|
The first order of business with Citrix was switching from bypass mode to operating mode--basically turning on the firewall. From the same page, we were able to choose whether to include failover protection in our security policy, assign session timeout thresholds and toggle between two diverse degrees of overall security--Enterprise, which included full filtering and blocking, or Express, with basic Web server policies.
Once traffic began passing through the appliance, we had to determine whether to enable failover protection. Initializing this option was difficult, as it required an in-depth understanding as to whether or not pages containing Web forms utilized Javascript or Get calls.
Citrix's Adaptive Learning mode examines traffic to determine what is normal and then builds recommendations that let users apply, edit and apply, skip or ignore. Unfortunately, when a recommendation is ignored, the firewall will no longer view that particular action as a threat when encountered. We would have preferred to see a threshold set for the skip option to allow change to meet new zero-day exploits and adaptive malware.
F5's policy management is quite flexible. Initially, the wizard walked us through each aspect rule definition. F5 also supports an assortment of adaptive learning tools to assist with policy generation. We found the Learning Manager and its counterpart, the Traffic Learning Screen, to be the most helpful in determining policy. Each time we created a potential violation, such as forceful browsing
or multiple failed login attempts, the Learning Manager made suggestions as to how to adapt our security policy.
F5 offers the ability to create security policy templates to ...
To continue reading for free, register below or login
To read more you must become a member of SearchSecurity.com
facilitate large-scale deployments.
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE] [IMAGE] At the Core - Overall Security Effectiveness
[IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
The good news Imperva is the closest thing to a silver bullet for application security, based on its combination of adaptive learning and other techniques.
The bad news Citrix delivers good security against attacks, but we would like to see traffic logging for comparison while it is run in passive mode.
[IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE]
[IMAGE]
Between Barracuda's policy wizard and the dynamic application pro- filing, we were able to create security policies specific to the traffic generated during our testing. However, it's easy to see how in a high-traffic environment, the constant tweaking would be bothersome and ultimately create a security risk from multiple changes.
Barracuda's passive mode is very good at displaying what results would be if policies were actively enforced. While the other products displayed what was taking place on the network, they didn't offer the extensive understanding of the ramifications of the security policy had it been active.
|
 |
|
