Multi-Layer Security for Multi-Layer Attacks Preston Hogue Dir, Cloud and Security Marketing Architectures
High-Performance Services Fabric Programmability Data Plane Control Plane Management Plane Virtual Edition Appliance Chassis Network [Physical Overlay SDN] F5 Agility 2014 2
Data Plane Programmability Control Plane Management Plane Virtual Edition Appliance Chassis Virtual Edition Appliance Chassis Network [Physical Overlay SDN] F5 Agility 2014 3
F5 Security Strategy
F5 Agility 2014 5
F5 Agility 2014 6
F5 Agility 2014 7
F5 Agility 2014 8
Evolving Security Threat Landscape cookie tampering Identity Extraction malware redirected traffic DNS Cache Poisoning SSL renegotiation CSRF Trojans parameter tampering SQL Injection smurf slowloris ICMP Flood spear attack CVE attack phishing UDP DNS malformed flood packet web scraping syn flood HTTP fragmentation brute force recursive GET social DNS Amplification ping of death Phishing XSS key loggers engineering URL tampering F5 Agility 2014 9 HashDos privilege escalations excessive GET/POST sockstress
What does F5 know about security?
Control through context Client Information + Traffic Content + Application Health F5 Agility 2014 11
1. Client context in security OS Device Operating Browser Geolocation IP intelligence system F5 Agility 2014 12
2. Traffic context in security XSS Unauthorized access SYN flood XSS SQL injection Fraud F5 Agility 2014 13
3. Application context in security v3.1??? App health Server status Software type/version App vulnerability Resource capacity F5 Agility 2014 14
You can t secure what you don t know.
F5 Agility 2014 16
F5 Agility 2014 17
Full-proxy architecture WAF WAF Slowloris attack XSS HTTP irule LB1 irule HTTP Data leakage SSL renegotiation SSL irule irule SSL SYN flood ICMP flood TCP irule irule TCP Network Firewall F5 Agility 2014 18
Slide 18 LB1 Per Preston, make instances of irule smaller. Add "Security context" above irule. Lorraine Barnes; 24.10.2013
F5 provides comprehensive application security Enterprise Mobility Management Inspecting SSL Web Fraud Protection IP Intelligence DDoS Protection Securing access to applications from anywhere Application Access Management Network Firewall Secure DNS High-Performance IPS Web Application Firewall Protecting your applications regardless of where they live F5 Agility 2014 19
Built for intelligence, speed and scale Users Concurrent user sessions 200K Concurrent logins 3,000/sec. Resources Throughput 640 Gbps Concurrent connections 288 M DNS query response 12 M/sec SSL TPS (2K keys) 240K/sec Connections per second 12.2 M
Full proxy security BIG-IP APM F5 Agility 2014 21
BIG-IP ASM Request Reply BIG-IP ASM HTTP Slowloris irule irule HTTP SlowPost SSL Renegotiation irule irule SSL Re-encryption TCP SynFlood irule irule TCP OneConnect BIG-IP AFM BIG-IP AFM F5 Agility 2014 22
BIG-IP ASM Request Reply BIG-IP ASM HTTP Slowloris irule irule HTTP SlowPost SSL Renegotiation irule irule SSL Re-encryption TCP SynFlood irule irule TCP OneConnect F5 Agility 2014 23
BIG-IP LTM F5 Agility 2014 24
F5 Provides Complete Visibility and Control Across Applications and Users Securing access to applications from anywhere Virtual Edition Chassis Appliance Protecting your applications regardless of where they live F5 Agility 2014 25
Identity and Access Management (IAM) Solution Securing access to applications from anywhere Authentication, Authorization, and SSO to All Apps Secure Web Gateway Internet Internet Apps Internet Apps Web Access Management Remote Access and Application Access Enterprise Apps Virtual Edition Appliance Chassis Mobile Apps Enterprise Mobility Management Federation Cloud, SaaS, and Partner Apps F5 Agility 2014 26
Application Delivery Firewall (ADF) Solution Protecting your applications regardless of where they live Bringing deep application fluency and price performance to firewall security One Platform Network Firewall Traffic Management Application Security Access Control DDoS Protection SSL DNS Security Web Fraud Protection EAL2+ EAL4+ (in process) DC FW (in process) WAF (in process) DDoS (pending) F5 Agility 2014 27
F5 provides comprehensive application security Mobile App Management Network DDoS Protection Web Application Firewall Network Access DNS DDoS Protection Application Access Network Firewall SSL DDoS Protection Application DDoS Protection Fraud Protection F5 Agility 2014 28
F5 security reference architectures Mobile App Management Network DDoS Protection Web Application Firewall Secure Mobility Network Access Secure Exchange DDoS Protection DNS DDoS Protection Web App Firewall Secure Web Gateway Remote Access Network Firewall Secure DNS Secure VDI Application Access Network Firewall Web Access Management SSL DDoS Protection Inspecting SSL Application DDoS Protection Fraud Protection Versafe F5 Agility 2014 29
Secure Mobility Secure Exchange DDoS Protection Web App Firewall Secure Web Gateway Remote Access Network Firewall Secure DNS Secure VDI Web Access Management Inspecting SSL Versafe F5 Agility 2014 30
Reference Architectures
F5 Reference Architectures Real solutions for real problems Web Fraud Protection High Performance IPS S/Gi Network Simplification Security for Service Providers Application Services Migration to Cloud DevOps DDoS Protection LTE Roaming Intelligent DNS Scale Cloud Federation Cloud Bursting Secure Web Gateway Benefits Minimize deployment times Reduce security design costs Strengthen security posture F5 F5 Agility Networks, 2014 Inc. 32
DDoS Protection Reference Architecture Next-Generation Firewall Corporate Users Tier 1 Tier 2 Multiple ISP strategy Network attacks: ICMP flood, UDP flood, SYN flood SSL attacks: SSL renegotiation, SSL flood Financial Services Legitimate Users DDoS Attacker ISPa/b Cloud Scrubbing Service DNS attacks: DNS amplification, query flood, dictionary attack, DNS poisoning Network and DNS IPS HTTP attacks: Slowloris, slow POST, recursive POST/GET Application E- Commerce Subscriber Threat Threat Feed Intelligence Feed Intelligence Scanner Anonymou s Proxies Anonymou s Requests Botnet Attacker s Strategic Point of Control F5 Agility 2014 33
Identity Federation Architecture On-Premises Infrastructure Corporate Users Users SAML Identity management Multi-factor authentication Attackers SAML Real-time access control Access policy enforcement Access Managemen t Directory Services Corporate Applications Office 365 Google Apps Salesforc e SaaS Providers Identity federation Strategic Point of Control F5 Agility 2014 34
Secure Web Gateway Reference Architecture F5 Agility 2014 35
Microsoft Threat Management Gateway Deployment F5 Agility 2014 36
F5 s Alternative to Microsoft Threat Management Gateway F5 Agility 2014 37
Web Fraud Protection architecture diagram A Online Customers Man-in-the- Browser Attacks Copied Pages and Phishing B Online Customers Web Fraud Protection Network Firewall Application C Account Amount Transfer Funds Security Operations Center Automated Transactions Online Customers Customer Scenarios A Malware Detection and Protection B Anti-Phishing C Transaction Analysis Strategic Point of Control F5 Agility 2014 38
High Performance IPS Reference Architecture F5 Agility 2014 39
VMware Horizon View Architecture On-Premises Infrastructure HTTPS PCoIP Internal Users SSL Decryption Authentication High Availability PCoIP Proxy VDI Infrastructure HTTPS HTTP/S External Users PCoIP Access Managemen t PCoIP Authentication Strategic Point of Control F5 Agility 2014 40