VMware NSX Advanced Load Balancer: Web Application Firewall Security [V22.x]

1 Course Introduction

• Introduction and course logistics
• Course objectives

2 Introduction to NSX Advanced Load Balancer

• Illustrate NSX Advanced Load Balancer
• Explain NSX Advanced Load Balancer architecture and components
• Describe control plane clustering and high availability
• Describe the data plane high-availability mode
• Review the common terminologies used with NSX Advanced Load Balancer
• Explain the NSX Advanced Load Balancer service elements
• Explain the virtual service components and how to configure a virtual service
• Explain application profiles and network profiles
• Explain the pool configuration options and how to configure a pool
• Explain the available load-balancing algorithms
• Explain and configure SSL profiles and certificates
• Explain cloud connectors and cloud connector integration modes
• Explain multiple health monitor types
• Discuss client logs

3 Introduction to Application Security

• Discuss web application security breaches and the implication of breaches
• Explain common terminologies related to Web Application Security
• Discuss the different teams involved to secure applications

4 Attacking Web Applications

• Discuss the various web application security testing methodologies
• Explain the OWASP Top 10 vulnerabilities
• Discuss the tools to generate a web application attack
• Describe a few types of web application attacks

5 Types of Transport

• Review different web traffic transport modes
• Describe web traffic and API traffic

6 NSX Advanced Load Balancer WAF Components

• Describe the NSX Advanced Load Balancer WAF components that build the WAF security pipeline
• Explain the NSX Advanced Load Balancer WAF configuration objects

7 NSX Advanced Load Balancer WAF Application Learning

• Explain the significance of Application Learning
• Explain the Positive Security Model architecture
• Describe the WAF multifaceted Application Learning technique to build an application model for creating positive security rules
• Describe how to view the data that is learned by the Application learning module
• Describe the WAF Virtual Patching technique to construct a WAF policy from Dynamic Application Security Testing (DAST) scanner results
• Discuss the conditions for sharing WAF Learning Data and PSM Group in WAF Policy

8 NSX Advanced Load Balancer WAF Best Practices

• Describe technical and application considerations for onboarding an application front ended by WAF
• Describe best practices to remediate false positive mitigation
• Describe how to manage a response from a back-end application server and client upload to the application server
• Describe the consideration for setting the rigidity of a WAF signature rule set
• Describe the options available to identify client traffic

9 NSX Advanced Load Balancer WAF Operations

• Examine how to set up an application with WAF
• Describe considerations for the WAF policy
• Work with WAF logs and analytics
• Describe WAF policy tuning
• Describe the options available to remediate false positive mitigation

10 NSX Advanced Load Balancer WAF Custom Rules

• Explain WAF custom rules
• Describe the need and recommendation for custom rules
• Describe ModSecurity rules
• Discuss the ModSecurity rule structure and explain how to construct the rule
• Analyze a sample custom rule use-case scenario

11 NSX Advanced Load Balancer WAF Sizing

• Discuss how to do WAF data plane sizing in Greenfield and Brownfield deployments

12 IP Reputation Service Administration in NSX Advanced Load Balancer

• Explain IP Reputation concepts and their integration with NSX Advanced Load Balancer
• Describe IP Reputation configuration, log analytics, and troubleshooting

13 NSX Advanced Load Balancer DataScript for Application Security

• Describe DataScript events and reference
• Describe application security using DataScript
• Explain how to troubleshoot DataScript errors

14 Rate Limiting and DDOS protection in NSX Advanced Load Balancer

• Describe and configure the NSX Advanced Load Balancer rate limiter technique
• Describe protection from denial of service (DoS) attacks and distributed DoS (DDoS) attacks in NSX Advanced Load Balancer
• Explain the Service Engine general advice and guidance for DDOS

15 Bot Management in NSX Advanced Load Balancer

• Explain Bots
• Describe the Bot Management mechanism in NSX Advanced Load Balancer
• Describe how to configure NSX Advanced Load Balancer Bot Management

16 Handling Personally Identifiable Information in NSX Advanced Load Balancer

• Explain Personally Identifiable Information (PII)
• Discuss the scope of managing PII in NSX Advanced Load Balancer
• Describe how to configure the hidden PII in NSX Advanced Load Balancer logs using profiles and WAF rules

17 Threat Intelligence Services

• Introduce the Threat Intelligence service
• Describe the Threat Intelligence live security threat feed for multiple attack vectors
• Describe how to configure Threat Intelligence in NSX Advanced Load Balancer

18 Malware Protection with ICAP in NSX Advanced Load Balancer

• Discuss malicious file upload protection and ICAP workflow
• Describe ICAP configuration and log analytics

19 Application Programming Interface Security

• Define API Security
• Recognize API authentication and authorization using virtual service authentication mechanisms used for a virtual service such as LDAP, SAML, JSON Web Token, and OAUTH
• Recognize API rate limiting in NSX Advanced Load Balancer
• Recognize the NSX Advanced Load Balancer WAF Protection for API