Intelligent Traffic Management with the F5 BIG-IP Platform | F5
F5 Offers Advanced Web Security With BIG-IP v10.1
-
Upload
dsorensencpr -
Category
Technology
-
view
2.714 -
download
5
description
Transcript of F5 Offers Advanced Web Security With BIG-IP v10.1
BIG-IP V10.1Advanced Web Security
November 2009
2
F5 Announcement Highlights
New release of BIG-IP delivers advanced Web security solutions to help customers efficiently address threats to Web applications
– Web scraping attack protection• Better protection against automated scanners and bots
– Simplified PCI compliance• Reporting with human readable policies to validate compliance with PCI DSS
1.2
– Secure and Dynamic DNS• Meets DNSSEC 2009 government compliance
- IP Geo-Location database• Integrated into F5’s TMOS architecture
– Announcement date: Nov. 16, 2009
3
Airline Inventory Vulnerable to Web Scraping • Ryanair – Stolen data, litigation costs, decreasing revenue
– Wins injunction against Vtours GmBH– Forbids screen-scraping as commercial use*– Ryanair sent cease and desist letters to 300 sites
• easyJet warns Expedia: 'Hands off our flights‘
4
Protects valuable intellectual propertyPrices are controlled and users see airline approved inventoryIntegrated scrape reporting for PCI complianceAvoid litigation drastically reducing legal costs
Solution
Protection from Web Scraping
Frankfurt DatacenterDublin Datacenter
Web
IT Staff
Domino Network
Web
IT Staff
Domino
Automated scraper
Remote users
Network
BIG-IP 8900
LTM/ASM LTM/ASM
BIG-IP 6900 Comprehensive reporting on
scraping attacks
Legitimate users see inventory while scrapers are remediated
Detect requests and determine web
site is being scraped
5
Attack Expert System
6
Improved PCI Compliance Reporting
7
DNS Infrastructure is VulnerableSpoofing and cache poisoning allow hijacking of domains
Example.com
App ServersGSLB
LDNS
www.example.com? www.example.com?
123.123.123.123
Hacker
Cache poisoning
012.012.012.012
Problem
Need to secure DNS infrastructure• Cache poisoning and spoofing can
hijack DNS records• Need a method for trusted responses• Need to meet US Government
mandate for DNSSEC compliance
8
Securing the DNS InfrastructureDynamic and secure DNS with Global Traffic Manager
Example.com
App ServersBIG-IP GTM
LDNS
www.example.com? www.example.com?
123.123.123.123+ public key
Hacker
123.123.123.123+ public key
Client gets signed, trusted
response
Solution
Secure and dynamic DNS• Ensure users get trusted DNS queries
with signed responses• Reduce management costs – Simple
to implement and maintain• Meet mandates with DNSSEC
compliant solution
9
F5 – A Better Solution For Web Security
Best WAF with protection from Web Scraping (ASM)
Best WAF to assist administrators in understanding security threats (ASM: Attack Expert)
Simplified PCI Reporting (ASM)
Only GSLB with DNSSEC (GTM)