F5 Distributed Cloud > F5 Distributed Cloud: Application Firewall & Services Source | Edit on
Lab 3: Malicious Users¶
The following lab tasks will guide you the configuration of the Malicious User Configuration which can be used to implement a variety of security controls.
Expected Lab Time: 15 minutes
Task 1: Creating a User Identification Policy¶
In this task you will build a user identification policy which will be the basis of identifying clients/users for machine learning driven analysis for malicious user mitigation and actions.
Within Web App & API Protection in the F5 Distributed Cloud Console, Manage > Load Balancer > HTTP Load Balancers and use the Action Dots and click Manage Configuration.
Click Edit Configuration in the top right-hand corner.
Click Common Security Controls in the left-hand navigation and locate User Identification.
Click the drop-down under User Identifier and select User Identification Policy from the list.
Click the dropdown for User Identification Policy and select Add Item.
In the User Identification window, in the Metadata section enter user-id for the Name and then click configure under User Identification Rules.
In the resulting window for User Identification Rules, click Add Item.
In the User Identification Rule window click the drop-down for Identifier Type.
Select TLS Fingerprint and click Apply.
Returning to the window for User Identification Rules, observe the prior selection and click Add Item.
In the User Identification Rule window click the drop-down for Identifier Type. Select Client IP Address and click Apply. (It should be already selected)
Review the two User Identification Rules and click Apply.
Returning to the User Identification window, note that User Identification Rules are now Configured and click Continue.
Task 2: Enable Malicious User Detection and Mitigation Actions¶
In this task you will leverage the user identification policy just built and then enable malicious user detection and create a malicious user mitigation and challenge.
Click Common Security Controls in the left-hand navigation.
Click the dropdown for Malicious User Detection and select Enable.
Click the dropdown for Malicious User Mitigation And Challenges and select Enable.
Click the dropdown for Malicious User Mitigation Settings and select Custom.
Click the dropdown for Custom. Observe the two other policies.
shared/lab-sec-user-mitigation
ves-io-shared/ves-io-default-malicious-user-mitigation
Note
Using shared namespace Malicious User Mitigation provides the ability to use API-updated mitigation controls to implement common service security across multiple resources.
Select Add Item.
In the Metadata section enter security-user-mitigation for the Name and then click Add Item under Rules.
In the resulting window, click the dropdown for Threat Level and select Low.
Click the dropdown for Action and select Java Script Challenge.
Select Apply.
In the Malicious User Mitigation window review the rule just created and click Add Item again.
In the resulting window, click the dropdown for Threat Level and select Medium.
Click the dropdown for Action and select Captcha Challenge.
Select Apply.
In the Malicious User Mitigation window review the rules just created and click Add Item again.
In the resulting window, click the dropdown for Threat Level and select High.
Click the dropdown for Action and select Block Temporarily.
Select Apply.
Observe the three Rules created and select Continue.
Note the updated Malicious User Mitigation and Challenges section and click on Other Settings in the left-hand navigation or scroll to the bottom of the window and click the Save and Exit button.
End of Lab 3: This concludes Lab 3, feel free to review and test the configuration.
A Q&A session will begin shortly to conclude the overall lab.