waf getting started guide for aws marketplacetrustwave waf for aws supports inline-proxy mode...
TRANSCRIPT
-
07
Web Application Firewall
Getting Started Guide for
AWS Marketplace
-
WAF Getting Started Guide for AWS Marketplace
Copyright © 2016 Trustwave Holdings, Inc. All rights reserved. 2
Legal Notice
Copyright © 2018 Trustwave Holdings, Inc.
All rights reserved. This document is protected by copyright and any distribution, reproduction, copying, or
decompilation is strictly prohibited without the prior written consent of Trustwave. No part of this document
may be reproduced in any form or by any means without the prior written authorization of Trustwave.
While every precaution has been taken in the preparation of this document, Trustwave assumes no
responsibility for errors or omissions. This publication and features described herein are subject to
change without notice.
While the authors have used their best efforts in preparing this document, they make no representation or
warranties with respect to the accuracy or completeness of the contents of this document and specifically
disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be
created or extended by sales representatives or written sales materials. The advice and strategies
contained herein may not be suitable for your situation. You should consult with a professional where
appropriate. Neither the author nor Trustwave shall be liable for any loss of profit or any commercial
damages, including but not limited to direct, indirect, special, incidental, consequential, or other damages.
The most current version of this document may be obtained by contacting:
Trustwave Technical Support:
Phone: +1.800.363.1621
Email: [email protected]
Trademarks
Trustwave and the Trustwave logo are trademarks of Trustwave. Such trademarks shall not be used,
copied, or disseminated in any manner without the prior written permission of Trustwave.
mailto:[email protected]
-
WAF Getting Started Guide for AWS Marketplace
Copyright © 2016 Trustwave Holdings, Inc. All rights reserved. 3
Revision History
VERSION DATE CHANGES
1.0 June 2018 First Release
Formatting Conventions
This manual uses the following formatting conventions to denote specific information.
FORMATS AND SYMBOLS
MEANING
Blue Underline A blue underline indicates a Web site or e-mail address.
Bold Bold text denotes UI control and names such as commands, menu items, tab and field names, button and checkbox names, window and dialog box names, and areas of windows or dialog boxes.
Code Text in Courier New in blue indicates computer code or information at a command line.
Italics Italics denotes the name of a published work, the current document, name of another document, text emphasis, or to introduce a new term.
[Square brackets] Square brackets indicate a placeholder for values and expressions.
Notes, Tips, and Cautions
Note: This symbol indicates information that applies to the task at hand.
Tip: This symbol denotes a suggestion for a better or more productive way to use the product.
Caution: This symbol highlights a warning against using the software in an unintended manner.
Question: This symbol indicates a question that the reader should consider.
-
WAF Getting Started Guide for AWS Marketplace
Copyright © 2016 Trustwave Holdings, Inc. All rights reserved. 4
Table of Contents
Legal Notice ................................................................................................................................................. 2
Trademarks ......................................................................................................................................... 2
Revision History .................................................................................................................................. 3
Formatting Conventions ............................................................................................................................. 3
Notes, Tips, and Cautions ................................................................................................................... 3
1 Introduction .............................................................................................................................................. 5
2 Requirements Prior to Trustwave WAF Launch ................................................................................... 5
3 Trustwave WAF Instance Launch .......................................................................................................... 6
4 Trustwave WAF Management Access ................................................................................................. 11
5 Trustwave WAF Sensor ......................................................................................................................... 12
6 Load Balancer Support ......................................................................................................................... 12
WAF located before the load balancer .................................................................................... 12
WAF located after the load balancer ....................................................................................... 12
-
WAF Getting Started Guide for AWS Marketplace
Copyright © 2016 Trustwave Holdings, Inc. All rights reserved. 5
1 Introduction
Trustwave WAF for AWS supports Inline-Proxy mode running Stand Alone, Manager or Sensor. Three
different AMIs are provided, one for each of these WAF Roles.
Trustwave WAF for AWS can be combined with other Trustwave WAF devices running on other
platforms.
2 Requirements Prior to Trustwave WAF Launch
This section provides a list of required components that must be available before proceeding with the Trustwave WAF Instance launch.
Note: Names and values in this document are merely for ease of explanation. Use your preferred
names and required values where appropriate.
1. AWS Trustwave WAF license (BYOL).
2. VPC and Internet Gateway:
• WAF DMZ: 192.168.0.0/16
3. VPC subnets and Route Table, including:
• WAF Management: 192.168.1.0/24
• WAF Traffic: 192.168.0.0/24
4. Security Groups:
a. WAF Management: inbound ports 22 (SSH) and 443 (HTTPS)
b. WAF Traffic: Inbound ports should match protected web site ports, that is, 80 (HTTP) and 443 (HTTPS)
5. SSH Key:
• WAF Management
6. Choose an instance type. Trustwave WAF currently recommends the following instance types:
Trustwave WAF Model
AWS Instance Type
vCores RAM (GB) Network Interfaces
Disk size
AWS15 c3.xlarge 4 7.5 4 (2*) (1*)
AWS30 c3.2xlarge 8 15 4 (2*) (1*)
AWS110 c3.4xlarge 16 30 8 (2*) (1*)
-
WAF Getting Started Guide for AWS Marketplace
Copyright © 2016 Trustwave Holdings, Inc. All rights reserved. 6
Notes:
• (1*) Disk size is provided on instance configuration with a minimum requirement of 50GB.
(No RAID protection is available.)
• (2*) Trustwave WAF requires at least two network interfaces, one for Management and one for
traffic protection. AWS allows only one network interface per subnet per instance.
Warning: Not providing the minimum requirements listed in this section may result in unexpected
Trustwave WAF behavior.
3 Trustwave WAF Instance Launch
1. In the Choose an Amazon Machine Image screen, choose the Trustwave WAF AMI (Stand Alone, Manager or Sensor).
Your selection must depend on the Role that you are assigning to the instance. The Role cannot be modified after the instance launch.
-
WAF Getting Started Guide for AWS Marketplace
Copyright © 2016 Trustwave Holdings, Inc. All rights reserved. 7
2. Click Select
3. Select the required AWS instance type.
4. Click Next: Configure Instance Details.
5. In the Network field, enter the VPC ("WAF DMZ" in this example).
6. If the AMI type is StandAlone or Sensor, then enter the WAF Traffic subnet in the Subnet field.
7. If the AMI type is Manager, enter "WAF Management" in the Subnet field.
-
WAF Getting Started Guide for AWS Marketplace
Copyright © 2016 Trustwave Holdings, Inc. All rights reserved. 8
8. If the AMI type is StandAlone or Sensor, click the Network Interfaces area at the bottom of the screen.
9. In the eth0 Subnet dropdown, select the WAF traffic subnet "WAF Traffic".
10. If eth1 is not displayed, click the Add Device button and in the eth1 Subnet dropdown, select the WAF management subnet "WAF Management".
Note: WAF is configured to work by default with eth1 as the management NIC and eth0 as the web traffic NIC.
You can also define a different management NIC: In the Advanced Details area at the bottom of the screen, enter the User data field using the following format:
nic=X (Where X is the required interface name, such as "eth2")
11. Click Next: Add Storage.
The size of the Root device must be at least 50GB. This is the disk storage used by Trustwave WAF to store its database and security events.
You can increase this value if required.
-
WAF Getting Started Guide for AWS Marketplace
Copyright © 2016 Trustwave Holdings, Inc. All rights reserved. 9
12. Click Next: Add Tags.
13. Provide a descriptive value in the Name tag to help you identify the instance in the future. You can add additional tags to help organize instances on your account.
14. Click Next: Configure Security Group.
15. Select both Security Groups, WAF Management and WAF Traffic.
Click Review and Launch.
-
WAF Getting Started Guide for AWS Marketplace
Copyright © 2016 Trustwave Holdings, Inc. All rights reserved. 10
16. Expand all sections and review that all parameters are valid.
17. Click Launch.
-
WAF Getting Started Guide for AWS Marketplace
Copyright © 2016 Trustwave Holdings, Inc. All rights reserved. 11
18. Provide the SSH key pair that you previously created. If not yet created, create one now. Make sure you download the key and keep it in a safe place.
19. Click Launch Instances.
The creation of the Trustwave WAF instance may take a couple of minutes. You will see the “Get instance screenshot” screen until the login prompt appears.
4 Trustwave WAF Management Access
Trustwave WAF provides many management tools that complement each other.
The first and most commonly used is the Web Console, where users can configure protected sites, define
policies and view security events. It can be accessed from any browser using HTTPS and the IP address
of the eth1, WAF Management interface.
Username: bgadmin
Default password: The AWS Trustwave WAF instance ID.
The second tool comprises three sub-tools and is used for advanced operations. It is accessed using an
SSH client and the IP address of the eth1, WAF Management interface.
SSH must be invoked with the SSH key used at WAF launch time.
Users are:
bgoperator: for “Maintenance tool”
bus: for “Software Update System”
ha: for “High Availability” CLI.
-
WAF Getting Started Guide for AWS Marketplace
Copyright © 2016 Trustwave Holdings, Inc. All rights reserved. 12
5 Trustwave WAF Sensor
Users are required to set an access password for each Trustwave WAF Sensor before attaching them to
a WAF Manager in the Web Console.
To set the access password, connect the “Maintenance Tool” (SSH as bgoperator)
and select "2 – Offline Menu | 1 -- Configuration Menu | 12 -- Change sensor password".
6 Load Balancer Support
The WAF can be located either before the load balancer or after it. The following issues arise from such
deployment.
WAF located before the load balancer
When WAF is located before the load balancer, and the Web Server IP is not a static IP, the IP might be
changed by the load balancer. For this reason, WAF allows the configuring of a Web Server hostname
instead of an IP. This configuration is available from Site Network Settings in the WAF UI. When the Web
Server is configured as a hostname, WAF resolves the Web Server IP from the DNS server.
WAF located after the load balancer
When WAF is located after the load balancer, AWS infrastructure demands that traffic goes through the
eth0 NIC. (Another NIC, such as eth1 is used as the Management NIC).
-
About Trustwave®
Trustwave helps businesses fight cybercrime, protect data and reduce security risk. With cloud and
managed security services, integrated technologies and a team of security experts, ethical hackers and
researchers, Trustwave enables businesses to transform the way they manage their information security
and compliance programs. More than three million businesses are enrolled in the Trustwave
TrustKeeper® cloud platform, through which Trustwave delivers automated, efficient and cost-effective
threat, vulnerability and compliance management. Trustwave is headquartered in Chicago, with
customers in 96 countries.
For more information about Trustwave, visit https://www.trustwave.com.
https://www.trustwave.com/
WAF Getting Started Guide for AWS MarketplaceLegal NoticeTrademarksRevision History
Formatting ConventionsNotes, Tips, and Cautions
1 Introduction2 Requirements Prior to Trustwave WAF Launch3 Trustwave WAF Instance Launch4 Trustwave WAF Management Access5 Trustwave WAF Sensor6 Load Balancer SupportWAF located before the load balancerWAF located after the load balancer