080 - 8080 0.0.0.0/0

SSH TCP 22 - 22 Public IP of your Company

10. Click key pair dropdown to select a Key Pair. Key Pair widget ensures only you have access to the Total Application

Security.

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html



11. Click Accept Terms & Launch with 1-Click.

Note: If you are an existing AWS customer, the button will be labeled as Launch with 1-Click.

12. Confirmation pop-up page will appear and follow the on screen instructions. Click AWS Management Console link

on the page.



13. Resources page will appear, click Running Instances.

14. Instances page will appear. Sort by launch timestamp in the table to identify the most recent instance you launched.

15. Under Name column, provide the name for the instances.



16. Make a note of launched Instance ID.

17. In the left navigation pane, under NETWORK & SECURITY, click Elastic IPs to create one static IP for your instance.

18. Click Allocate New Address.



19. Allocate New Address pop-up will appear. Select one option from the EIP used in drop-down and then click Yes, Allocate.

20. Allocate New Address pop-up window will appear with Elastic IP. Click View Elastic IP to see the assigned IP.

21. Allocated Elastic IP will appear. Click Actions, select Associate Address and do one of the following:



a. If it is EC2 environment, enter Instance ID in the Instance text box and then click Associate.

b. If it is VPC environment, enter instance ID/network interface in the Instance/Network Interface text box

and click Associate.



22. In the navigation pane, click Instances. Examine the Status Checks, ensure that the status is changed from Initializing to 2/2 checks passed. Make a note of the Public IP address.

23. Paste your public IP as <Public IP>:8080 in the browser to attain the TAS Domain Registration page. Your AMI has been launched successfully and configured with the Publlic IP address. Now the next step is to configure TAS on the AMI instance.



Configuring Total Application Security

1. Paste the public IP as <Public IP>:8080 in the browser to attain the TAS Domain Registration page.

2. Provide Domain Name in the Domain Name (URL) text box, Web Application IP address will appear automatically in the IP Address Of Website text box.



For HTTPS Website

1. Select HTTPS Site? Check box and select one of the option for the SSL termination and then click CONFIGURE.

a. Select SSL terminates at WAF to set up HTTPS communication until WAF. Upload SSL Certificate in WAF and route the traffic through WAF.

b. Select SSL terminates outside of WAF to set up HTTPS communication until Load Balancer and use the

respective IP address for Routing Change.

2. Indusface TAS - WAF Status page will appear. Click icon to change the domain details in the TAS Domain

Registration page if required.



3. Perform SSL Configuration and Routing Configuration steps to secure your website.

Note: This will help you with configuring traffic routing change and other configurations. Without configuring, you cannot avail the TAS facilities like viewing attacks, vulnerabilities, measures to protect and assistance from managed security service.

4. Refresh the Indusface TAS - WAF Status page, Configuration Status will turn green if the Routing and SSL Configuration was successful. If any attacks happened to the website, Last Attack column will display date and time of attack encountered.

5. Click to view the website logs.

6. Your domain is now configured with Total Application Security – Web Application Firewall AMI. Click Click here

link to register with Indusface Web Application Firewall portal in order to get detailed insights on detected

vulnerabilities, DDoS attacks, application attacks and 24/7 security expert support.



For HTTP Website

1. Provide Domain Name in the Domain Name (URL) text box, Web Application IP address will appear in the IP Address Of Website text box and then click CONFIGURE.

2. Indusface TAS - WAF Status page will appear. Click icon to change the domain details in the TAS Domain

Registration page if required.

3. Perform Routing Configuration steps to secure your website.

Note: This will help you with configuring traffic routing change and other configurations. Without configuring, you cannot avail the TAS facilities like viewing attacks, vulnerabilities, measures to protect and assistance from managed security service.



4. Refresh the Indusface TAS - WAF Status page, Configuration Status will turn green if the Routing Configuration was successful.

5. After Routing Configuration, if any attacks happened to the website, Last Attack column will display date and time of the attack encountered.

6. Click to view the website logs.

7. Your domain is now configured with Total Application Security – Web Application Firewall AMI. Click Click here

link to register with Indusface Web Application Firewall portal in order to get detailed insights on detected

vulnerabilities, DDoS attacks, application attacks and 24/7 security expert support.



Total Application Security – Portal Access 1. Total Application Security login page will appear. Enter the Username (password is prepopulated automatically)

and click REGISTER.

Parameter Description

Username Provide your AWS Customer ID as username.

E.g. 123456789000 (without hyphen)

Password It will prepopulate the launched instance ID as password. E.g.: i-123a4b56

Note: If required, you can also edit and change the password on this page.

2. Indusface TAS login page will appear. Provide Username, Password and the click Sign In.



All Sites - Health Summary page will appear that serves as the entry point for the website and displays the Health status (How secure) of the website. 3. Initiate scan by clicking Scan Now under Last Scan to scan your domain to detect the web application

vulnerabilities, malwares, and business logic flaws.

5. Once the scan completed, Last Scan will display the date and time.

6. Click Detect tab and then click Download Scan Report to view the scan report.

You website is now successfully configured to be used with Indusface Total Application Security.



Indusface Total Application Security Portal Tour For detailed features of the Total Application Security portal, please visit Guided Tour

Summary Summary tab provides an overview of the number of detected and blocked vulnerabilities, number of application DDoS attempts and Top five categories names of the attacks, IPs, countries, and URIs. The page attributes can be customized for sites and number of days.

https://www.indusface.com/TAS/ProductTour



Detect Detect tab provides an overview of the website scan and detected vulnerabilities details. It helps initiate scans, download the scan report, request pen-testing scan, request POCs and custom rules. The page attributes can be customized for the websites. A simple doughnut chart shows top five noticed vulnerabilities count and their percentage.



Protect Protect tab provides an overview of the real-time blocked attacks by WAF and displays top five IPs, attack categories and URIs. It offers attack categories and severities graphs. The page attributes can be customized for sites, type of attacks and number of days.



Monitor Monitor tab provides an overview of the real-time logged attacks by WAF and displays top five IPs, attack categories, and URIs. It offers time line graph to represent the Bandwidth (avg kb per min) and Requests (hourly). The page attributes can be customized for sites and number of days.

For detailed features of the Total Application Security portal, please take visit Guided Tour

https://www.indusface.com/TAS/ProductTour



Appendix A: Creating new Security Group

1. Go to AWS Management Console. Resources page will appear.

2. Click Running Instances.



3. Security Group page will appear. Click Create Security Group.

4. Create Security Group pop-up will appear. Click Add Rule.



5. Select the inbound rules from the Type drop down.

For HTTP Website For HTTPS Website For HTTP & HTTPS websites

HTTP HTTPS HTTPS & HTTP

SSH SSH SSH

Port (8080) Port (8080) Port (8080)

Connection Method Protocol Port Range Source (IP or Group)

HTTPS TCP 443 - 443 0.0.0.0/0

HTTP TCP 80 - 80 0.0.0.0/0

Custom TCP Rule TCP 8080 0.0.0.0/0

SSH TCP 22 - 22 Public IP of your Company

6. Provide group name and description details in the respective text boxes and then Click Create.



7. Security Group page will appear with the created group.

8. Go to Total Application Security: Scan, Pen-Testing, Managed WAF & DDoS page, and in Security Group widget

select created security group from the drop down.



Appendix B: SSL Configuration

Steps to follow with other file formats (P12, PFX, PEM, JKS)

Prerequisites:

File Format Passwords

JKS Key Password , Keystore Password

PFX/P12 Key Password

SSL Conversion Steps

Follow the steps below to migrate the SSL from your machine to Indusface Total Application Security- WAF AMI with appropriate file format (CRT). 1. Copy the certificates to the Indusface TAS-AMI using any file transfer tool into /home/ec2-user.

2. Log into your AMI using any SSH client (E.g. PuTTY)

a. Specify the destination Host Name or IP Address of the WAF AMI and use the associated Key Pair (same key pair associated while lunching the AMI instance from the AWS Marketplace.)

3. A terminal will open up. Specify the Username ec2-user and then proceed with authentication.

4. Switch to root user by executing the command sudo su –

5. Copy SSL files to /mnt directory by executing the command cp <cert_filename> /mnt

6. Now run the command ls to list all the certificates in the /mnt directory.

NOTE: Make sure not more than one file exists with the same extension in /mnt.

7. Change the directory to /media using the command cd /media

8. Run the command ls to list the contents in the directory. It will return the file convert_ssl.sh.

9. Run the command ./convert_ssl.sh <file_format> <domain_name>, press ‘y’ and provide password to convert the files into CRT file format.

NOTE: If the certificate file is not password protected, press enter to proceed. All the converted files will be placed automatically in /etc/httpd/ssl folder.

10. Success message will appear. To ensure change directory to cd /etc/httpd/ssl and run the command ls to list all

the files in the folder, the following files should be listed.

<domain_name>.crt

<domain_name>-server.key

<domain_name>-chain.crt

NOTE: If the conversion is not successful, please contact Indusface Support at [email protected] 11. After completion of SSL configuration, follow the Traffic Routing steps.

mailto:[email protected]



Steps to follow with .crt format files Consider your domain name as “yourdomain.com” and rename the SSL certificates as per your domain name in the format mentioned in the table.

Certificate Format

Server Certificate yourdomain.com.crt

Private Key Certificate yourdomain.com-server.key

Chain File yourdomain.com-chain.crt

Note: If you have multiple Chain files, put all the files in yourdomain.com-chain.crt file.

1. Copy the above files from your machine to the Indusface TAS AMI using any file transfer tool into /tmp directory.

2. Log into your AMI using any SSH client (E.g. PuTTY)

o Specify the destination Host Name or IP Address of the WAF AMI and use the associated Key Pair (same key pair associated while lunching the AMI instance from the AWS Marketplace.)

3. A terminal will open up. Specify the Username ec2-user and then proceed with authentication.

4. Switch to root user by executing the command sudo su –

5. Change the directory to cd /etc/httpd/ssl/

6. Run the below command to copy the files from /tmp directory to /etc/https/ssl/

cp /tmp/yourdomain* /etc/httpd/ssl/

7. Run the command to rename apache configuration file

mv /etc/httpd/indusface/<yourdomain>.conf.disabled

/etc/httpd/indusface/<yourdomain>.conf

8. Run the command to restart the apache systemctl restart httpd.service

Removing passphrase from the private key 1. To remove the passphrase from a private key type the command.

openssl rsa -in yourdomain.com-server.key -out yourdomain.com-server.key1

Enter the pass phrase for the website.

2. Create a back-up file of yourdomain.com-server.key, by executing the command

mv yourdomain.com-server.key yourdomain.com-server.key_bak

3. Rename the file yourdomain.com-server.key1 to yourdomain.com-server.key by executing the command

mv yourdomain.com-server.key1 yourdomain.com-server.key

4. Now type the command ls to list the certificates, the following files should be listed.

yourdomain.com.crt

yourdomain.com-server.key

yourdomain.com-server.key_bak

yourdomain.com-chain.crt

5. After completion of SSL configuration, follow the Traffic Routing steps.



Appendix C: Routing Traffic 1. Click Routing Configuration Required to use the Indusface Total Application Security, you need to ensure that all

the traffic goes through Indusface Total Application Security, AMI by implementing one of the following methods.

Single Node Deployment

If you are using SSL and SSL is terminated at the WAF AMI:

i. You need to set up the SSL certificate and keys as per instructions in SSL Configuration DOC before changing your routing. Failure to do it in this sequence will result in disruption to your website traffic.

Change your DNS A record to point to the public IP address of the Indusface WAF AMI.

Single Node Deployment with ELB

Update ELB to forward traffic on ports 80 & 443 to the IP address of the Indusface WAF AMI.

SSL is terminated at the ELB so no SSL configuration required in this model.

Multi Node Deployment With ELB

Contact support for routing change instructions

2. After completion of routing, refresh the Indusface TAS - WAF Status page.

how to setup total application security · 6. your domain is now configured with total application...

Documents