Docstoc

Www Market2Lead Com - PowerPoint

Document Sample
Www Market2Lead Com - PowerPoint Powered By Docstoc
					                                            1




Web Application Security

F5 Application Security Manager (ASM)

Aslak Siira
a.siira@f5.com




                                        1
                                                                                                                                                2




Company Snapshot
                                              150
                                                                                 Revenue
 Leading provider of                          140
                                                               Service
                                                               Product
 Application Delivery                         130

 Networking products that                     120

 optimize the security,                       110

                                              100
 performance & availability of
                                                90
 network applications, servers
                                                80
 and storage systems                            70




                                 $ Millions
                                              22nd consecutive quarters of sequential revenue growth
                                                60
 Founded 1996 / Public 1999                   For the third quarter of fiscal 2008, F5 Networks, Inc.
                                                50
                                                    (NASDAQ: FFIV) announced revenue of $165.6
                                                40 million, up 4 percent from $159.1 million in the prior
 Approx. 1,580 employees
                                                30 quarter and 25 percent from $132.4 million in the
                                                    third quarter of fiscal 2007.
                                                20
 FY07 Revenue: $526M
                                                10

                                                 0
                                                     4Q04

                                                            1Q05

                                                                   2Q05

                                                                          3Q05

                                                                                 4Q05

                                                                                        1Q06

                                                                                               2Q06

                                                                                                      3Q06

                                                                                                             4Q06

                                                                                                                    1Q07

                                                                                                                           2Q07

                                                                                                                                  3Q07

                                                                                                                                         4Q07
                                                                                                                                         2
                                                                                                          3




F5 Begins 2008 as #1 in the Application Delivery
Controller Market for Q108
  Q108 ADC* Market Share                           Q108 Gartner ADC Market Share
  Leaders
   –    F5 :              38.1%                                           Citrix
                                                                          7.6%     Radware
   –    Cisco:            33%              Cisco
                                                                                    5.3%
   –    Citrix:           7.6%              33%                                              Foundry
                                                                                              2.6%
  Q108 ADC Market Share
  Revenue Leaders
                                                                                                       Others
   –    F5:               $109.8Million                                                                13.4%
   –    Cisco:            $95 Million
   –    Citrix:           $21.8 Million
  Q108 ADC Q/Q Revenue
  Growth
   –    F5:               3.1%
   –    Cisco:            6.7%
   –    Citrix:           -18%
  Q108 ADC Total Market
  Numbers
   –    Revenue: $288 Million
   –    Q/Q Revenue Growth: -5.2%
   –    Y/Y Revenue Growth: 15%


  *Application Delivery Controller (ADC)                    F5 NETWORKS
  Segment Includes: Server Load                                 38.1%
  Balancing/Layers 4-7 Switching and
  Advanced (Integrated) Platforms

                                                                      SOURCE: Gartner              3
                                                                                                             4




F5 Blazes Competition in Advanced Platform ADC
Segment for Q108
                                                         Q108 Gartner Advanced Platform
  Q108 Advanced Platform ADC*                                  ADC Market Share
  Market Share Leaders                                        Radware            Cisco
   –    F5:               61.1%                                8.5%              5.0%
                                                Citrix
   –    Citrix:           12.1%                 12.1%
                                                                                                Others
   –    Radware:          8.5%                                                                  13.2%

  Q108 Advanced Platform ADC
  Market Share Revenue Leaders
   –    F5:               $109.8 Million
   –    Citrix:           $21.8 Million
   –    Radware:          $15.3 Million
  Q108 Advanced Platform ADC
  Q/Q Revenue Growth
   –    F5:               3.1%
   –    Citrix:           -18%
   –    Radware:          -6.7%
   –    Cisco:            20.2%
  Q108 Advanced Platform ADC
  Total Market Numbers
   –    Revenue: $179.7 Million
   –    Q/Q Revenue Growth: -3.8%
   –    Y/Y Revenue Growth: 15%

  *Advanced Platform Segment Includes:                                  F5 NETWORKS
  ADCs that integrate several functions                                     61.1%
  (typically more than four) on a single
  platform (for example, load balancing, TCP,
  connection management, SSL offload,
  compression and caching)                                                        SOURCE: Gartner        4
                                                                        5




Enviable Leadership Position
                     Magic Quadrant for Application
                     Delivery Products, 2008
                     F5 Networks - Strengths
                     • Offers the most feature-rich AP ADC,
                       combined with excellent performance and
                       programmability via iRules and a broad
                       product line.

                     • Strong focus on applications, including
                       long-term relationships with major
                       application vendors, including Microsoft,
                       Oracle and SAP.

                     • Strong balance sheet and cohesive
                       management team with a solid track record
                       for delivering the right products at the right
                       time.

                     • Strong underlying platform allows easy
                       extensibility to add features.

                     • Support of an increasingly loyal and large
                       group of active developers tuning their
                       applications environments specifically with
                       F5 infrastructure.
                       SOURCE: Gartner                             5
                                                                                         6




Application Security, Performance, Availability
                         Application Layer                             Data Center
                                                                       Solutions
             Network Layer
                                             Remote Access

                                             Rate Shaping

                                             Content Acceleration

                                             DoS Protection
                             ROUTERS         SSL Acceleration

                                             Load Balancing

                                             WAN Optimization

                                             Application Security

                             SWITCHES        Traffic Compression

                                             Caching

                                             Connection Optimization




                             FIREWALLS

Intelligent Clients

                                                                                     6
                                                                                  7




 Application Security, Performance, Availability
                                                              Data Center
                         Application Layer                    Solutions

             Network Layer                         INTELLIGENT APPLICATIONS



                                                           iControl

                             ROUTERS

                                                           Functions

                                             TMOS
                             SWITCHES        + Modules
                                             + iRules




                             FIREWALLS


Intelligent Clients
                                                                              7
                                                                                                                    8




       F5’s ADN – Freeing IT, Optimizing Business
                   International
                   Data Center
Cell


  PC - Home                                       Enterprise Manager /
                                                  ControlPoint
                                                                                                     Applications
                                                          BIG-IP Local
                                                                                                     & Storage
                                   BIG-IP
                      BIG-IP       Link                   Traffic      BIG-IP
                                                                                     ARX
                      Global       Controlle              Manager      Application
                                               FirePass                              File/Data
                      Traffic      r                                   Security
                                               SSL VPN                               Virtualizatio
                      Manager                             BIG-IP Web Manager
  Remote -                         WANJet                                            n
                                                          Accelerator
  WAN


                                                  iControl

  PC - LAN
                                                  TMOS




  WLAN



              F5’s End-to-End Application Delivery Networking Solution
                                                                                                               8
                                                                                                                                                                                                    9




         Unique TMOS Architecture



                                                 Application Security Module




                                                                                               WebAccelerator




                                                                                                                                  3rd Party
                           Microkernel
                                                                                                                TCP Proxy
            Rate Shaping




                                                                                                                                              Compression
                             TCP Express




                                                                                                                                                                         TCP Express
                                                                                                                                                            OneConnect
                                                                               Caching


                                                                                         XML
                                           SSL

                                                                                                                Client   Server
                                                                                                                Side      Side

Client                                                                                                                                                                                 Server


                                                                                               iRules
                                                                                High Performance Hardware                                                   iControl API

                                                                   TMOS traffic plugins
                                                                   High-performance networking microkernel
    Application                                                    Powerful application protocol support
     Delivery
     Network                                                       iControl – External monitoring and control
                                                                   iRules – Network programming language

                                                                                                                                                                                                9
                                                       10




Application & Deployment Guides
                 + Configuration Templates


                          Deployment Guides:
                          BEA Weblogic
                          Citrix
                          IBM WebSphere
                          Microsoft Exchange
                          Microsoft SharePoint
                          Microsoft Hyper-V
                          Microsoft IIS
                          Microsoft LCS
                          Microsoft OM
                          Microsoft ...
                          Oracle Access Manager
                          Oracle AS
                          Oracle E-Business Suite
                          SAP NetWeaver & Enterprise
                          SOA
                          Siebel
                          VMWare
                          ...
                                                 10
                                                                                                                                 12




Most web application are vulnerable!
 70% of websites at immediate risk of being hacked!
 - Accunetix – Jan 2007 http://www.acunetix.com/news/security-audit-results.htm

 “8 out of 10 websites vulnerable to attack”
 - WhiteHat “security report – Nov 2006”               https://whitehatsec.market2lead.com/go/whitehatsec/webappstats1106



 “75 percent of hacks happen at the application.”
 - Gartner “Security at the Application Level”

 “64 percent of developers are not confident in their
 ability to write secure applications.”
 - Microsoft Developer Research

 The battle between hackers and security
 professionals has moved from the network layer to
 the Web applications themselves.
 - Network World
                                                                                                                            12
                                                          13




Top Five Vulnerabilities
 Cross-Site Scripting: 7 of 10 websites vulnerable
 Predictable Resource Location: 1 of 4 vulnerable
 Content Spoofing: 1 of 4 websites vulnerable
 Insufficient Authentication: 1 of 5 vulnerable
 SQL Injection: 1 of 5 websites vulnerable




                                                     13
                                                                            14



Web Application Security –
Professionals Survey – 2007
 – Web Application Security Professionals Survey (Oct 2007) – 140
   professionals

 – Conclusions:

 – 1. The vast majority of websites have at least one serious
   vulnerability.
 – 2. Many websites are being broken into, but no one knows about
   them and that‟ll increase exponentially over the next few years.
 – 3. There is NO WAY the average user can protect themselves from
   being exploited.
 – 4. The standard mandated by the credit card industry, PCI-DSS,
   makes little difference to the security of a website.
 – 5. Web application vulnerability scanners miss just about as many
   of the most common issues as they find.
                                                                       14
                                                                                 15




So what does it mean?
Everyone has vulnerabilities




    Hacker makes music distributors
    advertice pirates




         Simple SQL injection in user name
         ' OR 1=1–
         allowed admin access into Deutsche Bank web site in October 2007



                                                                            15
                                                                                 15
                                                        16



And that means everyone – http://forum.f-secure.com –
december 2007




                                                   16
                                                        16
                                                                                                                                                 17




www.owasp.org                                                           Top Ten Project
A1 – Cross Site Scripting       XSS flaws occur whenever an application takes user supplied data and sends it to a web browser without
     (XSS)                            first validating or encoding that content. XSS allows attackers to execute script in the victim‟s
                                      browser which can hijack user sessions, deface web sites, etc.

A2 – Injection Flaws            Injection flaws, particularly SQL injection, are common in web applications. Injection occurs when user-
                                       supplied data is sent to an interpreter as part of a command or query. The attacker‟s hostile data
                                       tricks the interpreter into executing unintended commands or changing data.

A3 – Insecure Remote File       Code vulnerable to remote file inclusion allows attackers to include hostile code and data, resulting in
     Include                         devastating attacks, such as total server compromise.

A4 – Insecure Direct Object     A direct object reference occurs when a developer exposes a reference to an internal implementation
     Reference                        object, such as a file, directory, database record, or key, as a URL or form parameter. Attackers
                                      can manipulate those references to access other objects without authorization.

A5 – Cross Site Request         A CSRF attack forces a logged-on victim‟s browser to send a pre-authenticated request to a vulnerable
     Forgery (CSRF)                  web application, which then forces the victim‟s browser to perform a hostile action to the benefit of
                                     the attacker.

A6 – Information Leakage        Applications can unintentionally leak information about their configuration, internal workings, or violate
     and Improper Error               privacy through a variety of application problems. Attackers use this weakness to violate privacy,
                                      or conduct further attacks.
     Handling
A7 – Broken Authentication      Account credentials and session tokens are often not properly protected. Attackers compromise
     and Session                     passwords, keys, or authentication tokens to assume other users‟ identities.
     Management
A8 – Insecure Cryptographic     Web applications rarely use cryptographic functions properly to protect data and credentials. Attackers
     Storage                         use weakly protected data to conduct identity theft and other crimes, such as credit card fraud.

A9 – Insecure                   Applications frequently fail to encrypt network traffic when it is necessary to protect sensitive
     Communications                   communications.

A10 – Failure to Restrict URL   Frequently, the only protection for sensitive areas of an application is links or URLs are not presented to
                                     unauthorized users. Attackers can use this weakness to access and perform unauthorized
     Access                          operations.                                                                                            17
                                                                     18




Developers are asked to do...
Application
 Security                    Application
                              Patching




                                               Application
Application
                                               Scalability
Development




                                Add: application availability
               Application
              Performance



                                                                18
                                                          20




Challenges of traditional solutions

 HTTP is stateless, Application is statefull
 Web applications are unique, there are no
 signatures for YOUR web application
 Tight development time-frame and lack of
 security experties lead to vulnerabilities
 Code written by third parties
 Good protection has to inspect the response as
 well
 Encrypted traffic only doesn‟t protect the server
                                                     20
                                                          21




Lines of Code comparison




                  BEA WebLogic
                  > 10 000 000 LoC *


 Your Code ?




                                       * Estimated   21
                                                                                          23




                 Payment Card Industry (PCI)
                            VISA‟s “Digital Dozen”
                  Has Been Adopted by All Card Associations
Build and Maintain a Secure Network
1. Install and maintain a firewall configuration to protect cardholder data
2. Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data
3. Protect stored cardholder data
4. Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program
5. Use and regularly update anti-virus software
6. Develop and maintain secure systems and applications
Implement Strong Access Control Measures
7. Restrict access to cardholder data by business need-to-know
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data
Regularly Monitor and Test Networks
10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes
Maintain an Information Security Policy
12. Maintain a policy that addresses information security
                                                                                     23
                                                                                                                     26




              PCI: Requirement 6
Develop and maintain secure systems and applications

6.1 Ensure that all system components and software have the latest vendor-supplied security
patches installed within one month of release.
6.2 Establish a process to identify new security vulnerabilities. Update standards to address new vulnerabilities.
6.3 Develop software applications based on industry best practices and incorporate information
security throughout the software development life cycle.
6.4 Follow change control procedures for all system and software configuration changes.
6.5 Develop all web applications based on secure coding guidelines such as the Open Web
Application Security Project guidelines. Review custom application code to identify coding
vulnerabilities. Cover prevention of common coding vulnerabilities in software development
processes, to include the OWASP Top 10.
6.6 Ensure that all web-facing applications are protected against known attacks by applying either of
the following methods:
       • Having all custom application code reviewed for common vulnerabilities by an organization
that specializes in application security
       • Installing an application layer firewall in front of web-facing applications. (Note: This method will
       be a requirement on June 30, 2008, until then it is a best practice.)



                                                                                                               26
                                                                                           28




Web Application Protection Strategy
                           Best
                                                      Automated
                         Practice
                                                      & Targeted
                         Design
                                                       Testing
                         Methods
Only protects against                     Web                      Done periodically; only
known vulnerabilities                     Apps                     as good as the last test
Difficult to enforce;                                              Only checks for known
especially with sub-                                               vulnerabilities
contracted code                                                    Does it find everything?
Only periodic updated;                    Web
large exposure window                  Application
                                        Firewall
                                          ASM


                             Real-time 24 x 7 protection
                             Enforces Best Practice Methodology
                             Allows immediate protection against
                             new vulnerabilities                                      28
                                                                   34




Positive Security Definition and Learning


Tighter           OBJECT FLOWS           POLICY
Security                               TIGHTENING
Posture                               SUGGESTIONS
                 PARAMETER VALUES
                                    Policy-Building Tools
                                    • Automatic Learning
                 PARAMETER NAMES      and policy building
Typical                             • “Trusted IP” Learning
‘standard’                          • Live Traffic Learning
starting point    OBJECT NAMES
                                    • Crawler
                                    • Negative RegEx
                   OBJECT TYPES     • Template



                                                              34
                                                                    35




Web Application Security with ASM
                             Stops bad
                !
             Unauthorised
                             requests /           !
               Access        responses             Non-
                                                compliant
                                               Information




                           ASM allows
   Browser
                 !     legitimate requests
              Unauthorised
                                                 !
                                             Infrastructural
                Access                        Intelligence




                                                               35
                                                                                       36




Security Policy in ASM
                                         Security Policy




                              Enforcement                   Content Scrubbing
   Browser                                                 Application Cloaking


             Can be generated automatically or manually
             Highly granular on configuration and blocking
             Easy to understand and manage
             Bi-directional:
              –   Inbound:    protection from generalised & targeted attacks
              –   Outbound:   content scrubbing & application cloaking
             Application content & context aware


                                                                                  36
                                                                                  37




Negative Security vs Positive Security

 Negative Security
  –   Relies on Patterns or Signatures to define known attacks.
  –   Checks RFC compliance for anomalies
  –   Basically always looks for the known bad and then takes action.
  –   Unable to stop Zero Day Attacks
 Positive Security
  – Relies on knowing the inner workings of an application.
  – Checks for actions that fall outside applications set allowed actions.
       •   Queries
       •   Character Sets
       •   Flows
       •   Objects
       •   Etc…
  – Prevents Zero Day attacks.
 ASM Benefits
  – Utilizes both Positive Security and Negative Security to augment each
    other.
                                                                             37
                                                        39




Immediate Value

 Tightening model, deployment starts with open
 rules
 Gradually introduce more specific policy rules
 Specific rules are applied before general rules
 General rules are taken out of the policy




                                                   39
                                                   40




Policy Builder: Automation in
Policy Building
 Creates advanced security policies
 automatically
 Highly accurate policies – every source of
 information is used (responses, requests,
 heuristics, trusted IP)
 Automatic detection and policy generation
 after site updates
 Fits into any deployment scenarios
                                              40
                                                               41




Policy Wizard




 Leads you through the policy building process
 where you can choose the following settings
  – Application Policy Template or
  – „Used systems“ to specify the attack signatures
  – Automatic or manual policy building
  – It creates the wildcards for manual policy building
    automatically
                                                          41
                                    42




Application Policy Templates
  OWA
  Sharepoint
  Lotus Domino Mail Server
  Oracle Financials
  SAP Netweaver
  Generic
  And others will follow



                               42
                                            43




XML Firewall
 Well formatted validation
 Schema/WSDL validation
 Methods selection
 Attack signatures for XML platforms
 Backend Parser protection
 XML islands application protection
 Full request logging




                                       43
                                                                           44




Extended security features
 Dynamic parameter protection
 Login page enforcement
 Information leakage prevention – “Data Guard”
   Pre defined or Custom patterns can be applied to any text response
    from the server to mask sensitive information or block the response.
 Detailed granular positive protection for every entity
   Protocoll, Headers, URI, Parameter
 Automatic signature update
   Staging


                                                                      44
                                        45




Protection for Dynamic Values or
Hidden Field Manipulation




                                   45
                                                           46




Example: SAP Application

 Protect the session information in the URI
 – https://saptest.xyz.de/sap(bD1kZSZjPTAxMA==)/...


 Protect dynamic parameter names and values
 – &Tdokfilter_subdok_dokstrukturK2_Y123456789103459
   185=F




                                                      46
                                                                                   47




Flexible Policy Granularity
       Search for: „command injection‟

       Single quote is a command delimiter:
       • Best practice to disallow from parameters wherever possible
       • Easiest to achieve with a generic policy applied to the whole site


      BUT . . .

       User Name:                O‟Connor

       Single quote needed in some parameters:
       • Need to be able to selectively relax policy – eg
          single quote allowed in this parameter
       • Need to limit use within relaxed policy – eg only one
          single quote allowed in this parameter
                                                                              47
                                                                                                     48



Selective Application Flow
Enforcement


                                                   !
                                                ALLOWED

                                     Username
                                                          From Acc.            $ Amount
                                     Password             To Acc.              Transfer



                                 ?                             !
                                                   !
                                                VIOLATION
                                                            VIOLATION


                                                                      This part of the site is a
                                                                      financial transaction that
• Should this be a violation?
                                                                      requires authentication; we
• The user may have
                                                                      should enforce strict flow
  bookmarked the page!
                                                                      and parameter validation
• Unnecessarily enforcing flow
  can lead to false positives.


                                                                                                48
                                                            49




Signature staging
 In order to benefit from signatures it is mandatory
 to be sure they cause no F/P.
 To “clean” a large set usually takes a lot of time.
 During all this time, All signatures are in non-
 blocking mode
 Signature staging allows to benefit from the
 signatures that do not create f/p right after the
 staging period, while other remain in the staging
 basket

                                                       49
                                   52




Security Alerts and Reports

 General Security Alerts
 Violations Report
 IP based Report
 IP based Attack
 Report
 Legal and Illegal
 Requests
 Request Details              52
                                                      53




Fast Custom Logging




 Can send all requests to remote syslog server
 Very flexible export customization
 Building block for compliance
                                                 53
                        54




Executive Report




                   54
                                              55




ASM Platform Availability
 Standalone ASM on TMOS
 – 4100, 3600




 Available as a module with BIG-IP LTM
 – 3600
 – 6400/6800
 – 8400/8800

                                         55
                                                                                                                                                                          56




        BIG-IP Platform Characteristics
Price

                                                                                                                                                   BIG-IP 8800



                                                                                                                      BIG-IP 8400              2 x 2.6 GHz Dual Core Opteron
                                                                                                                                               12 10/100/1000 or 12 SFP
                                                                                                                                               Layer 4 ASIC (PVA10)
                                                                                                                                               80 GB HD + 512 CF
                                                                                                                                               SSL @ 48K TPS/ 6 Gb Bulk
                                                                                           BIG-IP 6800              2 x 2.6 GHz Opteron        HW Compression option
                                                                                                                    12 10/100/1000 or 12 SFP   7-10 Gbps Traffic
                                                                                                                    Layer 4 ASIC (PVA10)       (7G L7, 6GSSL & Compress)
                                                                                                                    80 GB HD + 512 CF          Multiple Product Modules
                                                                                                                    SSL @ 33K TPS/ 3 Gb Bulk
                                                                                         2 x 2.4 GHz Opteron        HW Compression option
                                                                BIG-IP 6400              16 10/100/1000 + 4 SFP     6-10Gbps Traffic
                                                                                         Layer 4 ASIC (PVA2)        Multiple Product Modules
                                                                                         80 GB HD + 512 CF
                                                                                         SSL @ 20K TPS/ 2 Gb Bulk
                                                              2 x 1.6 GHz Opteron        FIPS SSL option
                                                              16 10/100/1000 + 4 SFP     HW Compression option
                                        BIG-IP 3600                                      4 Gbps Traffic
                                                              Layer 4 ASIC (PVA2)
                                                              80 GB HD + 512 CF          Multiple Product Modules
                                                              SSL @ 15K TPS/ 2 Gb Bulk
                                                              FIPS SSL option
                                    1 x 2.13 GHz Core2 Duo    2 Gbps Traffic
             BIG-IP 1600            8 10/100/1000 + 2x 1GB SFP1 Product Module
                                     1x 160 GB HD + 8GB CF
                                     4GB RAM
                                     SSL @ 14K TPS / 1.5 Gb/s
                                     Bulk
        1.8 Ghz Core2Duo (Dual Core) 1.5 Gbps Traffic
        4 10/100/1000 + 2x 1GB SFP 1 Product Module
        160GB HD, 4GB RAM
        SSL @ 7K TPS / 750 Mb/s Bulk
        750 M Traffic



                                                                    Function / Performance                                                                         56
                                                      57




Redundant Deployment with the
Appliance

                                       Web Servers

                           BIG-IP
                        LoadBalancer

             Firewall

Internet



       ASM




                                                 57
                                                   58




Redundant Deployment with the
BIG-IP and ASM

                                    Web Servers
                      BIG-IP with
                      ASM-Module

           Firewall

Internet




                                              58
                                                                                                                                                           59




   TMOS Architecture




                                                                                              3rd Party
                                                                      WAM
                                              ASM
                        Microkernel
                                                                            TCP Proxy




                                                                                                          Compression
         Rate Shaping

                          TCP Express




                                                                                                                                      TCP Express
                                                                                                                         OneConnect
                                                    Caching

                                                                XML
                                        SSL
                                                                            Client   Server
                                                                            Side      Side

Client                                                                                                                                              Server


                                                                      iRules
                                                              High Performance HW                                       iControl API

                                                    TMOS Traffic Plugins
         Application                                High-performance Networking Microkernel
          Delivery
          Network
                                                    Powerful Application Protocol Support
                                                    iControl – External monitoring and control
                                                    iRules – Network Programming Language
                                                                                                                                                      59
                                                                                                     60




  Improve Security with LTM
Resource Cloaking
BIG-IP virtulizes and hides all application, server error codes and real URL references that
may provide hackers clues into infrastructure, services and their associated vulnerabilities.

Customized Application Attack Filtering
BIG-IP's full inspection and event-based rules deliver a greatly enhanced ability to search
for and apply numerous rules to block known L7 attacks.

Encrypts cookies
and other tokens that are transparently distributed to legitimate users. Organizations gain
superior security for all stateful applications (e-commerce, CRP, ERP and other business-
critical applications) and a higher level of user identity trust.

Supports higher-standard AES (Advanced Encryption Standard for SSL)
algorithms with the most secure SSL encryption available on the market, at no additional
processing cost.

Content Protection
Allows organizations to prevent sensitive documents or content from leaving their site.




                                                                                                60
                                                                                                   61




  Improve Security with LTM
Protects Against Heavy Attack Volumes
BIG-IP combines a suite of security features to provide comprehensive protection against
DoS Attacks, SYN Floods and other network based attacks. Features such as
SYNCheck™ provide comprehensive SYN Flood protection of the servers that sit behind
the BIG-IP device. Combined with the Dynamic Reaping capabilities, BIG-IP provides
robust security to filter out the heaviest attacks while simultaneously delivering
uninterrupted service for legitimate connections.

Insulation From Protocol Attacks
BIG-IP provides Protocol Sanitization and a Full TCP Termination point which
independently manages client and server side connections, protecting all backend systems
and applications from malicious attacks.

Firewalling - Packet Filtering
BIG-IP now integrates a control point to define and enforce L4-based filtering rules (based
on PCAP, similar to network firewalls) improving network protection.




                                                                                              61
     63




63

				
DOCUMENT INFO
Description: Www Market2Lead Com document sample