SlideShare une entreprise Scribd logo

F5 Networks: architecture and risk management

AEC Networks
AEC Networks

Presentación realizada por el Ing. Hugo Tovar en el Desayuno con F5 Networks el 18 de octubre de 2012.

Technologie
1  sur  54
Architecture and Risk Management Hugo Tovar Systems Engineer México, Central America & the Caribbean
Agenda •  Application Delivery Challenges •  Unified Architecture •  Security Challenges •  Data Center Firewall •  Security Use Cases •  Contextual Access Control for Mobility and BYOD •  Vulnerability assessment & Application Security •  Call to action 2 © F5 Networks, Inc.
“ • Application delivery and optimization solutions are underutilized and poorly understood in many IT organizations. • The skills required to fully utilize these solutions are broad and touch on multiple IT disciplines. 2011: Mark Fabbi, Distinguished Analyst “Three Phases to Improve Application Delivery Teams” 3 © F5 Networks, Inc.
Edge Gateway –Manager (GTM) – F5 Network Diagram Global Traffic Provides SSL VPN remote Automatically routes access security with applicationbest performing data acceleration connections to the Manager GatewayProvides secure, VPN remote Access Policy closest or (APM) – – Provides SSL Edge and optimization servicespolicy-based of theAscontrol. center in Local Traffic access edge accessoraother at the the eventand Manager (LTM)with application acceleration security – context-aware, of an outage, overload, full proxy between network, allusers and simplifies authentication, authorization, in one efficient, scalable, and times for users disruption. The and applicationresponsebrowsersuser connections Centralizes result is faster servers, spreads from Web Accelerator (WA) – Stops web services at the edge of the and optimization cost effective solution(AAA)clustered servers using a the BIG- across of Manager – Manager (ASM) broad Enterprise Security content Applicationnetwork, is a centralized and optimal use multiple management directlythe – An range of needlessly re-requesting dataall in one efficient, and accounting multiple pagecenters from on scalable, and techniques to secure, optimize and load devices management appliance for F5 BIG-IP® balance IP systemadvanced web applicationsolution that WAN webcost effective firewall users of server. Enables Optimizationto handle (WOM) – Speeds data servers traffic userModule more application you a applications and their data that givescritical consolidated, real-time to 10 and increases interactive performance up view protects over the enable you to dramatically simplify F5 ARX File Virtualization devicesWAN and provides high performance, transfers your entire F5 against application-specific application delivery by defending and high availability for application traffic times data management and reduce storage costs. By introducing intelligent encryption, infrastructurebypass conventional firewalls attacks that storage infrastructure, ARX eliminates the file virtualizationbetween file into the BIG-IP devices Data Manager Software – file system discovery, data profiling, disruption associated with storage administration and automates many and powerful reporting give organizations a detailed look inside storage management tasks. The result is a dramatic improvement in the environment so that better management policies can be cost, agility, and business efficiency created for a more efficient and cost-effective storage environment 4 © F5 Networks, Inc.
Top Issues for Retail Bank IT Executives… Issue Ratings: 5 = Very Important 5,00 4,50 4,00 3,50 3,00 2,50 2,00 1,50 1,00 0,50 0,00 Payments Reg impact on Core Multichannel Mobility Cloud Computing Compliance Systems Delivery Source: CEB TowerGroup; N = 11 banks, November 2011 …Align with the top IT Initiatives 5 © F5 Networks, Inc. Exhibit #: Issue 356-E1
Traditional Approach Security Architecture Unified DDoS WEB APP LOAD FIREWALL PROTECTION FIREWALL BALANCER ACCESS MANAGEMENT DNS SECURITY 6 © F5 Networks, Inc.
Unified Security Architecture DNS   WEB   ACCESS   LTM   7 © F5 Networks, Inc.
F5 – Best Alternative for SSL Acceleration Emerging security risks with 512 and 1024 length keys Support for Large SSL Keys (2048 & 4096) Cumulative Cumulative Key Size 32 Bit Commodity 64Bit Commodity Performance Slowdown Performance Slowdown 512 2,357 TPS N/A   8008 TPS N/A   1024 525 TPS 4.5x 1570 TPS 5.1x 2048 96 TPS 5.5x 273 TPS 5.8x 4096 15 TPS 6.4x 38 TPS 7.2x Key Size PB100/200 11000 Series 8900 Series 1024 58,000 TPS 120,000 TPS 58,000 TPS 2048 12,000 TPS 24,000 TPS 12,000 TPS 4096 1800 TPS 3500 TPS 1800 TPS 8 ** Note: These numbers are initial performance results © F5 Networks, Inc.
Security Challenges 54% A Denial of Service tool… using SSL/TLS showed the of hacking breaches potential for an everyday laptop in larger organizations on an average connection to occur happen at the take down an enterprise web web application server Anonymous proxies… have Threat detection today… hinges on two steadily increased, more than We still see elements: identifying suspicious activity quadrupling in number as SQL Injection as a choice point of among billions of data points, and compared to three years ago. entry for attacker refining a large set of suspicious incidents down to those that matter The most significant change we saw in 2011 was the rise of “hacktivism” against larger organizations worldwide 9 © F5 Networks, Inc.
What happened to WikiLeaks •  Several companies stopped the service for WikiLeaks although it is not proven that WikiLeaks violates the existing law •  Amazon removed all WikiLeaks content from their servers •  EveryDNS switched off the DNS resolution for wikileaks.org •  Several financial institutes locked up donation accounts 10 © F5 Networks, Inc.
Finally… •  Thousand of internet users unloaded their accumulated anger starting 7th Dec 2010 •  Web servers of Swiss Postfinance bank were down for several hours •  Credit card companies like Mastercard and VISA where not accessible for several hours/day over several days •  Paypal’s transaction network were slow but not taken down completely 11 © F5 Networks, Inc.
Behind the scenes •  Operation Payback admitted to this attack. They are also known as Anonymous from previous attacks •  They used a modified version of the tool called LOIC •  Originally developed for load tests •  Nearly 50,000 people downloaded it to “join voluntary botnet” •  It performs a DoS or DDoS on a target site by flooding the server with TCP packets, UDP packets or HTTP requests to disrupt the service of a host 12 © F5 Networks, Inc.
How did customers leverage their ADC to address the DDoS problem? http://youtu.be/VGDN5xAHCak 13 © F5 Networks, Inc.
Slowloris, Slow POST attack How to choke a web server slowly... Takes down a web server with minimal bandwidth Slowloris begins by sending a partial HTTP request... ...Followed by subsequent HTTP headers… …One at a time ..Very slowly... ...and never ends... Slow POST attack The data is sent very slow Server holds connection open and runs out of available connections Result – server is unavailable with no errors in the logs 14 © F5 Networks, Inc.
Everyone is vulnerable http://www.whitehatsec.com/home/resource/stats.html Data were collected from 3000 websites in 2010 The average number of serious* vulnerabilities per website, the percentage of reported vulnerabilities that have been resolved (Remediation Rate), and average the number of days a website is exposed to at least one serious vulnerability 15 (Window of Exposure). © F5 Networks, Inc.
What Has Been Missing? BIG-IP Now Certified as Network Firewall User Access Data Protection App Security 16 © F5 Networks, Inc.
The World’s Fastest and Most Extensible Data Center Firewall 17 © F5 Networks, Inc.
What’s a Data Center Firewall? How is it different from Conventional and NGFW? Conventional NGFW DCFW •  Layer 3, 4 •  Layer 7, AppID, UserID •  Layer 3-7, In-bound •  Mostly In-bound •  Out-bound Analysis •  Application Delivery •  Management, •  Who is doing what? •  In-bound User Context Reporting •  Broad but Shallow: •  SSL Termination •  Unaware of users, 1000 users connecting applications, context to 20,000 sites, 40,000 •  Narrow but Deep: 1M protocols users 100 applications, •  Used everywhere, but 6 Protocols unintelligent, ancient •  Used primarily in technology Enterprise to monitor •  Used by Consumer users within Banking, Social media 18 © F5 Networks, Inc.
SYN flood DC Firewall User Geolocation protection and many others Security External Users The Internet Data Center image cannot be display ed. The image cannot be displayed. Your computer may not have enough memory to open the image, or the The image cannot be The image cannot be displayed. Your computer have been corrupted. image may may not have enough memory to open the your computer, and then open Restart displayed. Your computer may not F5.com image, or the image may have been corrupted. the file again. If the red x still appears, have enough memory Restart your computer, and then openyou may have to delete the image and the file to open the image, or again. If the red x still appears, you may have to it again. then insert delete the image and then insert it again. the image may have been corrupted. owa.f5.com Restart your computer, and then DevCentral.F5.com open the file again. If Internet the red x still appears, you may have to delete the image and then insert it again. websupport.f5.com Router ihealth.f5.com High Concurrent Connection downloads.F5.com capacity •  F5 helps you to mitigate DDoS and flood based attacks •  Stateful, Default Deny Behavior •  High Concurrent Connection and conn/sec capacity •  User Geo-location awareness •  SSL (HW accelerated encryption/decryption) •  IPsec site to site •  Packet Filtering •  Flood protection mechanisms 19 •  Carrier Grade NAT (NAT, NAT64) © F5 Networks, Inc.
Mitigating DoS Attacks Protect Against: Protect With: Network Based Distributed Denial Of Service (DDOS) VIPRION BIG-IP LTM DoS Protections •  Packet Filtering •  Syn Cookies (L4 DoS) •  Dynamic Reaping (L4 DoS) •  TCP Full Proxy (L4 DoS) •  Rate shaping (L4->L7 DoS) •  iRules (e.g. SSL DoS protection) •  Very High Performance •  Very large connection tables 20 © F5 Networks, Inc.
Securing and Scaling DNS Services 21 © F5 Networks, Inc.
Authoritative DNS Security Basic GSLB Securing DNS Servers Delegation Overview •  Traditional firewall •  DNS server farm •  Global Server Load Balancing DNS Servers Limitations •  Vunerable to DNS Attacks •  No response validation •  Inability to scale GTM 22 © F5 Networks, Inc.
Authoritative DNS Security GTM Inline or Securing DNS Infrastructure slave Overview •  Consolidated Device •  Firewall Service •  DNS Service •  Anycast DNS Server Benefits •  High Performance DNS •  Scalable DNS GTM •  Dynamic DNSec Signing •  DDoS Resistent 23 © F5 Networks, Inc.
DNSSec Wrapping http://youtu.be/566EmH3H32A 24 © F5 Networks, Inc.
Context Based Access Control For Mobility And BYOD 25 © F5 Networks, Inc.
Context leverages information about the end user to improve the interaction Who •  Who is the user? What •  What devices are requesting access? Where •  Where are they coming from? •  When are they allowed to access? When •  How did they navigate to the page/site? How 26 © F5 Networks, Inc.
Securely Manage Access The image cannot be displayed. Your computer may not have enough memory to open the image, or the DMZ image may have been corrupted. The image F5 Access Policy Manager Restart your computer, and then open the file again. If the red x still appears, you may have to delete the image and canno then insert it again. t be displa yed. Your comp Hypervisor 4,000 Remote Users Internet Virtual Desktops The image cannot be displayed. The image cannot Your computer be displayed. may not have Your computer enough memory may not have enough memory to open the image, or the image may have The image cannot be displayed. Your computer may not have enough memory to open the image, or the image may have been corrupted. Restart your computer, and The image cannot be 1,000 Wireless Users then open the file again. If the red x still appears, you may have to delete the image and then insert it again. displayed. Your computer may The image cannot be displayed. Your computer may not have enough memory to open the image, or the image may have been corrupted. Restart your Internal LAN The image computer, and then open the file again. If cannot be VLAN 1 the red x still appears, displayed. Your The computer may image not have cannot enough be memory to displayed open the . Your image, or the compute image may r may have been not have corrupted. enough memory Utilize existing user directory 15,000 Corporate Users Internal LAN •  High performance – 26,000 users at $7+ per user VLAN 2 The •  Scale up to 100,000 users Th imag ee im cann ag ot be •  Flexible and centralized security policy management displ ayed. Your •  Integrated endpoint security checking 6,000 Corporate Branch Users •  Secure Single Sign-on 27 © F5 Networks, Inc.
BYOD Trust Model •  The trust level of a mobile device is dynamic •  Identify and evaluate the risk of personal devices •  Review the value of apps and data •  Define remediation options •  Notifications •  Access control •  Quarantine •  Selective wipe •  Set a tiered policy 28 © F5 Networks, Inc.
Use Case Access with baseline security, no MDM APM/ASM Kerberos SSO þ Certificate Resources Check þ UUID Check Request ticket Exchange Active Directory 29 © F5 Networks, Inc.
Use Case Normal access with MDM, VPN on-demand two-factor authentication APM/ASM Kerberos SSO þ Certificate Check þ UUID Check Request ticket Active Directory Two factors: •  Pin •  Certificate MDM (Mobile Device Management) (Mobile Iron, Airwatch, Silverback and Zenprise) 30 © F5 Networks, Inc.
Use Case Managed and BYOD access combines UUID check with ACLs ACLs APM/ASM Unmanaged devices get limited access þ Certificate Check ý UUID Check Managed devices get full access MDM Active Directory 31 © F5 Networks, Inc.
Use Case – BBC (BYOD Project) First access with MDM, new enrollment with self-service APM/ASM Verify credentials ý Certificate Check AAA þ Username/ SSO Password Device data When cert check fails, APM Optional OTP Certificate will proxy access to MDM’s (One Time Password) registration registration page Provisioning OTP sent via SMS or email; •  Apps MDM adds two-factor security •  Certificates (Mobile Device •  Profiles Management) Provisioning via MDM “phone home” 32 © F5 Networks, Inc.
Vulnerability Assessment and Web Application Security 33 © F5 Networks, Inc.
IP Intelligence Reputation Scanners Deny access to infected IPs Probes, scans, brute force Windows Exploits Denial of Service Known distributed IPs DoS, DDoS, Syn flood Web Attacks Phishing Proxies IPs used for SQL Injection, CSRF Phishing sites host BotNets Anonymous Proxies Infected IPs controlled by Bots Anon services, Tor 34 © F5 Networks, Inc.
IP Intelligence: Defend Against Malicious Activity and Web Attacks Enhance automated application delivery We need to approach decisions adding better intelligence and stronger security different security based on context. Layer of IP threat protection delivers context to identify and block IP threats using a dynamic data set of high-risk IP addresses. Visibility into threats from multiple sources leverages a global threat sensor network Deliver intelligence in a simple way reveals inbound and outbound communication Evolving Threats Real-time updates keep protection at peak performance refreshing database every five minutes. 35 © F5 Networks, Inc.
IP Intelligence •  Fast IP update of malicious activity •  Global sensors capture IP behaviors •  Threat correlation reviews/ blocks/ releases Key Threats Sensor Techniques IP Intelligence Service: Threat Correlation Internet Semi-open Proxy Farms Dynamic Threat IPs Web Attacks every 5min. Exploit Honeypots Reputation Windows Exploits Naïve User Simulation IP Intelligence Botnets Web App Honeypots Scanners Network Attacks Third-party Sources DNS BIG-IP System 36 © F5 Networks, Inc.
IP Intelligence Botnet IP Intelligence Service IP address feed updates every 5 min Attacker Custom Application Financial Application BIG-IP System Anonymous requests ? Geolocation database Anonymous Internally infected Proxies devices and servers Scanners •  Use IP intelligence to defend attacks 37 •  Reduce operation and capital expenses © F5 Networks, Inc.
Unknown Vulnerabilities in Web Apps •  Unable to find or mitigate vulnerabilities •  Very expensive to fix by recoding •  Difficult to include scanner assessments •  Need assurance that app sec. is deployed properly Web Application Vulnerabilities as a percentage of all disclosures in 2011 H1 Web Applications: 37 percent Others: 63 percent Source: 1BM X-Force Research and Development 38 © F5 Networks, Inc.
Leading Web Application Attack Protection BIG-IP Application Security Manager Users o  Protect from latest web threats Web Application o  DDoS, SlowLoris, & more BIG-IP ASM Security o  Quickly resolve vulnerabilities o  Meeting PCI compliance Web Applications Private Public Physical Virtual Multi-Site DCs Cloud 39 © F5 Networks, Inc.
Protect Applications from Threats Adaptive and unique attack protection Gain visibility Understand Take action into application session context and mitigate sessions and apply policy offending clients 40 © F5 Networks, Inc.
Automatic DOS Attack Detection and Protection o  Accurate detection technique – based on latency o  3 different mitigation techniques escalated serially o  Focus on higher value productivity while automatic controls intervene Detect a DOS condition Identify potential attackers Drop only the attackers 41 © F5 Networks, Inc.
Open Web Application Security Project (OWASP) OWASP Top 10 Web Application Security Risks: 1.  Injection 2.  Cross-Site Scripting (XSS) 3.  Broken Authentication and Session Management 4.  Insecure Direct Object References 5.  Cross-Site Request Forgery (CSRF) 6.  Security Misconfiguration 7.  Insecure Cryptographic Storage 8.  Failure to Restrict URL Access 9.  Insufficient Transport Layer Protection 10.  Unvalidated Redirects and Forwards 42Source: www.owasp.org © F5 Networks, Inc.
Out-of-the-Box Deployment No false positives Fast web application Learning mode implementation •  Gradual deployment •  Rapid deployment •  Transparent or semi- policy transparent •  Pre-configured •  Manual or automatic application policies •  Full blocking policies 43 © F5 Networks, Inc.
Meet PCI Compliance Easily comply with audits PCI reporting provides: •  Requirements with details •  Current compliancy state •  Steps to become compliant 44 © F5 Networks, Inc.
45 © F5 Networks, Inc.
Solution: Quickly Resolve Application Vulnerabilities Request made BIG-IP ASM security policy checked Server response Enforcement Sensitive information, application cloaking Secure response BIG-IP ASM applies Vulnerable delivered security policy application •  Maintain security at application, protocol, and network levels •  Launch secure applications protected from vulnerabilities 46 © F5 Networks, Inc.
“ F5 BIG-IP products enabled us to improve security for an existing application instead of having to invest time and money into developing a new, more secure application. Application Manager, Global 500 Media and Entertainment Company TechValidate 0C0-126-2FB 47 © F5 Networks, Inc.
Integrated Vulnerability Scanning Customer  Website   Vulnerability  Scanner   •   Finds  a  vulnerability   •   Virtual-­‐patching  with          one-­‐click  on  BIG-­‐IP  ASM   •  Vulnerability  checking,     detecDon  and  remediaDon   BIG-­‐IP  ApplicaAon  Security  Manager   •  Complete  website  protecDon   • Qualys   • IBM   • WhiteHat   • Cenzic   •   Verify,  assess,  resolve  and  retest  in  one  UI   •   AutomaDc  or  manual  creaDon  of  policies   •   Discovery  and  remediaDon  in  minutes     48 © F5 Networks, Inc.
Free App Scan Service to Mitigate Vulnerabilities •  Free application vulnerability scan: •  Cenzic Cloud in ASM UI •  3 free scans •  Configure vulnerability Data Center policy in BIG-IP ASM •  Protection from web app attacks BIG-IP Application Security Manager Web 2.0 Apps Attacker Internet Private BIG-IP Application Security Manager Cloud Apps Virtual Edition Clients 49 © F5 Networks, Inc.
The most flexible solution 50 © F5 Networks, Inc.
F5 Value to FSI Employ Using F5’s intelligent approach to IT as a Service application delivery Simplify your infrastructure through F5’s ability to streamline and automate existing network investments. Reduce threats and simplify security by taking advantage of F5’s unified security capabilities. Get world-class business continuity through Transform IT F5’s built-in disaster recovery and high availability capabilities Secure 51 Agility © F5 Networks, Inc.
Call to action The load balancer is dead - leverage your ADC as a strategic Point of Control http://youtu.be/Sh8mNjeuyV4 52 © F5 Networks, Inc.
© 2012 F5 Networks, Inc. All rights reserved. F5, F5 Networks, the F5 logo, and IT agility. Your way., are trademarks of F5 Networks, Inc. in the U.S. and in certain other countries. Other F5 trademarks are identified at f5.com. Any other products, services, or company names referenced herein may be trademarks of their respective owners with no endorsement or affiliation, express or implied, claimed by F5.
54 © F5 Networks, Inc.

Recommandé

BIG IP F5 GTM Presentation
BIG IP F5 GTM PresentationBIG IP F5 GTM Presentation
BIG IP F5 GTM PresentationPCCW GLOBAL
 
F5 Solutions for Service Providers
F5 Solutions for Service ProvidersF5 Solutions for Service Providers
F5 Solutions for Service ProvidersBAKOTECH
 
F5 - BigIP ASM introduction
F5 - BigIP ASM introductionF5 - BigIP ASM introduction
F5 - BigIP ASM introductionJimmy Saigon
 
Putting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation FirewallPutting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation FirewallCisco Canada
 
An Introduction to VMware NSX
An Introduction to VMware NSXAn Introduction to VMware NSX
An Introduction to VMware NSXScott Lowe
 
F5 Networks: Introduction to Silverline WAF (web application firewall)
F5 Networks: Introduction to Silverline WAF (web application firewall)F5 Networks: Introduction to Silverline WAF (web application firewall)
F5 Networks: Introduction to Silverline WAF (web application firewall)F5 Networks
 
Getting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of ConceptsGetting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of ConceptsThousandEyes
 
Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access Er. Ajay Sirsat
 

Recommandé

BIG IP F5 GTM Presentation
BIG IP F5 GTM PresentationBIG IP F5 GTM Presentation
BIG IP F5 GTM PresentationPCCW GLOBAL
 
F5 Solutions for Service Providers
F5 Solutions for Service ProvidersF5 Solutions for Service Providers
F5 Solutions for Service ProvidersBAKOTECH
 
F5 - BigIP ASM introduction
F5 - BigIP ASM introductionF5 - BigIP ASM introduction
F5 - BigIP ASM introductionJimmy Saigon
 
Putting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation FirewallPutting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation FirewallCisco Canada
 
An Introduction to VMware NSX
An Introduction to VMware NSXAn Introduction to VMware NSX
An Introduction to VMware NSXScott Lowe
 
F5 Networks: Introduction to Silverline WAF (web application firewall)
F5 Networks: Introduction to Silverline WAF (web application firewall)F5 Networks: Introduction to Silverline WAF (web application firewall)
F5 Networks: Introduction to Silverline WAF (web application firewall)F5 Networks
 
Getting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of ConceptsGetting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of ConceptsThousandEyes
 
Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access Er. Ajay Sirsat
 
Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Zscaler
 
ASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment ScenariosASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment ScenariosCisco Canada
 
Fortinet security fabric
Fortinet security fabricFortinet security fabric
Fortinet security fabricANSItunCERT
 
Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)Anwesh Dixit
 
Fortigate Training
Fortigate TrainingFortigate Training
Fortigate TrainingNCS Computech Ltd.
 
Getting Started with ThousandEyes
Getting Started with ThousandEyesGetting Started with ThousandEyes
Getting Started with ThousandEyesThousandEyes
 
Cisco Security portfolio update
Cisco Security portfolio updateCisco Security portfolio update
Cisco Security portfolio updateAtanas Gergiminov
 
What is Zero Trust
What is Zero TrustWhat is Zero Trust
What is Zero TrustOkta-Inc
 
The Aruba Tech Support Top 10: WLAN design, configuration and troubleshooting...
The Aruba Tech Support Top 10: WLAN design, configuration and troubleshooting...The Aruba Tech Support Top 10: WLAN design, configuration and troubleshooting...
The Aruba Tech Support Top 10: WLAN design, configuration and troubleshooting...Aruba, a Hewlett Packard Enterprise company
 
Secure sd wan
Secure sd wanSecure sd wan
Secure sd wanDr. (Engr.) OLUGBENGA BABATUNDE(FBCS,CPMP,FCIPM,FIPMA,FIMC,CMC,MNSE)
 
Cisco Meraki Overview
Cisco Meraki OverviewCisco Meraki Overview
Cisco Meraki OverviewSSISG
 
Cisco IT and ThousandEyes
Cisco IT and ThousandEyesCisco IT and ThousandEyes
Cisco IT and ThousandEyesThousandEyes
 
Presentation fortinet securing the cloud
Presentation fortinet securing the cloudPresentation fortinet securing the cloud
Presentation fortinet securing the cloudxKinAnx
 
Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protectionxband
 
Meraki Solution Overview
Meraki Solution OverviewMeraki Solution Overview
Meraki Solution OverviewClaudiu Sandor
 
LTM essentials
LTM essentialsLTM essentials
LTM essentialsbharadwajv
 
ThousandEyes Alerting Essentials for Your Network
ThousandEyes Alerting Essentials for Your NetworkThousandEyes Alerting Essentials for Your Network
ThousandEyes Alerting Essentials for Your NetworkThousandEyes
 
Palo Alto Networks authentication
Palo Alto Networks authenticationPalo Alto Networks authentication
Palo Alto Networks authenticationAlberto Rivai
 
5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to PracticeAlgoSec
 
VMware NSX 101: What, Why & How
VMware NSX 101: What, Why & HowVMware NSX 101: What, Why & How
VMware NSX 101: What, Why & HowAniekan Akpaffiong
 
F5's IP Intelligence Service
F5's IP Intelligence ServiceF5's IP Intelligence Service
F5's IP Intelligence ServiceF5 Networks
 
Bezpečnostní architektura F5
Bezpečnostní architektura F5Bezpečnostní architektura F5
Bezpečnostní architektura F5MarketingArrowECS_CZ
 

Contenu connexe

Tendances

Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Zscaler
 
ASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment ScenariosASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment ScenariosCisco Canada
 
Fortinet security fabric
Fortinet security fabricFortinet security fabric
Fortinet security fabricANSItunCERT
 
Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)Anwesh Dixit
 
Getting Started with ThousandEyes
Getting Started with ThousandEyesGetting Started with ThousandEyes
Getting Started with ThousandEyesThousandEyes
 
Cisco Security portfolio update
Cisco Security portfolio updateCisco Security portfolio update
Cisco Security portfolio updateAtanas Gergiminov
 
What is Zero Trust
What is Zero TrustWhat is Zero Trust
What is Zero TrustOkta-Inc
 
The Aruba Tech Support Top 10: WLAN design, configuration and troubleshooting...
The Aruba Tech Support Top 10: WLAN design, configuration and troubleshooting...The Aruba Tech Support Top 10: WLAN design, configuration and troubleshooting...
The Aruba Tech Support Top 10: WLAN design, configuration and troubleshooting...Aruba, a Hewlett Packard Enterprise company
 
Cisco Meraki Overview
Cisco Meraki OverviewCisco Meraki Overview
Cisco Meraki OverviewSSISG
 
Cisco IT and ThousandEyes
Cisco IT and ThousandEyesCisco IT and ThousandEyes
Cisco IT and ThousandEyesThousandEyes
 
Presentation fortinet securing the cloud
Presentation fortinet securing the cloudPresentation fortinet securing the cloud
Presentation fortinet securing the cloudxKinAnx
 
Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protectionxband
 
Meraki Solution Overview
Meraki Solution OverviewMeraki Solution Overview
Meraki Solution OverviewClaudiu Sandor
 
LTM essentials
LTM essentialsLTM essentials
LTM essentialsbharadwajv
 
ThousandEyes Alerting Essentials for Your Network
ThousandEyes Alerting Essentials for Your NetworkThousandEyes Alerting Essentials for Your Network
ThousandEyes Alerting Essentials for Your NetworkThousandEyes
 
Palo Alto Networks authentication
Palo Alto Networks authenticationPalo Alto Networks authentication
Palo Alto Networks authenticationAlberto Rivai
 
5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to PracticeAlgoSec
 
VMware NSX 101: What, Why & How
VMware NSX 101: What, Why & HowVMware NSX 101: What, Why & How
VMware NSX 101: What, Why & HowAniekan Akpaffiong
 

Tendances (20)

Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?
 
ASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment ScenariosASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment Scenarios
 
Fortinet security fabric
Fortinet security fabricFortinet security fabric
Fortinet security fabric
 
Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)
 
Fortigate Training
Fortigate TrainingFortigate Training
Fortigate Training
 
Getting Started with ThousandEyes
Getting Started with ThousandEyesGetting Started with ThousandEyes
Getting Started with ThousandEyes
 
Cisco Security portfolio update
Cisco Security portfolio updateCisco Security portfolio update
Cisco Security portfolio update
 
What is Zero Trust
What is Zero TrustWhat is Zero Trust
What is Zero Trust
 
The Aruba Tech Support Top 10: WLAN design, configuration and troubleshooting...
The Aruba Tech Support Top 10: WLAN design, configuration and troubleshooting...The Aruba Tech Support Top 10: WLAN design, configuration and troubleshooting...
The Aruba Tech Support Top 10: WLAN design, configuration and troubleshooting...
 
Secure sd wan
Secure sd wanSecure sd wan
Secure sd wan
 
Cisco Meraki Overview
Cisco Meraki OverviewCisco Meraki Overview
Cisco Meraki Overview
 
Cisco IT and ThousandEyes
Cisco IT and ThousandEyesCisco IT and ThousandEyes
Cisco IT and ThousandEyes
 
Presentation fortinet securing the cloud
Presentation fortinet securing the cloudPresentation fortinet securing the cloud
Presentation fortinet securing the cloud
 
Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protection
 
Meraki Solution Overview
Meraki Solution OverviewMeraki Solution Overview
Meraki Solution Overview
 
LTM essentials
LTM essentialsLTM essentials
LTM essentials
 
ThousandEyes Alerting Essentials for Your Network
ThousandEyes Alerting Essentials for Your NetworkThousandEyes Alerting Essentials for Your Network
ThousandEyes Alerting Essentials for Your Network
 
Palo Alto Networks authentication
Palo Alto Networks authenticationPalo Alto Networks authentication
Palo Alto Networks authentication
 
5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice
 
VMware NSX 101: What, Why & How
VMware NSX 101: What, Why & HowVMware NSX 101: What, Why & How
VMware NSX 101: What, Why & How
 

En vedette

F5's IP Intelligence Service
F5's IP Intelligence ServiceF5's IP Intelligence Service
F5's IP Intelligence ServiceF5 Networks
 
F5 Synthesis Toronto February 2014 Roadshow
F5 Synthesis Toronto February 2014 RoadshowF5 Synthesis Toronto February 2014 Roadshow
F5 Synthesis Toronto February 2014 Roadshowpatmisasi
 
Conceptual integration of enterprise architecture management and security ris...
Conceptual integration of enterprise architecture management and security ris...Conceptual integration of enterprise architecture management and security ris...
Conceptual integration of enterprise architecture management and security ris...christophefeltus
 
Risk management: Part 2
Risk management: Part 2Risk management: Part 2
Risk management: Part 2ILRI
 
04 - I love my OS, he protects me (sometimes, in specific circumstances)
04 - I love my OS, he protects me (sometimes, in specific circumstances)04 - I love my OS, he protects me (sometimes, in specific circumstances)
04 - I love my OS, he protects me (sometimes, in specific circumstances)Alexandre Moneger
 
VMware Horizon with F5 BIG-IP vs. Citrix XenDesktop with Citrix NetScaler
VMware Horizon with F5 BIG-IP vs. Citrix XenDesktop with Citrix NetScalerVMware Horizon with F5 BIG-IP vs. Citrix XenDesktop with Citrix NetScaler
VMware Horizon with F5 BIG-IP vs. Citrix XenDesktop with Citrix NetScalerPrincipled Technologies
 
Risk Management at Wellfleet Bank: Deciding about Megadeals
Risk Management at Wellfleet Bank: Deciding about MegadealsRisk Management at Wellfleet Bank: Deciding about Megadeals
Risk Management at Wellfleet Bank: Deciding about MegadealsRishi Bajaj
 
A Modern Data Architecture for Risk Management... For Financial Services
A Modern Data Architecture for Risk Management... For Financial ServicesA Modern Data Architecture for Risk Management... For Financial Services
A Modern Data Architecture for Risk Management... For Financial ServicesMammoth Data
 
Python for the Network Nerd
Python for the Network NerdPython for the Network Nerd
Python for the Network NerdMatt Bynum
 
F5 Offers Advanced Web Security With BIG-IP v10.1
F5 Offers Advanced Web Security With BIG-IP v10.1F5 Offers Advanced Web Security With BIG-IP v10.1
F5 Offers Advanced Web Security With BIG-IP v10.1DSorensenCPR
 
Isaac albrecht guess who powerpoint
Isaac albrecht guess who powerpointIsaac albrecht guess who powerpoint
Isaac albrecht guess who powerpointHarmony Elementary
 

En vedette (20)

F5's IP Intelligence Service
F5's IP Intelligence ServiceF5's IP Intelligence Service
F5's IP Intelligence Service
 
Bezpečnostní architektura F5
Bezpečnostní architektura F5Bezpečnostní architektura F5
Bezpečnostní architektura F5
 
F5 Synthesis Toronto February 2014 Roadshow
F5 Synthesis Toronto February 2014 RoadshowF5 Synthesis Toronto February 2014 Roadshow
F5 Synthesis Toronto February 2014 Roadshow
 
Conceptual integration of enterprise architecture management and security ris...
Conceptual integration of enterprise architecture management and security ris...Conceptual integration of enterprise architecture management and security ris...
Conceptual integration of enterprise architecture management and security ris...
 
Risk management: Part 2
Risk management: Part 2Risk management: Part 2
Risk management: Part 2
 
04 - I love my OS, he protects me (sometimes, in specific circumstances)
04 - I love my OS, he protects me (sometimes, in specific circumstances)04 - I love my OS, he protects me (sometimes, in specific circumstances)
04 - I love my OS, he protects me (sometimes, in specific circumstances)
 
Current Practices by SPA Delhi
Current Practices by SPA DelhiCurrent Practices by SPA Delhi
Current Practices by SPA Delhi
 
VMware Horizon with F5 BIG-IP vs. Citrix XenDesktop with Citrix NetScaler
VMware Horizon with F5 BIG-IP vs. Citrix XenDesktop with Citrix NetScalerVMware Horizon with F5 BIG-IP vs. Citrix XenDesktop with Citrix NetScaler
VMware Horizon with F5 BIG-IP vs. Citrix XenDesktop with Citrix NetScaler
 
Risk Management at Wellfleet Bank: Deciding about Megadeals
Risk Management at Wellfleet Bank: Deciding about MegadealsRisk Management at Wellfleet Bank: Deciding about Megadeals
Risk Management at Wellfleet Bank: Deciding about Megadeals
 
A Modern Data Architecture for Risk Management... For Financial Services
A Modern Data Architecture for Risk Management... For Financial ServicesA Modern Data Architecture for Risk Management... For Financial Services
A Modern Data Architecture for Risk Management... For Financial Services
 
Python for the Network Nerd
Python for the Network NerdPython for the Network Nerd
Python for the Network Nerd
 
F5 Offers Advanced Web Security With BIG-IP v10.1
F5 Offers Advanced Web Security With BIG-IP v10.1F5 Offers Advanced Web Security With BIG-IP v10.1
F5 Offers Advanced Web Security With BIG-IP v10.1
 
Isaac albrecht guess who powerpoint
Isaac albrecht guess who powerpointIsaac albrecht guess who powerpoint
Isaac albrecht guess who powerpoint
 
Avery F
Avery FAvery F
Avery F
 
Kimsey d
Kimsey dKimsey d
Kimsey d
 
Erin p
Erin pErin p
Erin p
 
Matthew c
Matthew cMatthew c
Matthew c
 
Trentonhall
TrentonhallTrentonhall
Trentonhall
 
Faith d
Faith dFaith d
Faith d
 
Bailey carder
Bailey carderBailey carder
Bailey carder
 

Similaire à F5 Networks: architecture and risk management

Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?Cisco Canada
 
f5_synthesis_cisco_connect.pdf
f5_synthesis_cisco_connect.pdff5_synthesis_cisco_connect.pdf
f5_synthesis_cisco_connect.pdfGrigoryShkolnik1
 
F5 Value For Virtualization
F5 Value For VirtualizationF5 Value For Virtualization
F5 Value For VirtualizationPatricio Campos
 
Gateway RIMS (Remote Infrastructure Management Services)
Gateway RIMS (Remote Infrastructure Management Services)Gateway RIMS (Remote Infrastructure Management Services)
Gateway RIMS (Remote Infrastructure Management Services)sonnysonare
 
Plnog 3: Zbigniew Skurczyński - Wirtualizacja i optymalizacja infrastruktury
Plnog 3: Zbigniew Skurczyński - Wirtualizacja i optymalizacja infrastrukturyPlnog 3: Zbigniew Skurczyński - Wirtualizacja i optymalizacja infrastruktury
Plnog 3: Zbigniew Skurczyński - Wirtualizacja i optymalizacja infrastrukturyPROIDEA
 
F5’s VMware Horizon View Reference Architecture
F5’s VMware Horizon View Reference ArchitectureF5’s VMware Horizon View Reference Architecture
F5’s VMware Horizon View Reference ArchitecturePeter Silva
 
F5’s VMware Horizon View Reference Architecture
F5’s VMware Horizon View Reference ArchitectureF5’s VMware Horizon View Reference Architecture
F5’s VMware Horizon View Reference ArchitectureF5 Networks
 
F5’s VMware Horizon View Reference Architecture
F5’s VMware Horizon View Reference ArchitectureF5’s VMware Horizon View Reference Architecture
F5’s VMware Horizon View Reference ArchitectureF5 Networks
 
Forcepoint SD-WAN and NGFW + IPS
Forcepoint SD-WAN and NGFW + IPSForcepoint SD-WAN and NGFW + IPS
Forcepoint SD-WAN and NGFW + IPSLarry Austin
 
Information Security
Information SecurityInformation Security
Information SecurityMohit8780
 
BIG-IP Data Center Firewall Solution
BIG-IP Data Center Firewall SolutionBIG-IP Data Center Firewall Solution
BIG-IP Data Center Firewall SolutionF5 Networks
 
Sccm 2012 overview - chris_estonina
Sccm 2012 overview - chris_estoninaSccm 2012 overview - chris_estonina
Sccm 2012 overview - chris_estoninaMicrosoft Singapore
 
Cloud Tools for Connected Communities
Cloud Tools for Connected CommunitiesCloud Tools for Connected Communities
Cloud Tools for Connected CommunitiesPeter Coffee
 
Ensuring Privacy & Transparency within Hybrid Clouds
Ensuring Privacy & Transparency within Hybrid Clouds Ensuring Privacy & Transparency within Hybrid Clouds
Ensuring Privacy & Transparency within Hybrid Clouds Marcin Kotlarski
 
Elastic Caching for a Smarter Planet - Make Every Transaction Count
Elastic Caching for a Smarter Planet - Make Every Transaction CountElastic Caching for a Smarter Planet - Make Every Transaction Count
Elastic Caching for a Smarter Planet - Make Every Transaction CountYakura Coffee
 
stackArmor - Security MicroSummit - McAfee
stackArmor - Security MicroSummit - McAfeestackArmor - Security MicroSummit - McAfee
stackArmor - Security MicroSummit - McAfeeGaurav "GP" Pal
 

Similaire à F5 Networks: architecture and risk management (20)

Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?
 
f5_synthesis_cisco_connect.pdf
f5_synthesis_cisco_connect.pdff5_synthesis_cisco_connect.pdf
f5_synthesis_cisco_connect.pdf
 
F5 Value For Virtualization
F5 Value For VirtualizationF5 Value For Virtualization
F5 Value For Virtualization
 
Gateway RIMS (Remote Infrastructure Management Services)
Gateway RIMS (Remote Infrastructure Management Services)Gateway RIMS (Remote Infrastructure Management Services)
Gateway RIMS (Remote Infrastructure Management Services)
 
Plnog 3: Zbigniew Skurczyński - Wirtualizacja i optymalizacja infrastruktury
Plnog 3: Zbigniew Skurczyński - Wirtualizacja i optymalizacja infrastrukturyPlnog 3: Zbigniew Skurczyński - Wirtualizacja i optymalizacja infrastruktury
Plnog 3: Zbigniew Skurczyński - Wirtualizacja i optymalizacja infrastruktury
 
F5’s VMware Horizon View Reference Architecture
F5’s VMware Horizon View Reference ArchitectureF5’s VMware Horizon View Reference Architecture
F5’s VMware Horizon View Reference Architecture
 
F5’s VMware Horizon View Reference Architecture
F5’s VMware Horizon View Reference ArchitectureF5’s VMware Horizon View Reference Architecture
F5’s VMware Horizon View Reference Architecture
 
F5’s VMware Horizon View Reference Architecture
F5’s VMware Horizon View Reference ArchitectureF5’s VMware Horizon View Reference Architecture
F5’s VMware Horizon View Reference Architecture
 
Forcepoint SD-WAN and NGFW + IPS
Forcepoint SD-WAN and NGFW + IPSForcepoint SD-WAN and NGFW + IPS
Forcepoint SD-WAN and NGFW + IPS
 
Sdn primer pdf
Sdn primer pdfSdn primer pdf
Sdn primer pdf
 
Information Security
Information SecurityInformation Security
Information Security
 
BIG-IP Data Center Firewall Solution
BIG-IP Data Center Firewall SolutionBIG-IP Data Center Firewall Solution
BIG-IP Data Center Firewall Solution
 
Mcafee ips nsp-2011
Mcafee ips nsp-2011Mcafee ips nsp-2011
Mcafee ips nsp-2011
 
Sccm 2012 overview - chris_estonina
Sccm 2012 overview - chris_estoninaSccm 2012 overview - chris_estonina
Sccm 2012 overview - chris_estonina
 
Rik Ferguson
Rik FergusonRik Ferguson
Rik Ferguson
 
Cloud Tools for Connected Communities
Cloud Tools for Connected CommunitiesCloud Tools for Connected Communities
Cloud Tools for Connected Communities
 
Ensuring Privacy & Transparency within Hybrid Clouds
Ensuring Privacy & Transparency within Hybrid Clouds Ensuring Privacy & Transparency within Hybrid Clouds
Ensuring Privacy & Transparency within Hybrid Clouds
 
Elastic Caching for a Smarter Planet - Make Every Transaction Count
Elastic Caching for a Smarter Planet - Make Every Transaction CountElastic Caching for a Smarter Planet - Make Every Transaction Count
Elastic Caching for a Smarter Planet - Make Every Transaction Count
 
Ixia/Net Optics - Visibility Architecture Solution Brief
Ixia/Net Optics - Visibility Architecture Solution BriefIxia/Net Optics - Visibility Architecture Solution Brief
Ixia/Net Optics - Visibility Architecture Solution Brief
 
stackArmor - Security MicroSummit - McAfee
stackArmor - Security MicroSummit - McAfeestackArmor - Security MicroSummit - McAfee
stackArmor - Security MicroSummit - McAfee
 

Plus de AEC Networks

Soluciones de Seguridad para Banca & Finanzas
Soluciones de Seguridad para Banca & FinanzasSoluciones de Seguridad para Banca & Finanzas
Soluciones de Seguridad para Banca & FinanzasAEC Networks
 
F5 Networks - Soluciones para Banca & Finanzas
F5 Networks - Soluciones para Banca & FinanzasF5 Networks - Soluciones para Banca & Finanzas
F5 Networks - Soluciones para Banca & FinanzasAEC Networks
 
The Extreme Experience
The Extreme ExperienceThe Extreme Experience
The Extreme ExperienceAEC Networks
 
Barracuda Networks Solutions
Barracuda Networks SolutionsBarracuda Networks Solutions
Barracuda Networks SolutionsAEC Networks
 
Barracuda Networks Overview
Barracuda Networks OverviewBarracuda Networks Overview
Barracuda Networks OverviewAEC Networks
 
Blue Coat: Application Delivery Networks
Blue Coat: Application Delivery NetworksBlue Coat: Application Delivery Networks
Blue Coat: Application Delivery NetworksAEC Networks
 
Zscaler - webcast de Gartner - Los peligros ocultos detrás de su motor de bús...
Zscaler - webcast de Gartner - Los peligros ocultos detrás de su motor de bús...Zscaler - webcast de Gartner - Los peligros ocultos detrás de su motor de bús...
Zscaler - webcast de Gartner - Los peligros ocultos detrás de su motor de bús...AEC Networks
 
Cifrado de Datos - PGP Corporation
Cifrado de Datos - PGP CorporationCifrado de Datos - PGP Corporation
Cifrado de Datos - PGP CorporationAEC Networks
 
Virtualización de Archivos - F5 Networks
Virtualización de Archivos - F5 NetworksVirtualización de Archivos - F5 Networks
Virtualización de Archivos - F5 NetworksAEC Networks
 
Combatiendo Amenazas de Seguridad en la Nube - WatchGuard
Combatiendo Amenazas de Seguridad en la Nube - WatchGuardCombatiendo Amenazas de Seguridad en la Nube - WatchGuard
Combatiendo Amenazas de Seguridad en la Nube - WatchGuardAEC Networks
 
Virtualización en la Red del Data Center - Extreme Networks
Virtualización en la Red del Data Center - Extreme NetworksVirtualización en la Red del Data Center - Extreme Networks
Virtualización en la Red del Data Center - Extreme NetworksAEC Networks
 
Cata de Vinos de Chile
Cata de Vinos de ChileCata de Vinos de Chile
Cata de Vinos de ChileAEC Networks
 
Feliz Navidad 2009
Feliz Navidad 2009Feliz Navidad 2009
Feliz Navidad 2009AEC Networks
 
WatchGuard´s XCS Brochure
WatchGuard´s XCS BrochureWatchGuard´s XCS Brochure
WatchGuard´s XCS BrochureAEC Networks
 
Introduccion a enVision de RSA
Introduccion a enVision de RSAIntroduccion a enVision de RSA
Introduccion a enVision de RSAAEC Networks
 
Data Loss Prevention de RSA
Data Loss Prevention de RSAData Loss Prevention de RSA
Data Loss Prevention de RSAAEC Networks
 
Retos y Tendencias en Redes Convergentes
Retos y Tendencias en Redes ConvergentesRetos y Tendencias en Redes Convergentes
Retos y Tendencias en Redes ConvergentesAEC Networks
 

Plus de AEC Networks (18)

Soluciones de Seguridad para Banca & Finanzas
Soluciones de Seguridad para Banca & FinanzasSoluciones de Seguridad para Banca & Finanzas
Soluciones de Seguridad para Banca & Finanzas
 
F5 Networks - Soluciones para Banca & Finanzas
F5 Networks - Soluciones para Banca & FinanzasF5 Networks - Soluciones para Banca & Finanzas
F5 Networks - Soluciones para Banca & Finanzas
 
The Extreme Experience
The Extreme ExperienceThe Extreme Experience
The Extreme Experience
 
Barracuda Networks Solutions
Barracuda Networks SolutionsBarracuda Networks Solutions
Barracuda Networks Solutions
 
Barracuda Networks Overview
Barracuda Networks OverviewBarracuda Networks Overview
Barracuda Networks Overview
 
La Cerveza
La CervezaLa Cerveza
La Cerveza
 
Blue Coat: Application Delivery Networks
Blue Coat: Application Delivery NetworksBlue Coat: Application Delivery Networks
Blue Coat: Application Delivery Networks
 
Zscaler - webcast de Gartner - Los peligros ocultos detrás de su motor de bús...
Zscaler - webcast de Gartner - Los peligros ocultos detrás de su motor de bús...Zscaler - webcast de Gartner - Los peligros ocultos detrás de su motor de bús...
Zscaler - webcast de Gartner - Los peligros ocultos detrás de su motor de bús...
 
Cifrado de Datos - PGP Corporation
Cifrado de Datos - PGP CorporationCifrado de Datos - PGP Corporation
Cifrado de Datos - PGP Corporation
 
Virtualización de Archivos - F5 Networks
Virtualización de Archivos - F5 NetworksVirtualización de Archivos - F5 Networks
Virtualización de Archivos - F5 Networks
 
Combatiendo Amenazas de Seguridad en la Nube - WatchGuard
Combatiendo Amenazas de Seguridad en la Nube - WatchGuardCombatiendo Amenazas de Seguridad en la Nube - WatchGuard
Combatiendo Amenazas de Seguridad en la Nube - WatchGuard
 
Virtualización en la Red del Data Center - Extreme Networks
Virtualización en la Red del Data Center - Extreme NetworksVirtualización en la Red del Data Center - Extreme Networks
Virtualización en la Red del Data Center - Extreme Networks
 
Cata de Vinos de Chile
Cata de Vinos de ChileCata de Vinos de Chile
Cata de Vinos de Chile
 
Feliz Navidad 2009
Feliz Navidad 2009Feliz Navidad 2009
Feliz Navidad 2009
 
WatchGuard´s XCS Brochure
WatchGuard´s XCS BrochureWatchGuard´s XCS Brochure
WatchGuard´s XCS Brochure
 
Introduccion a enVision de RSA
Introduccion a enVision de RSAIntroduccion a enVision de RSA
Introduccion a enVision de RSA
 
Data Loss Prevention de RSA
Data Loss Prevention de RSAData Loss Prevention de RSA
Data Loss Prevention de RSA
 
Retos y Tendencias en Redes Convergentes
Retos y Tendencias en Redes ConvergentesRetos y Tendencias en Redes Convergentes
Retos y Tendencias en Redes Convergentes
 

Dernier

Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditSkynet Technologies
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 

Dernier (20)

Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance Audit
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 

F5 Networks: architecture and risk management

  • 1. Architecture and Risk Management Hugo Tovar Systems Engineer México, Central America & the Caribbean
  • 2. Agenda •  Application Delivery Challenges •  Unified Architecture •  Security Challenges •  Data Center Firewall •  Security Use Cases •  Contextual Access Control for Mobility and BYOD •  Vulnerability assessment & Application Security •  Call to action 2 © F5 Networks, Inc.
  • 3. • Application delivery and optimization solutions are underutilized and poorly understood in many IT organizations. • The skills required to fully utilize these solutions are broad and touch on multiple IT disciplines. 2011: Mark Fabbi, Distinguished Analyst “Three Phases to Improve Application Delivery Teams” 3 © F5 Networks, Inc.
  • 4. Edge Gateway –Manager (GTM) – F5 Network Diagram Global Traffic Provides SSL VPN remote Automatically routes access security with applicationbest performing data acceleration connections to the Manager GatewayProvides secure, VPN remote Access Policy closest or (APM) – – Provides SSL Edge and optimization servicespolicy-based of theAscontrol. center in Local Traffic access edge accessoraother at the the eventand Manager (LTM)with application acceleration security – context-aware, of an outage, overload, full proxy between network, allusers and simplifies authentication, authorization, in one efficient, scalable, and times for users disruption. The and applicationresponsebrowsersuser connections Centralizes result is faster servers, spreads from Web Accelerator (WA) – Stops web services at the edge of the and optimization cost effective solution(AAA)clustered servers using a the BIG- across of Manager – Manager (ASM) broad Enterprise Security content Applicationnetwork, is a centralized and optimal use multiple management directlythe – An range of needlessly re-requesting dataall in one efficient, and accounting multiple pagecenters from on scalable, and techniques to secure, optimize and load devices management appliance for F5 BIG-IP® balance IP systemadvanced web applicationsolution that WAN webcost effective firewall users of server. Enables Optimizationto handle (WOM) – Speeds data servers traffic userModule more application you a applications and their data that givescritical consolidated, real-time to 10 and increases interactive performance up view protects over the enable you to dramatically simplify F5 ARX File Virtualization devicesWAN and provides high performance, transfers your entire F5 against application-specific application delivery by defending and high availability for application traffic times data management and reduce storage costs. By introducing intelligent encryption, infrastructurebypass conventional firewalls attacks that storage infrastructure, ARX eliminates the file virtualizationbetween file into the BIG-IP devices Data Manager Software – file system discovery, data profiling, disruption associated with storage administration and automates many and powerful reporting give organizations a detailed look inside storage management tasks. The result is a dramatic improvement in the environment so that better management policies can be cost, agility, and business efficiency created for a more efficient and cost-effective storage environment 4 © F5 Networks, Inc.
  • 5. Top Issues for Retail Bank IT Executives… Issue Ratings: 5 = Very Important 5,00 4,50 4,00 3,50 3,00 2,50 2,00 1,50 1,00 0,50 0,00 Payments Reg impact on Core Multichannel Mobility Cloud Computing Compliance Systems Delivery Source: CEB TowerGroup; N = 11 banks, November 2011 …Align with the top IT Initiatives 5 © F5 Networks, Inc. Exhibit #: Issue 356-E1
  • 6. Traditional Approach Security Architecture Unified DDoS WEB APP LOAD FIREWALL PROTECTION FIREWALL BALANCER ACCESS MANAGEMENT DNS SECURITY 6 © F5 Networks, Inc.
  • 7. Unified Security Architecture DNS   WEB   ACCESS   LTM   7 © F5 Networks, Inc.
  • 8. F5 – Best Alternative for SSL Acceleration Emerging security risks with 512 and 1024 length keys Support for Large SSL Keys (2048 & 4096) Cumulative Cumulative Key Size 32 Bit Commodity 64Bit Commodity Performance Slowdown Performance Slowdown 512 2,357 TPS N/A   8008 TPS N/A   1024 525 TPS 4.5x 1570 TPS 5.1x 2048 96 TPS 5.5x 273 TPS 5.8x 4096 15 TPS 6.4x 38 TPS 7.2x Key Size PB100/200 11000 Series 8900 Series 1024 58,000 TPS 120,000 TPS 58,000 TPS 2048 12,000 TPS 24,000 TPS 12,000 TPS 4096 1800 TPS 3500 TPS 1800 TPS 8 ** Note: These numbers are initial performance results © F5 Networks, Inc.
  • 9. Security Challenges 54% A Denial of Service tool… using SSL/TLS showed the of hacking breaches potential for an everyday laptop in larger organizations on an average connection to occur happen at the take down an enterprise web web application server Anonymous proxies… have Threat detection today… hinges on two steadily increased, more than We still see elements: identifying suspicious activity quadrupling in number as SQL Injection as a choice point of among billions of data points, and compared to three years ago. entry for attacker refining a large set of suspicious incidents down to those that matter The most significant change we saw in 2011 was the rise of “hacktivism” against larger organizations worldwide 9 © F5 Networks, Inc.
  • 10. What happened to WikiLeaks •  Several companies stopped the service for WikiLeaks although it is not proven that WikiLeaks violates the existing law •  Amazon removed all WikiLeaks content from their servers •  EveryDNS switched off the DNS resolution for wikileaks.org •  Several financial institutes locked up donation accounts 10 © F5 Networks, Inc.
  • 11. Finally… •  Thousand of internet users unloaded their accumulated anger starting 7th Dec 2010 •  Web servers of Swiss Postfinance bank were down for several hours •  Credit card companies like Mastercard and VISA where not accessible for several hours/day over several days •  Paypal’s transaction network were slow but not taken down completely 11 © F5 Networks, Inc.
  • 12. Behind the scenes •  Operation Payback admitted to this attack. They are also known as Anonymous from previous attacks •  They used a modified version of the tool called LOIC •  Originally developed for load tests •  Nearly 50,000 people downloaded it to “join voluntary botnet” •  It performs a DoS or DDoS on a target site by flooding the server with TCP packets, UDP packets or HTTP requests to disrupt the service of a host 12 © F5 Networks, Inc.
  • 13. How did customers leverage their ADC to address the DDoS problem? http://youtu.be/VGDN5xAHCak 13 © F5 Networks, Inc.
  • 14. Slowloris, Slow POST attack How to choke a web server slowly... Takes down a web server with minimal bandwidth Slowloris begins by sending a partial HTTP request... ...Followed by subsequent HTTP headers… …One at a time ..Very slowly... ...and never ends... Slow POST attack The data is sent very slow Server holds connection open and runs out of available connections Result – server is unavailable with no errors in the logs 14 © F5 Networks, Inc.
  • 15. Everyone is vulnerable http://www.whitehatsec.com/home/resource/stats.html Data were collected from 3000 websites in 2010 The average number of serious* vulnerabilities per website, the percentage of reported vulnerabilities that have been resolved (Remediation Rate), and average the number of days a website is exposed to at least one serious vulnerability 15 (Window of Exposure). © F5 Networks, Inc.
  • 16. What Has Been Missing? BIG-IP Now Certified as Network Firewall User Access Data Protection App Security 16 © F5 Networks, Inc.
  • 17. The World’s Fastest and Most Extensible Data Center Firewall 17 © F5 Networks, Inc.
  • 18. What’s a Data Center Firewall? How is it different from Conventional and NGFW? Conventional NGFW DCFW •  Layer 3, 4 •  Layer 7, AppID, UserID •  Layer 3-7, In-bound •  Mostly In-bound •  Out-bound Analysis •  Application Delivery •  Management, •  Who is doing what? •  In-bound User Context Reporting •  Broad but Shallow: •  SSL Termination •  Unaware of users, 1000 users connecting applications, context to 20,000 sites, 40,000 •  Narrow but Deep: 1M protocols users 100 applications, •  Used everywhere, but 6 Protocols unintelligent, ancient •  Used primarily in technology Enterprise to monitor •  Used by Consumer users within Banking, Social media 18 © F5 Networks, Inc.
  • 19. SYN flood DC Firewall User Geolocation protection and many others Security External Users The Internet Data Center image cannot be display ed. The image cannot be displayed. Your computer may not have enough memory to open the image, or the The image cannot be The image cannot be displayed. Your computer have been corrupted. image may may not have enough memory to open the your computer, and then open Restart displayed. Your computer may not F5.com image, or the image may have been corrupted. the file again. If the red x still appears, have enough memory Restart your computer, and then openyou may have to delete the image and the file to open the image, or again. If the red x still appears, you may have to it again. then insert delete the image and then insert it again. the image may have been corrupted. owa.f5.com Restart your computer, and then DevCentral.F5.com open the file again. If Internet the red x still appears, you may have to delete the image and then insert it again. websupport.f5.com Router ihealth.f5.com High Concurrent Connection downloads.F5.com capacity •  F5 helps you to mitigate DDoS and flood based attacks •  Stateful, Default Deny Behavior •  High Concurrent Connection and conn/sec capacity •  User Geo-location awareness •  SSL (HW accelerated encryption/decryption) •  IPsec site to site •  Packet Filtering •  Flood protection mechanisms 19 •  Carrier Grade NAT (NAT, NAT64) © F5 Networks, Inc.
  • 20. Mitigating DoS Attacks Protect Against: Protect With: Network Based Distributed Denial Of Service (DDOS) VIPRION BIG-IP LTM DoS Protections •  Packet Filtering •  Syn Cookies (L4 DoS) •  Dynamic Reaping (L4 DoS) •  TCP Full Proxy (L4 DoS) •  Rate shaping (L4->L7 DoS) •  iRules (e.g. SSL DoS protection) •  Very High Performance •  Very large connection tables 20 © F5 Networks, Inc.
  • 21. Securing and Scaling DNS Services 21 © F5 Networks, Inc.
  • 22. Authoritative DNS Security Basic GSLB Securing DNS Servers Delegation Overview •  Traditional firewall •  DNS server farm •  Global Server Load Balancing DNS Servers Limitations •  Vunerable to DNS Attacks •  No response validation •  Inability to scale GTM 22 © F5 Networks, Inc.
  • 23. Authoritative DNS Security GTM Inline or Securing DNS Infrastructure slave Overview •  Consolidated Device •  Firewall Service •  DNS Service •  Anycast DNS Server Benefits •  High Performance DNS •  Scalable DNS GTM •  Dynamic DNSec Signing •  DDoS Resistent 23 © F5 Networks, Inc.
  • 24. DNSSec Wrapping http://youtu.be/566EmH3H32A 24 © F5 Networks, Inc.
  • 25. Context Based Access Control For Mobility And BYOD 25 © F5 Networks, Inc.
  • 26. Context leverages information about the end user to improve the interaction Who •  Who is the user? What •  What devices are requesting access? Where •  Where are they coming from? •  When are they allowed to access? When •  How did they navigate to the page/site? How 26 © F5 Networks, Inc.
  • 27. Securely Manage Access The image cannot be displayed. Your computer may not have enough memory to open the image, or the DMZ image may have been corrupted. The image F5 Access Policy Manager Restart your computer, and then open the file again. If the red x still appears, you may have to delete the image and canno then insert it again. t be displa yed. Your comp Hypervisor 4,000 Remote Users Internet Virtual Desktops The image cannot be displayed. The image cannot Your computer be displayed. may not have Your computer enough memory may not have enough memory to open the image, or the image may have The image cannot be displayed. Your computer may not have enough memory to open the image, or the image may have been corrupted. Restart your computer, and The image cannot be 1,000 Wireless Users then open the file again. If the red x still appears, you may have to delete the image and then insert it again. displayed. Your computer may The image cannot be displayed. Your computer may not have enough memory to open the image, or the image may have been corrupted. Restart your Internal LAN The image computer, and then open the file again. If cannot be VLAN 1 the red x still appears, displayed. Your The computer may image not have cannot enough be memory to displayed open the . Your image, or the compute image may r may have been not have corrupted. enough memory Utilize existing user directory 15,000 Corporate Users Internal LAN •  High performance – 26,000 users at $7+ per user VLAN 2 The •  Scale up to 100,000 users Th imag ee im cann ag ot be •  Flexible and centralized security policy management displ ayed. Your •  Integrated endpoint security checking 6,000 Corporate Branch Users •  Secure Single Sign-on 27 © F5 Networks, Inc.
  • 28. BYOD Trust Model •  The trust level of a mobile device is dynamic •  Identify and evaluate the risk of personal devices •  Review the value of apps and data •  Define remediation options •  Notifications •  Access control •  Quarantine •  Selective wipe •  Set a tiered policy 28 © F5 Networks, Inc.
  • 29. Use Case Access with baseline security, no MDM APM/ASM Kerberos SSO þ Certificate Resources Check þ UUID Check Request ticket Exchange Active Directory 29 © F5 Networks, Inc.
  • 30. Use Case Normal access with MDM, VPN on-demand two-factor authentication APM/ASM Kerberos SSO þ Certificate Check þ UUID Check Request ticket Active Directory Two factors: •  Pin •  Certificate MDM (Mobile Device Management) (Mobile Iron, Airwatch, Silverback and Zenprise) 30 © F5 Networks, Inc.
  • 31. Use Case Managed and BYOD access combines UUID check with ACLs ACLs APM/ASM Unmanaged devices get limited access þ Certificate Check ý UUID Check Managed devices get full access MDM Active Directory 31 © F5 Networks, Inc.
  • 32. Use Case – BBC (BYOD Project) First access with MDM, new enrollment with self-service APM/ASM Verify credentials ý Certificate Check AAA þ Username/ SSO Password Device data When cert check fails, APM Optional OTP Certificate will proxy access to MDM’s (One Time Password) registration registration page Provisioning OTP sent via SMS or email; •  Apps MDM adds two-factor security •  Certificates (Mobile Device •  Profiles Management) Provisioning via MDM “phone home” 32 © F5 Networks, Inc.
  • 33. Vulnerability Assessment and Web Application Security 33 © F5 Networks, Inc.
  • 34. IP Intelligence Reputation Scanners Deny access to infected IPs Probes, scans, brute force Windows Exploits Denial of Service Known distributed IPs DoS, DDoS, Syn flood Web Attacks Phishing Proxies IPs used for SQL Injection, CSRF Phishing sites host BotNets Anonymous Proxies Infected IPs controlled by Bots Anon services, Tor 34 © F5 Networks, Inc.
  • 35. IP Intelligence: Defend Against Malicious Activity and Web Attacks Enhance automated application delivery We need to approach decisions adding better intelligence and stronger security different security based on context. Layer of IP threat protection delivers context to identify and block IP threats using a dynamic data set of high-risk IP addresses. Visibility into threats from multiple sources leverages a global threat sensor network Deliver intelligence in a simple way reveals inbound and outbound communication Evolving Threats Real-time updates keep protection at peak performance refreshing database every five minutes. 35 © F5 Networks, Inc.
  • 36. IP Intelligence •  Fast IP update of malicious activity •  Global sensors capture IP behaviors •  Threat correlation reviews/ blocks/ releases Key Threats Sensor Techniques IP Intelligence Service: Threat Correlation Internet Semi-open Proxy Farms Dynamic Threat IPs Web Attacks every 5min. Exploit Honeypots Reputation Windows Exploits Naïve User Simulation IP Intelligence Botnets Web App Honeypots Scanners Network Attacks Third-party Sources DNS BIG-IP System 36 © F5 Networks, Inc.
  • 37. IP Intelligence Botnet IP Intelligence Service IP address feed updates every 5 min Attacker Custom Application Financial Application BIG-IP System Anonymous requests ? Geolocation database Anonymous Internally infected Proxies devices and servers Scanners •  Use IP intelligence to defend attacks 37 •  Reduce operation and capital expenses © F5 Networks, Inc.
  • 38. Unknown Vulnerabilities in Web Apps •  Unable to find or mitigate vulnerabilities •  Very expensive to fix by recoding •  Difficult to include scanner assessments •  Need assurance that app sec. is deployed properly Web Application Vulnerabilities as a percentage of all disclosures in 2011 H1 Web Applications: 37 percent Others: 63 percent Source: 1BM X-Force Research and Development 38 © F5 Networks, Inc.
  • 39. Leading Web Application Attack Protection BIG-IP Application Security Manager Users o  Protect from latest web threats Web Application o  DDoS, SlowLoris, & more BIG-IP ASM Security o  Quickly resolve vulnerabilities o  Meeting PCI compliance Web Applications Private Public Physical Virtual Multi-Site DCs Cloud 39 © F5 Networks, Inc.
  • 40. Protect Applications from Threats Adaptive and unique attack protection Gain visibility Understand Take action into application session context and mitigate sessions and apply policy offending clients 40 © F5 Networks, Inc.
  • 41. Automatic DOS Attack Detection and Protection o  Accurate detection technique – based on latency o  3 different mitigation techniques escalated serially o  Focus on higher value productivity while automatic controls intervene Detect a DOS condition Identify potential attackers Drop only the attackers 41 © F5 Networks, Inc.
  • 42. Open Web Application Security Project (OWASP) OWASP Top 10 Web Application Security Risks: 1.  Injection 2.  Cross-Site Scripting (XSS) 3.  Broken Authentication and Session Management 4.  Insecure Direct Object References 5.  Cross-Site Request Forgery (CSRF) 6.  Security Misconfiguration 7.  Insecure Cryptographic Storage 8.  Failure to Restrict URL Access 9.  Insufficient Transport Layer Protection 10.  Unvalidated Redirects and Forwards 42Source: www.owasp.org © F5 Networks, Inc.
  • 43. Out-of-the-Box Deployment No false positives Fast web application Learning mode implementation •  Gradual deployment •  Rapid deployment •  Transparent or semi- policy transparent •  Pre-configured •  Manual or automatic application policies •  Full blocking policies 43 © F5 Networks, Inc.
  • 44. Meet PCI Compliance Easily comply with audits PCI reporting provides: •  Requirements with details •  Current compliancy state •  Steps to become compliant 44 © F5 Networks, Inc.
  • 45. 45 © F5 Networks, Inc.
  • 46. Solution: Quickly Resolve Application Vulnerabilities Request made BIG-IP ASM security policy checked Server response Enforcement Sensitive information, application cloaking Secure response BIG-IP ASM applies Vulnerable delivered security policy application •  Maintain security at application, protocol, and network levels •  Launch secure applications protected from vulnerabilities 46 © F5 Networks, Inc.
  • 47. F5 BIG-IP products enabled us to improve security for an existing application instead of having to invest time and money into developing a new, more secure application. Application Manager, Global 500 Media and Entertainment Company TechValidate 0C0-126-2FB 47 © F5 Networks, Inc.
  • 48. Integrated Vulnerability Scanning Customer  Website   Vulnerability  Scanner   •   Finds  a  vulnerability   •   Virtual-­‐patching  with          one-­‐click  on  BIG-­‐IP  ASM   •  Vulnerability  checking,     detecDon  and  remediaDon   BIG-­‐IP  ApplicaAon  Security  Manager   •  Complete  website  protecDon   • Qualys   • IBM   • WhiteHat   • Cenzic   •   Verify,  assess,  resolve  and  retest  in  one  UI   •   AutomaDc  or  manual  creaDon  of  policies   •   Discovery  and  remediaDon  in  minutes     48 © F5 Networks, Inc.
  • 49. Free App Scan Service to Mitigate Vulnerabilities •  Free application vulnerability scan: •  Cenzic Cloud in ASM UI •  3 free scans •  Configure vulnerability Data Center policy in BIG-IP ASM •  Protection from web app attacks BIG-IP Application Security Manager Web 2.0 Apps Attacker Internet Private BIG-IP Application Security Manager Cloud Apps Virtual Edition Clients 49 © F5 Networks, Inc.
  • 50. The most flexible solution 50 © F5 Networks, Inc.
  • 51. F5 Value to FSI Employ Using F5’s intelligent approach to IT as a Service application delivery Simplify your infrastructure through F5’s ability to streamline and automate existing network investments. Reduce threats and simplify security by taking advantage of F5’s unified security capabilities. Get world-class business continuity through Transform IT F5’s built-in disaster recovery and high availability capabilities Secure 51 Agility © F5 Networks, Inc.
  • 52. Call to action The load balancer is dead - leverage your ADC as a strategic Point of Control http://youtu.be/Sh8mNjeuyV4 52 © F5 Networks, Inc.
  • 53. © 2012 F5 Networks, Inc. All rights reserved. F5, F5 Networks, the F5 logo, and IT agility. Your way., are trademarks of F5 Networks, Inc. in the U.S. and in certain other countries. Other F5 trademarks are identified at f5.com. Any other products, services, or company names referenced herein may be trademarks of their respective owners with no endorsement or affiliation, express or implied, claimed by F5.
  • 54. 54 © F5 Networks, Inc.