By Peter Silva | Article Rating: |
|
May 9, 2017 08:00 AM EDT | Reads: |
725 |
Use F5’s Web Application Firewall (WAF) to protect web applications deployed in Microsoft Azure.
Applications living in the Cloud still need protection. Data breaches, compromised credentials, system vulnerabilities, DDoS attacks and shared resources can all pose a threat to your cloud infrastructure. The Verizon DBIR notes that web application attacks are the most likely vector for a data breach attack. While attacks on web applications account for only 8% of reported incidents, according to Verizon, they are responsible for over 40% of incidents that result in a data breach. A 2015 survey found that 15% of logins for business apps used by organizations had been breached by hackers.
One way to stay safe is using a Web Application Firewall (WAF) for your cloud deployments.
Let’s dig in on how to use F5’s WAF to protect web applications deployed in Microsoft Azure. This solution builds on BIG-IP Application Security Manager (ASM) and BIG-IP Local Traffic Manager (LTM) technologies as a preconfigured virtual service within the Azure Security Center.
Some requirements for this deployment are:
- You have an existing web application deployed in Azure that you want to protect with BIG-IP ASM
- You have an F5 license token for each instance of BIG-IP ASM you want to use
To get started, log into your Azure dashboard and on the left pane, toward the bottom, you’ll see Security Center and click it.
Next, you’ll want to click the Recommendations area within the Security Center Overview.
And from the list of recommendations, click Add a web application firewall.
A list of available web applications opens in a new pane. From the application list, select the application you want to secure.
And from there click Create New. You’ll get a list of available vendors’ WAFs and choose F5 Networks.
A new page with helpful links and information appears and at the bottom of the page, click Create.
First, select the number of machines you want to deploy – in this case we’re deploying two machines for redundancy and high availability. Review the host entry and then type a unique password for that field. When you click Pricing Tier, you can get info about sizing and pricing. When you are satisfied, at the bottom of that pane click OK.
Next, in the License token field, copy and paste your F5 license token. If you are only deploying one machine, you’ll only see one field. For the Security Blocking Level, you can choose Low, Medium or High. You can also click the icon for a brief description of each level. From the Application Type drop down, select the type of application you want to protect and click OK (at the bottom of that pane).
Once you see two check marks, click the Create button.
Azure then begins the process of the F5 WAF for your application. This process can take up to an hour. Click the little bell notification icon for the status of the deployment.
You’ll receive another notification when the deployment is complete.
After the WAF is successfully deployed, you’ll want to test the new F5 WAF and finalize the setup in Azure including changing the DNS records from the current server IP to the IP of the WAF.
When ready, click Security Center again and the Recommendations panel. This time we’ll click Finalize web application firewall setup.
And click your Web application.
Ensure your DNS settings are correct and check the I updated my DNS Settings box and when ready, click Restrict Traffic at the bottom of the pane.
Azure will give you a notification that it is finalizing the WAF configuration and settings, and you will get another notification when complete.
And when it is complete, your application will be secured with F5’s Web Application Firewall.
Check out the demo video and rest easy, my friend.
ps
Related:
- The dirty dozen: 12 cloud security threats
- Why Companies in the Cloud get Hacked
- 15 per cent of business cloud users have been hacked, research finds
- Azure and F5 WAF in the cloud
- Azure Security Center – How to protect your Web Applications in Azure

Read the original blog entry...
Published May 9, 2017 Reads 725
Copyright © 2017 Ulitzer, Inc. — All Rights Reserved.
Syndicated stories and blog feeds, all rights reserved by the author.
More Stories By Peter Silva
Peter is an F5 evangelist for security, IoT, mobile and core. His background in theatre brings the slightly theatrical and fairly technical together to cover training, writing, speaking, along with overall product evangelism for F5. He's also produced over 350 videos and recorded over 50 audio whitepapers. After working in Professional Theatre for 10 years, Peter decided to change careers. Starting out with a small VAR selling Netopia routers and the Instant Internet box, he soon became one of the first six Internet Specialists for AT&T managing customers on the original ATT WorldNet network.
Now having his Telco background he moved to Verio to focus on access, IP security along with web hosting. After losing a deal to Exodus Communications (now Savvis) for technical reasons, the customer still wanted Peter as their local SE contact so Exodus made him an offer he couldn’t refuse. As only the third person hired in the Midwest, he helped Exodus grow from an executive suite to two enormous datacenters in the Chicago land area working with such customers as Ticketmaster, Rolling Stone, uBid, Orbitz, Best Buy and others.
Writer, speaker and Video Host, he's also been in such plays as The Glass Menagerie, All’s Well That Ends Well, Cinderella and others.
- IoT = Cloud + Big Data + Analytics | @ExpoDX #Cloud #IoT #IIoT #BigData #SmartCities #DigitalTransformation
- Matthew Rosen, CEO of @FusionConnectSM | @CloudEXPO #IoT #Cloud #IoT #DigitalTransformation
- Security of Smart Things | @ThingsExpo #BigData #IoT #IIoT #SmartCities
- [video] @IBMBlockchain | @ExpoDX #AI #ML #FinTech #Blockchain #Bitcoin
- Technical Testing with @CoalfireSys | @CloudExpo #AI #GDPR #FedRAMP
- Secure Your Containers with @Venafi | @CloudExpo #DevOps #CloudNative #Security #Serverless #Docker #Kubernetes
- Vivint to Exhibit at @ThingsExpo | @VivintHome #IoT #IIoT #Vivint #SmartHome #SmartCities
- Cloud-Scale with @JuniperNetworks | @CloudExpo @LGuess #CloudNative #Serverless #DevOps #DigitalTransformation
- Security in a Cloud-First World Is Cloudy | @CloudExpo #AI #Cloud #Security
- Superencipherment with @SecureChannels | @CloudExpo #Cloud #Security
- IoT = Cloud + Big Data + Analytics | @ExpoDX #Cloud #IoT #IIoT #BigData #SmartCities #DigitalTransformation
- Matthew Rosen, CEO of @FusionConnectSM | @CloudEXPO #IoT #Cloud #IoT #DigitalTransformation
- Security of Smart Things | @ThingsExpo #BigData #IoT #IIoT #SmartCities
- Bitcoin and Nanocrime | @CloudExpo #FinTec #Blockchain #Bitcoin #Ethereum
- [video] @IBMBlockchain | @ExpoDX #AI #ML #FinTech #Blockchain #Bitcoin
- Technical Testing with @CoalfireSys | @CloudExpo #AI #GDPR #FedRAMP
- Secure Your Containers with @Venafi | @CloudExpo #DevOps #CloudNative #Security #Serverless #Docker #Kubernetes
- Vivint to Exhibit at @ThingsExpo | @VivintHome #IoT #IIoT #Vivint #SmartHome #SmartCities
- Cloud-Scale with @JuniperNetworks | @CloudExpo @LGuess #CloudNative #Serverless #DevOps #DigitalTransformation
- What GDPR Is and How to Comply with It | @ExpoDX #AI #GDPR #Security
- Most Powerful Voices in Security
- Unisys President To Keynote Cloud Computing Expo
- CIA was Headed to an Enterprise Cloud All Along: Jill Tummler Singer
- Open Letter to the President of Syria Bashar al-Assad
- Cloud Expo New York Speaker Profile: Jill T. Singer – Federal CIO Emeritus
- Exclusive Q&A with Rich Marcello - Unisys President, Systems & Technology
- Viewpoint: Seven Technical Security Benefits of Cloud Computing
- Deputy CIO of the CIA to Keynote 1st Annual GovIT Expo
- Unisys Named “Platinum Sponsor” of Cloud Computing Expo
- 1st Annual Government IT Conference & Expo: Themes & Topics