Select any two versions of this STIG to compare the individual requirements
Select any old version/release of this STIG to view the previous requirements
Confirm Kona Site Defender is configured to enforce all traffic flows over HTTPS port 443: 1. Log in to the Akamai Luna Portal (https://control.akamai.com). 2. Click the "Select Group or Property" button. 3. Select the configuration that is being reviewed. 4. Under the "Active Production" section, click on the active version. 5. In the "Property Version Information" section, verify the "Security Options" check box is checked. If the "Security Options" check box in "Property Manager" is not configured to enforce all traffic flows over HTTPS port 443, this is a finding.
Configure Kona Site Defender to enforce all traffic flows over HTTPS port 443: 1. Log in to the Akamai Luna Portal (https://control.akamai.com). 2. Click the "Select Group or Property" button. 3. Select the configuration that is being reviewed. 4. Under the "Active Production" section, click on the active version. 5. On the "Property Manager Editor" screen, click the "Edit New Version" button. 6. In the "Property Version Information" section, enable the "Security Options" check box. 7. Click the "Save" button. 8. Select the "Activate" tab and push the configuration to production.
Confirm Kona Site Defender is configured to block traffic for organizationally defined HTTP protocol violations, HTTP policy violations, SQL injection, remote file inclusion, cross-site scripting, command injection attacks, and any applicable custom rules: 1. Log in to the Akamai Luna Portal (https://control.akamai.com). 2. Click the "Configure" tab. 3. Under the "Security" section, select "Security Configuration". 4. If prompted for which product to use, select "Site Defender" and then "Continue". 5. Under the "Security Configurations" section, click on the most recent version under the "Production" column for the security configuration being reviewed. 6. The detailed "Security Configuration" page will load listing the protected host names and applicable policies. 7. Select the policy being reviewed. 8. Verify the "Application Layer Controls" checkbox is enabled. 9. Verify the following "KRS Rule Set" rules are set to "Deny". - SQL Injection - Cross Site Scripting (XSS) - Command Injection - Invalid HTTP - Remote File Inclusion - PHP Injection (when PHP is used) - Trojan - Total Request Scor4e (Inbound) - Total Response Score (Outbound) - DDOS 10. Verify the "Enabled Slow POST Protection" section appears. If the application layer controls are not set to "Deny" mode or slow POST protection does not appear, this is a finding.
Configure the Kona Site Defender to block traffic for organizationally defined HTTP protocol violations, HTTP policy violations, SQL injection, remote file inclusion, cross-site scripting, command injection attacks, and any applicable custom rules. The Akamai Professional Services team should be consulted to implement this Fix content due to the complexities involved. In most cases, this should be included in the SLA. 1. Log in to the Akamai Luna Portal (https://control.akamai.com). 2. Click the "Configure" tab. 3. Under the "Security" section, select "Security Configuration". 4. If prompted for which product to use, select "Site Defender" and then "Continue". 5. Under the "Security Configurations" section, click on the most recent version under the "Production" column for the security configuration being reviewed. 6. The detailed "Security Configuration" page will load listing the protected host names and applicable policies. 7. Select the policy being reviewed and click the "Edit" button. 8. Enable the "Application Layer Controls" box and the "Slow POST Protection" box. 9. Click the "Next" button and set each of the following "KRS Rule Set" rules to "Deny". - SQL Injection - Cross Site Scripting (XSS) - Command Injection - Invalid HTTP - Remote File Inclusion - PHP Injection (when PHP is used) - Trojan - Total Request Score (Inbound) - Total Response Score (Outbound) - DDOS 10. Click the "Next" button and follow the prompts to complete the process.
Confirm Kona Site Defender is configured to block traffic for organizationally defined geographic regions: 1. Log in to the Akamai Luna Portal (https://control.akamai.com). 2. Click the "Configure" tab. 3. Under the "Security" section, select "Security Configuration". 4. If prompted for which product to use, select "Site Defender" and then "Continue". 5. Under the "Security Configurations" section, click on the most recent version under the "Production" column for the security configuration being reviewed. 6. The detailed "Security Configuration" page will load listing the protected host names and applicable policies. 7. Select the policy being reviewed. 8. Verify the "Network Layer Controls" checkbox is enabled. 9. Within the "Network Layer Controls Configuration" section, verify the organizationally defined geographic regions appear in the "Blocked GEOs" list. If the Network Layer Controls are not enabled and the organizationally defined geographic regions do not appear in the list, this is a finding.
Configure the Kona Site Defender to block traffic for organizationally defined geographic regions: 1. Log in to the Akamai Luna Portal (https://control.akamai.com). 2. Click the "Configure" tab. 3. Under the "Security" section, select "Security Configuration". 4. If prompted for which product to use, select "Site Defender" and then "Continue". 5. Under the "Security Configurations" section, click on the most recent version under the "Production" column for the security configuration being reviewed. 6. The detailed "Security Configuration" page will load listing the protected host names and applicable policies. 7. Select the policy being reviewed, click the "Edit" button, and enable the "Network Layer Controls" box. 8. Select the "Geographical Controls" tab and add the blocked geographic regions. 9. Click the "Save" button and the "Next" button and follow the prompts to complete the process.
Confirm Kona Site Defender is configured to block traffic for organizationally defined IP addresses: 1. Log in to the Akamai Luna Portal (https://control.akamai.com). 2. Click the "Configure" tab. 3. Under the "Security" section, select "Security Configuration". 4. If prompted for which product to use, select "Site Defender" and then "Continue". 5. Under the "Security Configurations" section, click on the most recent version under the "Production" column for the security configuration being reviewed. 6. The detailed "Security Configuration" page will load listing the protected host names and applicable policies. 7. Select the policy being reviewed. 8. Verify the "Network Layer Controls" checkbox is enabled. 9. Within the "Network Layer Controls Configuration" section, verify the organizationally defined IP address appear in the "Blocked IPs" area, and the applicable predefined network lists appear in the "Blocked IP Network Lists" area. If the Network Layer Controls are not enabled and the organizationally defined IP addresses/network lists do not appear in the lists area, this is a finding.
Configure the Kona Site Defender to block traffic for organizationally defined IP addresses: 1. Log in to the Akamai Luna Portal (https://control.akamai.com). 2. Click the "Configure" tab. 3. Under the "Security" section, select "Security Configuration". 4. If prompted for which product to use, select "Site Defender" and then "Continue". 5. Under the "Security Configurations" sections, click on the most recent version under the "Production" column for the security configuration being reviewed. 6. The detailed "Security Configuration" page will load listing the protected host names and applicable policies. 7. Select the policy being reviewed, click the "Edit" button, and enable the "Network Layer Controls" box. 8. Select the "IP Controls" tab and add the blocked IP addresses. 9. Select the "Network Lists" tab and add/select the blocked network lists. 10. Click the "Save" button and the "Next" button and follow the prompts to complete the process.
Confirm Kona Site Defender is configured to allow traffic for organizationally defined IP addresses: 1. Log in to the Akamai Luna Portal (https://control.akamai.com). 2. Click the "Configure" tab. 3. Under the "Security" section, select "Security Configuration". 4. If prompted for which product to use, select "Site Defender" and then "Continue". 5. Under the "Security Configurations" section, click on the most recent version under the "Production" column for the security configuration being reviewed. 6. The detailed "Security Configuration" page will load listing the protected host names and applicable policies. 7. Select the policy being reviewed. 8. Verify the "Network Layer Controls" checkbox is enabled. 9. Within the "Network Layer Controls Configuration" section, verify the organizationally defined IP addresses appear in the "Allowed IPs" area and the applicable predefined network lists appear in the "Allowed IP Network Lists" area. If the Network Layer Controls are not enabled and the organizationally defined IP addresses/network lists do not appear in the lists area, this is a finding. NOTE: Not all sites will implement organizationally defined white lists.
Configure the Kona Site Defender to allow traffic for organizationally defined IP addresses: 1. Log in to the Akamai Luna Portal (https://control.akamai.com). 2. Click the "Configure" tab. 3. Under the "Security" section, select "Security Configuration". 4. If prompted for which product to use, select "Site Defender" and then "Continue". 5. Under the "Security Configurations" sections, click on the most recent version under the "Production" column for the security configuration being reviewed. 6. The detailed "Security Configuration" page will load listing the protected host names and applicable policies. 7. Select the policy being reviewed, click the "Edit" button, and enable the "Network Layer Controls" box. 8. Select the "IP Controls" tab and add the blocked IP addresses to the "Allowed IPs" area. 9. Select the "Network Lists" tab and add/select the allowed network lists to the "Reputation Whitelist" area. 10. Click the "Save" button and the "Next" button and follow the prompts to complete the process.
Confirm Kona Site Defender allows only NIST SP 800-52 TLS settings: 1. Navigate to the Qualys SSL Scanner: https://www.ssllabs.com/ssltest/analyze.html 2. Enter into the scanner the Hostname being tested. 3. Under the "Configurations" and then "Protocol" section, verify that communications are restricted to TLS versions 1.2 and above for government-only services or TLS versions 1.0 and above for citizen or business-facing applications. If Kona Site Defender does not allow only NIST SP 800-52 TLS settings, this is a finding.
Configure Kona Site Defender to only allow NIST SP 800-52 TLS settings: Contact the Akamai Professional Services team to implement the changes at 1-877-4-AKATEC (1-877-425-2832).
Confirm Kona Site Defender is configured to block traffic for organizationally defined HTTP protocol violations, HTTP policy violations, SQL injection, remote file inclusion, cross-site scripting, command injection attacks, and any applicable custom rules: 1. Log in to the Akamai Luna Portal (https://control.akamai.com). 2. Click the "Configure" tab. 3. Under the "Security" section, select "Security Configuration". 4. If prompted for which product to use, select "Site Defender" and then "Continue". 5. Under the "Security Configurations" section, click on the most recent version under the "Production" column for the security configuration being reviewed. 6. The detailed "Security Configuration" page will load listing the protected host names and applicable policies. 7. Select the policy being reviewed. 8. Verify the "Application Layer Controls" checkbox is enabled. 9. Verify the following "KRS Rule Set" rules are set to "Deny". - SQL Injection - Cross Site Scripting (XSS) - Command Injection - Invalid HTTP - Remote File Inclusion - PHP Injection (when PHP is used) - Trojan - Total Request Scor4e (Inbound) - Total Response Score (Outbound) - DDOS 10. Verify the "Enabled Slow POST Protection" section appears. If the application layer controls are not set to "Deny" mode or slow POST protection does not appear, this is a finding.
Configure the Kona Site Defender to block traffic for organizationally defined HTTP protocol violations, HTTP policy violations, SQL injection, remote file inclusion, cross-site scripting, command injection attacks, and any applicable custom rules. The Akamai Professional Services team should be consulted to implement this Fix content due to the complexities involved. In most cases, this should be included in the SLA. 1. Log in to the Akamai Luna Portal (https://control.akamai.com). 2. Click the "Configure" tab. 3. Under the "Security" section, select "Security Configuration". 4. If prompted for which product to use, select "Site Defender" and then "Continue". 5. Under the "Security Configurations" section, click on the most recent version under the "Production" column for the security configuration being reviewed. 6. The detailed "Security Configuration" page will load listing the protected host names and applicable policies. 7. Select the policy being reviewed and click the "Edit" button. 8. Enable the "Application Layer Controls" box and the "Slow POST Protection" box. 9. Click the "Next" button and set each of the following "KRS Rule Set" rules to "Deny". - SQL Injection - Cross Site Scripting (XSS) - Command Injection - Invalid HTTP - Remote File Inclusion - PHP Injection (when PHP is used) - Trojan - Total Request Score (Inbound) - Total Response Score (Outbound) - DDOS 10. Click the "Next" button and follow the prompts to complete the process.
Confirm Kona Site Defender is configured to block traffic for organizationally defined HTTP protocol violations, HTTP policy violations, SQL injection, remote file inclusion, cross-site scripting, command injection attacks, and any applicable custom rules: 1. Log in to the Akamai Luna Portal (https://control.akamai.com). 2. Click the "Configure" tab. 3. Under the "Security" section, select "Security Configuration". 4. If prompted for which product to use, select "Site Defender" and then "Continue". 5. Under the "Security Configurations" section, click on the most recent version under the "Production" column for the security configuration being reviewed. 6. The detailed "Security Configuration" page will load listing the protected host names and applicable policies. 7. Select the policy being reviewed. 8. Verify the "Application Layer Controls" checkbox is enabled. 9. Verify the following "KRS Rule Set" rules are set to "Deny". - SQL Injection - Cross Site Scripting (XSS) - Command Injection - Invalid HTTP - Remote File Inclusion - PHP Injection (when PHP is used) - Trojan - Total Request Scor4e (Inbound) - Total Response Score (Outbound) - DDOS 10. Verify the "Enabled Slow POST Protection" section appears. If the application layer controls are not set to "Deny" mode or slow POST protection does not appear, this is a finding.
Configure the Kona Site Defender to block traffic for organizationally defined HTTP protocol violations, HTTP policy violations, SQL injection, remote file inclusion, cross-site scripting, command injection attacks, and any applicable custom rules. The Akamai Professional Services team should be consulted to implement this Fix content due to the complexities involved. In most cases, this should be included in the SLA. 1. Log in to the Akamai Luna Portal (https://control.akamai.com). 2. Click the "Configure" tab. 3. Under the "Security" section, select "Security Configuration". 4. If prompted for which product to use, select "Site Defender" and then "Continue". 5. Under the "Security Configurations" section, click on the most recent version under the "Production" column for the security configuration being reviewed. 6. The detailed "Security Configuration" page will load listing the protected host names and applicable policies. 7. Select the policy being reviewed and click the "Edit" button. 8. Enable the "Application Layer Controls" box and the "Slow POST Protection" box. 9. Click the "Next" button and set each of the following "KRS Rule Set" rules to "Deny". - SQL Injection - Cross Site Scripting (XSS) - Command Injection - Invalid HTTP - Remote File Inclusion - PHP Injection (when PHP is used) - Trojan - Total Request Score (Inbound) - Total Response Score (Outbound) - DDOS 10. Click the "Next" button and follow the prompts to complete the process.
Confirm Kona Site Defender is configured to block traffic for organizationally defined HTTP protocol violations, HTTP policy violations, SQL injection, remote file inclusion, cross-site scripting, command injection attacks, and any applicable custom rules: 1. Log in to the Akamai Luna Portal (https://control.akamai.com). 2. Click the "Configure" tab. 3. Under the "Security" section, select "Security Configuration". 4. If prompted for which product to use, select "Site Defender" and then "Continue". 5. Under the "Security Configurations" section, click on the most recent version under the "Production" column for the security configuration being reviewed. 6. The detailed "Security Configuration" page will load listing the protected host names and applicable policies. 7. Select the policy being reviewed. 8. Verify the "Application Layer Controls" checkbox is enabled. 9. Verify the following "KRS Rule Set" rules are set to "Deny". - SQL Injection - Cross Site Scripting (XSS) - Command Injection - Invalid HTTP - Remote File Inclusion - PHP Injection (when PHP is used) - Trojan - Total Request Scor4e (Inbound) - Total Response Score (Outbound) - DDOS 10. Verify the "Enabled Slow POST Protection" section appears. If the application layer controls are not set to "Deny" mode or slow POST protection does not appear, this is a finding.
Configure the Kona Site Defender to block traffic for organizationally defined HTTP protocol violations, HTTP policy violations, SQL injection, remote file inclusion, cross-site scripting, command injection attacks, and any applicable custom rules. The Akamai Professional Services team should be consulted to implement this Fix content due to the complexities involved. In most cases, this should be included in the SLA. 1. Log in to the Akamai Luna Portal (https://control.akamai.com). 2. Click the "Configure" tab. 3. Under the "Security" section, select "Security Configuration". 4. If prompted for which product to use, select "Site Defender" and then "Continue". 5. Under the "Security Configurations" section, click on the most recent version under the "Production" column for the security configuration being reviewed. 6. The detailed "Security Configuration" page will load listing the protected host names and applicable policies. 7. Select the policy being reviewed and click the "Edit" button. 8. Enable the "Application Layer Controls" box and the "Slow POST Protection" box. 9. Click the "Next" button and set each of the following "KRS Rule Set" rules to "Deny". - SQL Injection - Cross Site Scripting (XSS) - Command Injection - Invalid HTTP - Remote File Inclusion - PHP Injection (when PHP is used) - Trojan - Total Request Score (Inbound) - Total Response Score (Outbound) - DDOS 10. Click the "Next" button and follow the prompts to complete the process.
Confirm Kona Site Defender is configured to block traffic for organizationally defined HTTP protocol violations, HTTP policy violations, SQL injection, remote file inclusion, cross-site scripting, command injection attacks, and any applicable custom rules: 1. Log in to the Akamai Luna Portal (https://control.akamai.com). 2. Click the "Configure" tab. 3. Under the "Security" section, select "Security Configuration". 4. If prompted for which product to use, select "Site Defender" and then "Continue". 5. Under the "Security Configurations" section, click on the most recent version under the "Production" column for the security configuration being reviewed. 6. The detailed "Security Configuration" page will load listing the protected host names and applicable policies. 7. Select the policy being reviewed. 8. Verify the "Application Layer Controls" checkbox is enabled. 9. Verify the following "KRS Rule Set" rules are set to "Deny". - SQL Injection - Cross Site Scripting (XSS) - Command Injection - Invalid HTTP - Remote File Inclusion - PHP Injection (when PHP is used) - Trojan - Total Request Scor4e (Inbound) - Total Response Score (Outbound) - DDOS 10. Verify the "Enabled Slow POST Protection" section appears. If the application layer controls are not set to "Deny" mode or slow POST protection does not appear, this is a finding.
Configure the Kona Site Defender to block traffic for organizationally defined HTTP protocol violations, HTTP policy violations, SQL injection, remote file inclusion, cross-site scripting, command injection attacks, and any applicable custom rules. The Akamai Professional Services team should be consulted to implement this Fix content due to the complexities involved. In most cases, this should be included in the SLA. 1. Log in to the Akamai Luna Portal (https://control.akamai.com). 2. Click the "Configure" tab. 3. Under the "Security" section, select "Security Configuration". 4. If prompted for which product to use, select "Site Defender" and then "Continue". 5. Under the "Security Configurations" section, click on the most recent version under the "Production" column for the security configuration being reviewed. 6. The detailed "Security Configuration" page will load listing the protected host names and applicable policies. 7. Select the policy being reviewed and click the "Edit" button. 8. Enable the "Application Layer Controls" box and the "Slow POST Protection" box. 9. Click the "Next" button and set each of the following "KRS Rule Set" rules to "Deny". - SQL Injection - Cross Site Scripting (XSS) - Command Injection - Invalid HTTP - Remote File Inclusion - PHP Injection (when PHP is used) - Trojan - Total Request Score (Inbound) - Total Response Score (Outbound) - DDOS 10. Click the "Next" button and follow the prompts to complete the process.
Confirm Kona Site Defender is configured to block traffic for organizationally defined HTTP protocol violations, HTTP policy violations, SQL injection, remote file inclusion, cross-site scripting, command injection attacks, and any applicable custom rules: 1. Log in to the Akamai Luna Portal (https://control.akamai.com). 2. Click the "Configure" tab. 3. Under the "Security" section, select "Security Configuration". 4. If prompted for which product to use, select "Site Defender" and then "Continue". 5. Under the "Security Configurations" section, click on the most recent version under the "Production" column for the security configuration being reviewed. 6. The detailed "Security Configuration" page will load listing the protected host names and applicable policies. 7. Select the policy being reviewed. 8. Verify the "Application Layer Controls" checkbox is enabled. 9. Verify the following "KRS Rule Set" rules are set to "Deny". - SQL Injection - Cross Site Scripting (XSS) - Command Injection - Invalid HTTP - Remote File Inclusion - PHP Injection (when PHP is used) - Trojan - Total Request Scor4e (Inbound) - Total Response Score (Outbound) - DDOS 10. Verify the "Enabled Slow POST Protection" section appears. If the application layer controls are not set to "Deny" mode or slow POST protection does not appear, this is a finding.
Configure the Kona Site Defender to block traffic for organizationally defined HTTP protocol violations, HTTP policy violations, SQL injection, remote file inclusion, cross-site scripting, command injection attacks, and any applicable custom rules. The Akamai Professional Services team should be consulted to implement this Fix content due to the complexities involved. In most cases, this should be included in the SLA. 1. Log in to the Akamai Luna Portal (https://control.akamai.com). 2. Click the "Configure" tab. 3. Under the "Security" section, select "Security Configuration". 4. If prompted for which product to use, select "Site Defender" and then "Continue". 5. Under the "Security Configurations" section, click on the most recent version under the "Production" column for the security configuration being reviewed. 6. The detailed "Security Configuration" page will load listing the protected host names and applicable policies. 7. Select the policy being reviewed and click the "Edit" button. 8. Enable the "Application Layer Controls" box and the "Slow POST Protection" box. 9. Click the "Next" button and set each of the following "KRS Rule Set" rules to "Deny". - SQL Injection - Cross Site Scripting (XSS) - Command Injection - Invalid HTTP - Remote File Inclusion - PHP Injection (when PHP is used) - Trojan - Total Request Score (Inbound) - Total Response Score (Outbound) - DDOS 10. Click the "Next" button and follow the prompts to complete the process.
Confirm Kona Site Defender is configured to block traffic for organizationally defined HTTP protocol violations, HTTP policy violations, SQL injection, remote file inclusion, cross-site scripting, command injection attacks, and any applicable custom rules: 1. Log in to the Akamai Luna Portal (https://control.akamai.com). 2. Click the "Configure" tab. 3. Under the "Security" section, select "Security Configuration". 4. If prompted for which product to use, select "Site Defender" and then "Continue". 5. Under the "Security Configurations" section, click on the most recent version under the "Production" column for the security configuration being reviewed. 6. The detailed "Security Configuration" page will load listing the protected host names and applicable policies. 7. Select the policy being reviewed. 8. Verify the "Application Layer Controls" checkbox is enabled. 9. Verify the following "KRS Rule Set" rules are set to "Deny". - SQL Injection - Cross Site Scripting (XSS) - Command Injection - Invalid HTTP - Remote File Inclusion - PHP Injection (when PHP is used) - Trojan - Total Request Scor4e (Inbound) - Total Response Score (Outbound) - DDOS 10. Verify the "Enabled Slow POST Protection" section appears. If the application layer controls are not set to "Deny" mode or slow POST protection does not appear, this is a finding.
Configure the Kona Site Defender to block traffic for organizationally defined HTTP protocol violations, HTTP policy violations, SQL injection, remote file inclusion, cross-site scripting, command injection attacks, and any applicable custom rules. The Akamai Professional Services team should be consulted to implement this Fix content due to the complexities involved. In most cases, this should be included in the SLA. 1. Log in to the Akamai Luna Portal (https://control.akamai.com). 2. Click the "Configure" tab. 3. Under the "Security" section, select "Security Configuration". 4. If prompted for which product to use, select "Site Defender" and then "Continue". 5. Under the "Security Configurations" section, click on the most recent version under the "Production" column for the security configuration being reviewed. 6. The detailed "Security Configuration" page will load listing the protected host names and applicable policies. 7. Select the policy being reviewed and click the "Edit" button. 8. Enable the "Application Layer Controls" box and the "Slow POST Protection" box. 9. Click the "Next" button and set each of the following "KRS Rule Set" rules to "Deny". - SQL Injection - Cross Site Scripting (XSS) - Command Injection - Invalid HTTP - Remote File Inclusion - PHP Injection (when PHP is used) - Trojan - Total Request Score (Inbound) - Total Response Score (Outbound) - DDOS 10. Click the "Next" button and follow the prompts to complete the process.
Confirm Kona Site Defender is configured to deliver web logs via the Log Delivery Service (LDS): 1. Log in to the Akamai Luna Portal (Caution-https://control.akamai.com). 2. Click the "Select Group or Property" button. 3. Select the configuration that is being reviewed. 4. Under the "Active Production" section, click on the active version. 5. Under the "Log Request Details" section, verify that "Log Host Header", "Log Referrer Header", and "Log User-Agent Header" are all enabled. 6. Under the "Log Request Details" section, confirm that "Cookie Mode" is set to "Log all cookies" or "Log some cookies" with the applicable cookies specified in the box below. 7. Click the "Configure" tab. 8. Select "Log Delivery". 9. Verify the status is "Active" for the applicable object ID. If log delivery is not configured properly, this is a finding.
Configure Kona Site Defender to deliver web logs via the Log Delivery Service (LDS): 1. Log in to the Akamai Luna Portal (Caution-https://control.akamai.com). 2. Click the "Select Group or Property" button. 3. Select the configuration that is being reviewed. 4. Under the "Active Production" section, click on the active version. 5. Click the "Edit" button (if not already selected). 6. Under the "Log Request Details" section, enable "Log Host Header", "Log Referrer Header", and "Log User-Agent Header". 7. Under the "Log Request Details" section, set "Cookie Mode" is set to "Log all cookies" or "Log some cookies" with the applicable cookies specified in the box below. 8. Click the "Save" button. 9. Activate the configuration by clicking the "Activate" tab and the activate buttons for the proper network (either staging or production). 10. Once the configuration has been propagated to the proper network, click the "Configure" tab. 11. Select "Log Delivery". 12. In the same row as the applicable object ID, click the gear icon under the "Action" column. 13. Select "Begin Log Delivery" and then either "New" or ""Copy" 14. Proceed through the prompts to select the log format and location to send the logs.
If the SIEM delivery option has been purchased, confirm that the Kona Site Defender SIEM integration is enabled: 1. Log in to the Akamai Luna Portal (https://control.akamai.com). 2. Click the "Configure" tab. 3. Under the "Security" section, select "Security Configuration". 4. If prompted, select "Site Defender" and then "Continue". 5. Open the security configuration for which SIEM data is required. 6. Scroll down to the SIEM Integration section and verify that "Allow data collection for SIEM" is enabled. If "Allow data collection for SIEM field" is not enabled, this is a finding.
Configure Kona Site Defender to deliver security event traffic to the SIEM: 1. Log in to the Akamai Luna Portal (https://control.akamai.com). 2. Click the "Configure" tab. 3. Under the "Security" section, select "Security Configuration". 4. If prompted, select the product with which you would like to work and click "Continue". 5. Open the security configuration for which you want SIEM data. 6. Scroll down to the SIEM Integration section. 7. In the "Allow data collection for SIEM" field, click "Yes". 8. Choose the firewall policies for which you want to export data. Enable SIEM integration for: - ALL Firewall policies if you want to send SIEM data for events that violate any/all firewall policies within the security configuration. - The following firewall policies if you want data regarding one or more specific firewall policies. In the drop down list, choose the policies you want. 9. Skip the SIEM Event Version field for now. 10. Copy the number in the Security Config ID field. You’ll need it in a minute. 11. Push security configuration changes to the production network. - On the upper right of the Security Configuration page, click the Activate button. Under Network, choose Production and click Activate
Confirm Kona Site Defender is not stripping origin-defined HTTP session headers: 1. Log in to the Akamai Luna Portal (Caution-https://control.akamai.com). 2. Click the "Configure" tab and select "Site" under the "Property" section. 3. If prompted for which product to use, select "Site Defender" and then "Continue". 4. Click on the applicable configuration. 5. Click on the applicable version of the configuration. 6. Click the "View XML" button. 7. Search the XML text for the following fields and confirm that no origin session headers are being added or removed: "edgeservices:modify-incoming-request.remove-header" "edgeservices:modify-incoming-request.add-header" "edgeservices:modify-incoming-response.remove-header" "edgeservices:modify-incoming-response.add-header" "edgeservices:modify-outgoing-request.remove-header" "edgeservices:modify-outgoing-request.add-header" "edgeservices:modify-outgoing-response.remove-header" "edgeservices:modify-outgoing-response.add-header" If Kona Site Defender is stripping origin-defined HTTP session headers, this is a finding.
Configure Kona Site Defender to not modify origin-defined HTTP session headers: 1. Log in to the Akamai Luna Portal (Caution-https://control.akamai.com). 2. Click the "Configure" tab and select "Site" under the "Property" section. 3. If prompted for which product to use, select "Site Defender" and then "Continue". 4. Click on the applicable configuration. 5. Click on the applicable version of the configuration. 6. Search the "Property Configuration Settings" and remove any of the following behaviors that are modifying origin-defined HTTP session headers: "Modify Incoming Request Header" "Modify Incoming Response Header" "Modify Outgoing Request Header" "Modify Outgoing Response Header" OR Contact the Akamai Professional Services team to implement the changes at 1-877-4-AKATEC (1-877-425-2832).
Confirm Kona Site Defender has rate controls enabled: 1. Log in to the Akamai Luna Portal (https://control.akamai.com). 2. Click the "Configure" tab. 3. Under the "Security" section, select "Security Configuration". 4. If prompted for which product to use, select "Site Defender" and then "Continue". 5. Under the "Security Configurations" section, click on the most recent version under the "Production" column for the security configuration being reviewed. 6. The detailed "Security Configuration" page will load listing the protected host names and applicable policies. 7. Select the policy being reviewed. 8. Within the "Policy Details" section, verify the "Rate Controls" check box is selected. 9. Within the "Rate Controls" section, verify the action is set to "Deny" for each Adaptive Rule ID. If "Rate Controls" is not selected, this is a finding.
Configure the Kona Site Defender to enable rate controls. The Akamai Professional Services team should be consulted to implement this Fix content due to the complexities involved. In most cases, this should be included in the SLA. 1. Log in to the Akamai Luna Portal (Caution-https://control.akamai.com). 2. Click the "Configure" tab. 3. Under the "Security" section, select "Security Configuration". 4. If prompted for which product to use, select "Site Defender" and then "Continue". 5. Under the "Security Configurations" section, click on the most recent version under the "Production" column for the security configuration being reviewed. 6. The detailed "Security Configuration" page will load listing the protected host names and applicable policies. 7. Click on the "Shared Resources" link. 8. Click on the "Rate Policies" link in the left hand column. 9. Click the plus shaped "+" icon to add a new Rate Policy. 10. Follow the prompts to complete the process and click the "Save" button to complete the process. OR Contact the Akamai Professional Services team to implement the changes at 1-877-4-AKATEC (1-877-425-2832).
Confirm Kona Site Defender is configured to block traffic for organizationally defined HTTP protocol violations, HTTP policy violations, SQL injection, remote file inclusion, cross-site scripting, command injection attacks, and any applicable custom rules: 1. Log in to the Akamai Luna Portal (https://control.akamai.com). 2. Click the "Configure" tab. 3. Under the "Security" section, select "Security Configuration". 4. If prompted for which product to use, select "Site Defender" and then "Continue". 5. Under the "Security Configurations" section, click on the most recent version under the "Production" column for the security configuration being reviewed. 6. The detailed "Security Configuration" page will load listing the protected host names and applicable policies. 7. Select the policy being reviewed. 8. Verify the "Application Layer Controls" checkbox is enabled. 9. Verify the following "KRS Rule Set" rules are set to "Deny". - SQL Injection - Cross Site Scripting (XSS) - Command Injection - Invalid HTTP - Remote File Inclusion - PHP Injection (when PHP is used) - Trojan - Total Request Scor4e (Inbound) - Total Response Score (Outbound) - DDOS 10. Verify the "Enabled Slow POST Protection" section appears. If the application layer controls are not set to "Deny" mode or slow POST protection does not appear, this is a finding.
Configure the Kona Site Defender to block traffic for organizationally defined HTTP protocol violations, HTTP policy violations, SQL injection, remote file inclusion, cross-site scripting, command injection attacks, and any applicable custom rules. The Akamai Professional Services team should be consulted to implement this Fix content due to the complexities involved. In most cases, this should be included in the SLA. 1. Log in to the Akamai Luna Portal (https://control.akamai.com). 2. Click the "Configure" tab. 3. Under the "Security" section, select "Security Configuration". 4. If prompted for which product to use, select "Site Defender" and then "Continue". 5. Under the "Security Configurations" section, click on the most recent version under the "Production" column for the security configuration being reviewed. 6. The detailed "Security Configuration" page will load listing the protected host names and applicable policies. 7. Select the policy being reviewed and click the "Edit" button. 8. Enable the "Application Layer Controls" box and the "Slow POST Protection" box. 9. Click the "Next" button and set each of the following "KRS Rule Set" rules to "Deny". - SQL Injection - Cross Site Scripting (XSS) - Command Injection - Invalid HTTP - Remote File Inclusion - PHP Injection (when PHP is used) - Trojan - Total Request Score (Inbound) - Total Response Score (Outbound) - DDOS 10. Click the "Next" button and follow the prompts to complete the process.
Confirm Kona Site Defender is configured to block traffic for organizationally defined HTTP protocol violations, HTTP policy violations, SQL injection, remote file inclusion, cross-site scripting, command injection attacks, and any applicable custom rules: 1. Log in to the Akamai Luna Portal (https://control.akamai.com). 2. Click the "Configure" tab. 3. Under the "Security" section, select "Security Configuration". 4. If prompted for which product to use, select "Site Defender" and then "Continue". 5. Under the "Security Configurations" section, click on the most recent version under the "Production" column for the security configuration being reviewed. 6. The detailed "Security Configuration" page will load listing the protected host names and applicable policies. 7. Select the policy being reviewed. 8. Verify the "Application Layer Controls" checkbox is enabled. 9. Verify the following "KRS Rule Set" rules are set to "Deny". - SQL Injection - Cross Site Scripting (XSS) - Command Injection - Invalid HTTP - Remote File Inclusion - PHP Injection (when PHP is used) - Trojan - Total Request Scor4e (Inbound) - Total Response Score (Outbound) - DDOS 10. Verify the "Enabled Slow POST Protection" section appears. If the application layer controls are not set to "Deny" mode or slow POST protection does not appear, this is a finding.
Configure the Kona Site Defender to block traffic for organizationally defined HTTP protocol violations, HTTP policy violations, SQL injection, remote file inclusion, cross-site scripting, command injection attacks, and any applicable custom rules. The Akamai Professional Services team should be consulted to implement this Fix content due to the complexities involved. In most cases, this should be included in the SLA. 1. Log in to the Akamai Luna Portal (https://control.akamai.com). 2. Click the "Configure" tab. 3. Under the "Security" section, select "Security Configuration". 4. If prompted for which product to use, select "Site Defender" and then "Continue". 5. Under the "Security Configurations" section, click on the most recent version under the "Production" column for the security configuration being reviewed. 6. The detailed "Security Configuration" page will load listing the protected host names and applicable policies. 7. Select the policy being reviewed and click the "Edit" button. 8. Enable the "Application Layer Controls" box and the "Slow POST Protection" box. 9. Click the "Next" button and set each of the following "KRS Rule Set" rules to "Deny". - SQL Injection - Cross Site Scripting (XSS) - Command Injection - Invalid HTTP - Remote File Inclusion - PHP Injection (when PHP is used) - Trojan - Total Request Score (Inbound) - Total Response Score (Outbound) - DDOS 10. Click the "Next" button and follow the prompts to complete the process.
Confirm Kona Site Defender only allows NIST SP 800-52 TLS settings: 1. Navigate to the Qualys SSL Scanner: https://www.ssllabs.com/ssltest/analyze.html 2. Enter into the scanner the Hostname being tested. 3. Under the "Configurations" and then "Cipher Suites" section, verify that communications are restricted to NIST FIPS-validated cryptography to generate cryptographic hashes as defined at https://www.nist.gov/publications/guidelines-selection-configuration-and-use-transport-layer-security-tls-implementations?pub_id=915295. If the cipher suites include non-NIST FIPS-validated cryptography, this is a finding.
Configure Kona Site Defender to only allow NIST FIPS-validated cryptography to generate cryptographic hashes: Contact the Akamai Professional Services team to implement the changes at 1-877-4-AKATEC (1-877-425-2832).
Confirm Kona Site Defender only allows NIST SP 800-52 TLS settings: 1. Navigate to the Qualys SSL Scanner: https://www.ssllabs.com/ssltest/analyze.html 2. Enter into the scanner the Hostname being tested. 3. Under the "Certificate" section, verify that the "Signature algorithm" is restricted to NIST FIPS-validated cryptography for digital signatures as defined at https://www.nist.gov/publications/guidelines-selection-configuration-and-use-transport-layer-security-tls-implementations?pub_id=915295. If the signature algorithm include non-NIST FIPS-validated cryptography, this is a finding.
Configure Kona Site Defender to only allow NIST FIPS-validated cryptography for digital signatures: Contact the Akamai Professional Services team to implement the changes at 1-877-4-AKATEC (1-877-425-2832).
Confirm Kona Site Defender only allows NIST SP 800-52 TLS settings: 1. Navigate to the Qualys SSL Scanner: https://www.ssllabs.com/ssltest/analyze.html 2. Enter into the scanner the Hostname being tested. 3. Under the "Configurations" and then "Cipher Suites" section, verify that communications are restricted to NIST FIPS-validated cryptography to implement encryption services as defined at https://www.nist.gov/publications/guidelines-selection-configuration-and-use-transport-layer-security-tls-implementations?pub_id=915295. If the cipher suites include non-NIST FIPS-validated cryptography, this is a finding.
Configure Kona Site Defender to only allow NIST FIPS-validated cryptography to implement encryption services: Contact the Akamai Professional Services team to implement the changes at 1-877-4-AKATEC (1-877-425-2832).
If Kona Site Defender is providing user authentication intermediary services, confirm that it accepts only end entity certificates issued by DoD PKI or DoD-approved PKI CAs for the establishment of protected sessions: Contact the Akamai Professional Services team to confirm accepted certificate authorities at 1-877-4-AKATEC (1-877-425-2832). If the Akamai Professional Services team confirms that the list of accepted certificate authorities is not issued by DoD-approved PKI certification authorities, this is a finding.
Configure Kona Site Defender to accept only end entity certificates issued by DoD PKI or DoD-approved PKI CAs for the establishment of protected sessions: Contact the Akamai Professional Services team to implement the changes at 1-877-4-AKATEC (1-877-425-2832).
Confirm Kona Site Defender is configured to use the latest rule set to block traffic for organizationally defined HTTP protocol violations, HTTP policy violations, SQL injection, remote file inclusion, cross-site scripting, command injection attacks, and any applicable custom rules: 1. Log in to the Akamai Luna Portal (https://control.akamai.com). 2. Click the "Configure" tab. 3. Under the "Security" section, select "Security Configuration". 4. If prompted for which product to use, select "Site Defender" and then "Continue". 5. For the applicable security configuration, click on the tuning status details link under the "Tuning Status" column. If the tuning status does not state "You are using the latest Kona Rule Set version and your security configuration is optimal", this is a finding.
Configure Kona Site Defender to use the latest rule set to block traffic for organizationally defined HTTP protocol violations, HTTP policy violations, SQL injection, remote file inclusion, cross-site scripting, command injection attacks, and any applicable custom rules: Contact the Akamai Professional Services team to implement the changes at 1-877-4-AKATEC (1-877-425-2832).
Confirm Kona Site Defender is configured to block traffic for organizationally defined HTTP protocol violations, HTTP policy violations, SQL injection, remote file inclusion, cross-site scripting, command injection attacks, and any applicable custom rules: 1. Log in to the Akamai Luna Portal (https://control.akamai.com). 2. Click the "Configure" tab. 3. Under the "Security" section, select "Security Configuration". 4. If prompted for which product to use, select "Site Defender" and then "Continue". 5. Under the "Security Configurations" section, click on the most recent version under the "Production" column for the security configuration being reviewed. 6. The detailed "Security Configuration" page will load listing the protected host names and applicable policies. 7. Select the policy being reviewed. 8. Verify the "Application Layer Controls" checkbox is enabled. 9. Verify the following "KRS Rule Set" rules are set to "Deny". - SQL Injection - Cross Site Scripting (XSS) - Command Injection - Invalid HTTP - Remote File Inclusion - PHP Injection (when PHP is used) - Trojan - Total Request Scor4e (Inbound) - Total Response Score (Outbound) - DDOS 10. Verify the "Enabled Slow POST Protection" section appears. If the application layer controls are not set to "Deny" mode or slow POST protection does not appear, this is a finding.
Configure the Kona Site Defender to block traffic for organizationally defined HTTP protocol violations, HTTP policy violations, SQL injection, remote file inclusion, cross-site scripting, command injection attacks, and any applicable custom rules. The Akamai Professional Services team should be consulted to implement this Fix content due to the complexities involved. In most cases, this should be included in the SLA. 1. Log in to the Akamai Luna Portal (https://control.akamai.com). 2. Click the "Configure" tab. 3. Under the "Security" section, select "Security Configuration". 4. If prompted for which product to use, select "Site Defender" and then "Continue". 5. Under the "Security Configurations" section, click on the most recent version under the "Production" column for the security configuration being reviewed. 6. The detailed "Security Configuration" page will load listing the protected host names and applicable policies. 7. Select the policy being reviewed and click the "Edit" button. 8. Enable the "Application Layer Controls" box and the "Slow POST Protection" box. 9. Click the "Next" button and set each of the following "KRS Rule Set" rules to "Deny". - SQL Injection - Cross Site Scripting (XSS) - Command Injection - Invalid HTTP - Remote File Inclusion - PHP Injection (when PHP is used) - Trojan - Total Request Score (Inbound) - Total Response Score (Outbound) - DDOS 10. Click the "Next" button and follow the prompts to complete the process.
Confirm Kona Site Defender is configured to alert the ISSO, ISSM, and SA when detection events occur: 1. Log in to the Akamai Luna Portal (Caution-https://control.akamai.com). 2. Click the "Monitor" tab. 3. Under the "Security" section select "Security Monitor". 4. Click the "Notification" button (an icon shaped like a triangle with an exclamation point on the inside) 5. Click the "Configure Notification" button shaped like a plus sign. 6. Confirm that notifications are being sent when "Mitigated" is greater than (>) "1". If the alerts are not being sent, this is a finding.
Configure Kona Site Defender to alert the ISSO, ISSM, and SA when detection events occur: 1. Log in to the Akamai Luna Portal (Caution-https://control.akamai.com). 2. Click the "Monitor" tab. 3. Under the "Security" section select "Security Monitor". 4. Click the "Notification" button (an icon shaped like a triangle with an exclamation point on the inside) 5. Click the "Configure Notification" button shaped like a plus sign. 6. Click the "Add Notification" button shaped like a plus sign. 7. Click the "Show Advanced View" link. 8. Set the "Notification Name" to "WAF Activity Mitigated" 9. Enter a more detailed description in the “Description” text box. 10. Set the priority to "high". 11. In the "Notify When:" section, set "Mitigated" to greater than (>) 1. 12. Set the “Apply Filter:” dropdowns to “Host Name” and “Contains”, and enter the applicable host name in the text box. 13. Set "During:" to "1 Minute". 14. Set "Notify After:" to "1" occurrences. 15. Select the "Host Name" check box in the "For:" area. 16. Add the ISSO and ISSM emails to the "Email to:" field. 17. Click the “Save” button.
If the SIEM delivery option has been purchased, confirm that the Kona Site Defender SIEM integration is enabled: 1. Log in to the Akamai Luna Portal (https://control.akamai.com). 2. Click the "Configure" tab. 3. Under the "Security" section, select "Security Configuration". 4. If prompted, select "Site Defender" and then "Continue". 5. Open the security configuration for which SIEM data is required. 6. Scroll down to the SIEM Integration section and verify that "Allow data collection for SIEM" is enabled. If "Allow data collection for SIEM field" is not enabled, this is a finding.
Configure Kona Site Defender to deliver security event traffic to the SIEM: 1. Log in to the Akamai Luna Portal (https://control.akamai.com). 2. Click the "Configure" tab. 3. Under the "Security" section, select "Security Configuration". 4. If prompted, select the product with which you would like to work and click "Continue". 5. Open the security configuration for which you want SIEM data. 6. Scroll down to the SIEM Integration section. 7. In the "Allow data collection for SIEM" field, click "Yes". 8. Choose the firewall policies for which you want to export data. Enable SIEM integration for: - ALL Firewall policies if you want to send SIEM data for events that violate any/all firewall policies within the security configuration. - The following firewall policies if you want data regarding one or more specific firewall policies. In the drop down list, choose the policies you want. 9. Skip the SIEM Event Version field for now. 10. Copy the number in the Security Config ID field. You’ll need it in a minute. 11. Push security configuration changes to the production network. - On the upper right of the Security Configuration page, click the Activate button. Under Network, choose Production and click Activate
Confirm Kona Site Defender is configured to block traffic for organizationally defined HTTP protocol violations, HTTP policy violations, SQL injection, remote file inclusion, cross-site scripting, command injection attacks, and any applicable custom rules: 1. Log in to the Akamai Luna Portal (https://control.akamai.com). 2. Click the "Configure" tab. 3. Under the "Security" section, select "Security Configuration". 4. If prompted for which product to use, select "Site Defender" and then "Continue". 5. Under the "Security Configurations" section, click on the most recent version under the "Production" column for the security configuration being reviewed. 6. The detailed "Security Configuration" page will load listing the protected host names and applicable policies. 7. Select the policy being reviewed. 8. Verify the "Application Layer Controls" checkbox is enabled. 9. Verify the following "KRS Rule Set" rules are set to "Deny". - SQL Injection - Cross Site Scripting (XSS) - Command Injection - Invalid HTTP - Remote File Inclusion - PHP Injection (when PHP is used) - Trojan - Total Request Scor4e (Inbound) - Total Response Score (Outbound) - DDOS 10. Verify the "Enabled Slow POST Protection" section appears. If the application layer controls are not set to "Deny" mode or slow POST protection does not appear, this is a finding.
Configure the Kona Site Defender to block traffic for organizationally defined HTTP protocol violations, HTTP policy violations, SQL injection, remote file inclusion, cross-site scripting, command injection attacks, and any applicable custom rules. The Akamai Professional Services team should be consulted to implement this Fix content due to the complexities involved. In most cases, this should be included in the SLA. 1. Log in to the Akamai Luna Portal (https://control.akamai.com). 2. Click the "Configure" tab. 3. Under the "Security" section, select "Security Configuration". 4. If prompted for which product to use, select "Site Defender" and then "Continue". 5. Under the "Security Configurations" section, click on the most recent version under the "Production" column for the security configuration being reviewed. 6. The detailed "Security Configuration" page will load listing the protected host names and applicable policies. 7. Select the policy being reviewed and click the "Edit" button. 8. Enable the "Application Layer Controls" box and the "Slow POST Protection" box. 9. Click the "Next" button and set each of the following "KRS Rule Set" rules to "Deny". - SQL Injection - Cross Site Scripting (XSS) - Command Injection - Invalid HTTP - Remote File Inclusion - PHP Injection (when PHP is used) - Trojan - Total Request Score (Inbound) - Total Response Score (Outbound) - DDOS 10. Click the "Next" button and follow the prompts to complete the process.
Confirm Kona Site Defender is configured to alert the ISSO, ISSM, and SA when detection events occur: 1. Log in to the Akamai Luna Portal (Caution-https://control.akamai.com). 2. Click the "Monitor" tab. 3. Under the "Security" section select "Security Monitor". 4. Click the "Notification" button (an icon shaped like a triangle with an exclamation point on the inside) 5. Click the "Configure Notification" button shaped like a plus sign. 6. Confirm that notifications are being sent when "Mitigated" is greater than (>) "1". If the alerts are not being sent, this is a finding.
Configure Kona Site Defender to alert the ISSO, ISSM, and SA when detection events occur: 1. Log in to the Akamai Luna Portal (Caution-https://control.akamai.com). 2. Click the "Monitor" tab. 3. Under the "Security" section select "Security Monitor". 4. Click the "Notification" button (an icon shaped like a triangle with an exclamation point on the inside) 5. Click the "Configure Notification" button shaped like a plus sign. 6. Click the "Add Notification" button shaped like a plus sign. 7. Click the "Show Advanced View" link. 8. Set the "Notification Name" to "WAF Activity Mitigated" 9. Enter a more detailed description in the “Description” text box. 10. Set the priority to "high". 11. In the "Notify When:" section, set "Mitigated" to greater than (>) 1. 12. Set the “Apply Filter:” dropdowns to “Host Name” and “Contains”, and enter the applicable host name in the text box. 13. Set "During:" to "1 Minute". 14. Set "Notify After:" to "1" occurrences. 15. Select the "Host Name" check box in the "For:" area. 16. Add the ISSO and ISSM emails to the "Email to:" field. 17. Click the “Save” button.
Confirm Kona Site Defender is configured to alert the ISSO, ISSM, and SA when detection events occur: 1. Log in to the Akamai Luna Portal (Caution-https://control.akamai.com). 2. Click the "Monitor" tab. 3. Under the "Security" section select "Security Monitor". 4. Click the "Notification" button (an icon shaped like a triangle with an exclamation point on the inside) 5. Click the "Configure Notification" button shaped like a plus sign. 6. Confirm that notifications are being sent when "Mitigated" is greater than (>) "1". If the alerts are not being sent, this is a finding.
Configure Kona Site Defender to alert the ISSO, ISSM, and SA when detection events occur: 1. Log in to the Akamai Luna Portal (Caution-https://control.akamai.com). 2. Click the "Monitor" tab. 3. Under the "Security" section select "Security Monitor". 4. Click the "Notification" button (an icon shaped like a triangle with an exclamation point on the inside) 5. Click the "Configure Notification" button shaped like a plus sign. 6. Click the "Add Notification" button shaped like a plus sign. 7. Click the "Show Advanced View" link. 8. Set the "Notification Name" to "WAF Activity Mitigated" 9. Enter a more detailed description in the “Description” text box. 10. Set the priority to "high". 11. In the "Notify When:" section, set "Mitigated" to greater than (>) "1". 12. Set the “Apply Filter:” dropdowns to “Host Name” and “Contains”, and enter the applicable host name in the text box. 13. Set "During:" to "1 Minute". 14. Set "Notify After:" to "1" occurrences. 15. Select the "Host Name" check box in the "For:" area. 16. Add the ISSO and ISSM emails to the "Email to:" field. 17. Click the “Save” button.
Confirm Kona Site Defender is configured to alert the ISSO, ISSM, and SA when detection events occur: 1. Log in to the Akamai Luna Portal (Caution-https://control.akamai.com). 2. Click the "Monitor" tab. 3. Under the "Security" section select "Security Monitor". 4. Click the "Notification" button (an icon shaped like a triangle with an exclamation point on the inside) 5. Click the "Configure Notification" button shaped like a plus sign. 6. Confirm that notifications are being sent when "Mitigated" is greater than (>) "1". If the alerts are not being sent, this is a finding.
Configure Kona Site Defender to alert the ISSO, ISSM, and SA when detection events occur: 1. Log in to the Akamai Luna Portal (Caution-https://control.akamai.com). 2. Click the "Monitor" tab. 3. Under the "Security" section select "Security Monitor". 4. Click the "Notification" button (an icon shaped like a triangle with an exclamation point on the inside) 5. Click the "Configure Notification" button shaped like a plus sign. 6. Click the "Add Notification" button shaped like a plus sign. 7. Click the "Show Advanced View" link. 8. Set the "Notification Name" to "WAF Activity Mitigated" 9. Enter a more detailed description in the “Description” text box. 10. Set the priority to "high". 11. In the "Notify When:" section, set "Mitigated" to greater than (>) "1". 12. Set the “Apply Filter:” dropdowns to “Host Name” and “Contains”, and enter the applicable host name in the text box. 13. Set "During:" to "1 Minute". 14. Set "Notify After:" to "1" occurrences. 15. Select the "Host Name" check box in the "For:" area. 16. Add the ISSO and ISSM emails to the "Email to:" field. 17. Click the “Save” button.
Confirm Kona Site Defender is configured to block traffic for organizationally defined HTTP protocol violations, HTTP policy violations, SQL injection, remote file inclusion, cross-site scripting, command injection attacks, and any applicable custom rules: 1. Log in to the Akamai Luna Portal (https://control.akamai.com). 2. Click the "Configure" tab. 3. Under the "Security" section, select "Security Configuration". 4. If prompted for which product to use, select "Site Defender" and then "Continue". 5. Under the "Security Configurations" section, click on the most recent version under the "Production" column for the security configuration being reviewed. 6. The detailed "Security Configuration" page will load listing the protected host names and applicable policies. 7. Select the policy being reviewed. 8. Verify the "Application Layer Controls" checkbox is enabled. 9. Verify the following "KRS Rule Set" rules are set to "Deny". - SQL Injection - Cross Site Scripting (XSS) - Command Injection - Invalid HTTP - Remote File Inclusion - PHP Injection (when PHP is used) - Trojan - Total Request Scor4e (Inbound) - Total Response Score (Outbound) - DDOS 10. Verify the "Enabled Slow POST Protection" section appears. If the application layer controls are not set to "Deny" mode or slow POST protection does not appear, this is a finding.
Configure the Kona Site Defender to block traffic for organizationally defined HTTP protocol violations, HTTP policy violations, SQL injection, remote file inclusion, cross-site scripting, command injection attacks, and any applicable custom rules. The Akamai Professional Services team should be consulted to implement this Fix content due to the complexities involved. In most cases, this should be included in the SLA. 1. Log in to the Akamai Luna Portal (https://control.akamai.com). 2. Click the "Configure" tab. 3. Under the "Security" section, select "Security Configuration". 4. If prompted for which product to use, select "Site Defender" and then "Continue". 5. Under the "Security Configurations" section, click on the most recent version under the "Production" column for the security configuration being reviewed. 6. The detailed "Security Configuration" page will load listing the protected host names and applicable policies. 7. Select the policy being reviewed and click the "Edit" button. 8. Enable the "Application Layer Controls" box and the "Slow POST Protection" box. 9. Click the "Next" button and set each of the following "KRS Rule Set" rules to "Deny". - SQL Injection - Cross Site Scripting (XSS) - Command Injection - Invalid HTTP - Remote File Inclusion - PHP Injection (when PHP is used) - Trojan - Total Request Score (Inbound) - Total Response Score (Outbound) - DDOS 10. Click the "Next" button and follow the prompts to complete the process.
Verify that only authorized personnel have access to the Kona Site Defender portal (Luna): 1. Log in to the Akamai Luna Portal (https://control.akamai.com). 2. Select "Configure" and then "Manage Users & Groups". 3. Select the "Roles" tab. 4. Review the personnel list and their current roles. If non-privileged users can perform privileged functions, this is a finding.
Ensure that only authorized personnel have access to the Kona Site Defender portal (Luna): 1. Log in to the Akamai Luna Portal (https://control.akamai.com). 2. Select "Configure" and then "Manage Users & Groups". 3. Select the "Users" tab. 4. Add the correct personnel by clicking the "Create a New User" button or remove existing users by clicking the gear icon next to their entry and selecting "Delete this user".
Confirm Kona Site Defender is configured to connect to the correct origin server: 1. Log in to the Akamai Luna Portal (Caution-https://control.akamai.com). 2. Click the "Select Group or Property" button. 3. Select the configuration that is being reviewed. 4. Under the "Active Production" section, click on the active version. 5. In the "Origin Server" section, verify the "Origin Server Hostname" is valid. If the "Origin Server Hostname" is not valid, then this is a finding.
Configure Kona Site Defender to connect to the correct origin server: 1. Log in to the Akamai Luna Portal (Caution-https://control.akamai.com). 2. Click the "Select Group or Property" button. 3. Select the configuration that is being reviewed. 4. Under the "Active Production" section, click on the active version. 5. Click the "Edit" button (if not already selected). 6. In the "Origin Server" section, change the "Origin Server Hostname" to the correct hostname. 7. Click the "Save" button. 8. Activate the configuration by clicking the "Activate" tab and the activate buttons for the proper network (either staging or production).