Deployment - AppSec
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Time
1 hour 13 minutes
Difficulty
Beginner
CEU/CPE
1
Video Transcription
00:02
>> Let's first start with the solutions front end.
00:02
We log into the infinity portal
00:02
in open CloudGuard Application Security.
00:02
Next, let's add an asset of type web application.
00:02
For ease of use, we can start
00:02
this from the getting started screen.
00:02
After our web application asset is set up,
00:02
we will do the same for Web API protection.
00:02
In the wizard we define our target for protection.
00:02
We name it, define
00:02
its zone if it is part of a group of assets,
00:02
define whether it's in
00:02
the stage of staging or production.
00:02
Finally, in this step,
00:02
we add the front-facing URL for the web application.
00:02
Now we choose the type of
00:02
practice to apply to our target.
00:02
This represents the type of policy to enforce in order
00:02
to train the engines to detect
00:02
legitimate traffic versus malicious traffic.
00:02
It's best practice to keep it on
00:02
learned detect until learning
00:02
has progressed sufficiently to
00:02
recommend the move to prevention.
00:02
The amount of time for this process
00:02
varies by the number of
00:02
requests sent and whether
00:02
trusted users have been defined.
00:02
But more on this later on in this session.
00:02
As discussed earlier in this session,
00:02
part of the learning process
00:02
involves profiling user behavior.
00:02
For that to happen, AppSec
00:02
needs to distinguish between users.
00:02
One way of doing this is by
00:02
their differing IP addresses to
00:02
ensure their original IPs are forwarded to AppSec,
00:02
instead of any IP address of an intermediary machine
00:02
along the way such as a proxy we choose this option.
00:02
We can also help the engine by identifying a head of
00:02
time source IPs that are unlikely to be malicious.
00:02
This helps accelerate AppSec's learning phase.
00:02
Now we define a deployment profile.
00:02
We can either choose a profile we've
00:02
previously created or create a new one.
00:02
Since in this case,
00:02
it is a first-time configuration,
00:02
we'll opt for creating
00:02
a new Nano-Agent profile to be
00:02
deployed according to our selected implementation.
00:02
That is, a Nano-Agent within an engine X
00:02
reverse proxy setup as the target Linux machine.
00:02
In the wizard summary step,
00:02
we can publish the application
00:02
security policy and enforce it.
00:02
Publish saves changes to the database and enforce means
00:02
the policy changes are ready to be picked up by
00:02
its target similar to install policy on a gateway.
00:02
Our web application asset to be
00:02
protected is now set up in the front end.
00:02
Now we proceed to deploy the Nano-Agent.
00:02
First we navigate to our profiling question.
00:02
This will be our source for
00:02
establishing the trust between
00:02
the Nano-Ag installed on
00:02
the target asset and the infinity platform.
00:02
Now, we open an SSH connection with the target machine.
00:02
Once established, we can copy
00:02
the commands from our profile in
00:02
the front end to establish
00:02
the connection with the infinity portal back-end.
00:02
This will be preceded by the fetching of
00:02
the Nano-Ag, it's installation,
00:02
and it's automatic download and installation of
00:02
the Nano-Agent components from
00:02
the back-end while also fetching the policy.
00:02
This is all done while using
00:02
the system-generated reusable token.
00:02
At the end of the process,
00:02
a success message should
00:02
appear in the command line window.
00:02
To check that the agent is up and
00:02
running we run the command
00:02
cpnano-s. A message will
00:02
also appear in the portal
00:02
indicating that the agent has connected successfully.
00:02
This completes the Nano-Agent deployment,
00:02
which means application security
00:02
for our target asset is active.
Up Next
Instructed By
Similar Content
