wordpress.simplitrain.com

course

Home / Courses / VMware NSX Advanced Load Balancer: Web Application Firewall Security [V22.x]

Course Objectives

By the end of the course, you should be able to meet the following objectives:

  • Describe the NSX Advanced Load Balancer architecture, components, and main functions Explain the key features and benefits of NSX Advanced Load Balancer Explain and configure local load
  • balancing constructs such as virtual services, pools, health monitors, and related components Recognize web application breaches and threats Recognize multiple attack vectors such as web scraping, Layer 7 Denial of Service, brute force, and code injections Explain the components of NSX Advanced Load Balancer WAF that build a security pipeline to protect a web application from being attacked Describe how to configure the NSX Advanced Load Balancer WAF components Describe an NSX Advanced Load Balancer WAF operational task such as setting up an application with WAF, tuning the WAF Policy, and working with logs and analytics Explain the NSX Advanced Load Balancer WAF best practices for on
  • boarding a web application; configuring WAF settings for effective application security Explain how to size the NSX Advanced Load Balancer WAF data plane Explain the WAF Application learning feature, configuration of Application learning, Virtual Patching concepts, common caveats, and troubleshooting while deploying in any environment Recognize NSX Advanced Load Balancer Cloud Services that include threat Intelligence services Describe the Threat Intelligence service provided by NSX Advanced Load Balancer WAF and how the NSX Advanced Load Balancer WAF Threat Intelligence service receives live security threat feed for multiple attack vectors from Cloud Services (formerly Avi Pulse) Describe the NSX Advanced Load Balancer DataScript capabilities for detecting and defending against advance and zero
  • day attacks. Discuss the relevant NSX Advanced Load Balancer WAF logs and perform basic troubleshooting of applications that are protected by NSX Advanced Load Balancer WAF Explain the NSX Advanced Load Balancer WAF capability to protect Personally Identifiable Information (PII)

Agenda

  • Introduction and course logistics
  • Course objectives

  • Illustrate NSX Advanced Load Balancer
  • Explain NSX Advanced Load Balancer architecture and components
  • Describe control plane clustering and high availability
  • Describe data plane high availability mode
  • Understand the common terminologies used with NSX Advanced Load Balancer
  • Explain the NSX Advanced Load Balancer service elements
  • Explain virtual service components and how to configure a virtual service
  • Explain application profiles and network profiles
  • Explain the pool configuration options and how to configure a pool
  • Explain the available load-balancing algorithms
  • Explain and configure SSL profiles and certificates
  • Explain cloud connectors and cloud connector integration modes
  • Explain multiple health monitor types
  • Understand client logs

  • Understand web application security breaches and the implication of breaches
  • Explain common terminologies related to Web Application Security
  • Understand the different teams involved to secure applications

  • Understand the various web application security testing methodologies
  • Understand the OWASP Top 10 vulnerabilities
  • Understand the tools to generate a web application attack
  • Describe a few types of web application attacks

  • Understand different web traffic transport modes
  • Describe web traffic and API traffic

  • Understand the core design principles of NSX Advanced Load Balancer WAF
  • Describe the NSX Advanced Load Balancer WAF components that build the WAF security pipeline
  • Understand the NSX Advanced Load Balancer WAF configuration objects

  • Examine how to set up an application with WAF
  • Describe considerations for the WAF policy
  • Work with WAF logs and analytics
  • Describe WAF policy tuning
  • Describe the options available to remediate false positive mitigation

  • Describe technical and application considerations for onboarding an application front ended by WAF
  • Describe best practices to remediate false positive mitigation.
  • Describe how to manage a response from a back-end application server and client upload to the application server
  • Describe the consideration for setting the rigidity of a WAF signature rule set
  • Describe the options available to identify client traffic

  • Understand how to do WAF data plane sizing in Greenfield and Brownfield deployments

  • Understand WAF custom rules
  • Describe the need and recommendation for custom rules
  • Describe ModSecurity rules
  • Understand the ModSecurity rule structure and explain how to construct the rule
  • Analyze a sample custom rule for the use-case scenario for in-depth understanding of a custom rule

  • Understand the significance of Application Learning
  • Explain the Positive Security Model architecture
  • Describe the WAF multifaceted Application Learning technique to build an application model for creating positive security rules
  • Describe how to view the data that is learned by the Application learning module
  • Describe the WAF Virtual Patching technique to construct a WAF policy from Dynamic Application Security Testing (DAST) scanner results
  • Understand the conditions for sharing WAF Learning Data and PSM Group in WAF Policy.

  • Understand Malicious File Upload Protection and ICAP workflow
  • Describe ICAP configuration and log analytics

  • Understand IP Reputation concepts and their integration with NSX Advanced Load Balancer
  • Describe IP Reputation configuration, log analytics, and troubleshooting

  • Describe DataScript events and reference
  • Describe application security using DataScript
  • Explain how to troubleshoot DataScript issues

  • Describe and configure the NSX Advanced Load Balancer rate limiter technique
  • Describe protection from denial of service (DoS) attacks and distributed DoS (DDoS) attacks in NSX Advanced Load Balancer
  • Explain the Service Engine general advice and guidance for DDOS

  • Understand Bots
  • Describe the Bot Management mechanism in NSX Advanced Load Balancer
  • Describe how to configure NSX Advanced Load Balancer Bot Management

  • Understand Personally Identifiable Information (PII)
  • Understand the scope of managing PII in NSX Advanced Load Balancer
  • Describe how to configure the hidden PII in NSX Advanced Load Balancer logs using profiles and WAF rules.

  • Introduce the Threat Intelligence service
  • Describe the Threat Intelligence live security threat feed for multiple attack vectors
  • Describe how to configure Threat Intelligence in NSX Advanced Load Balancer

  • Define Application Programming Interface (API) Security
  • Understand API authentication and authorization using virtual service authentication mechanisms used for a virtual service such as LDAP, SAML, JSON Web Token, and OAUTH
  • Understand API Rate Limiting in NSX Advanced Load Balancer
  • Understand the NSX Advanced Load Balancer WAF Protection for API
Tags
Technical Vendor: VMware Product Line: VMWare Core Type: Core 0
FREE

Interested in course?

Buy Course

Course Type: Instructor Led