Enabled using DoS Profiles TPS Based DoS Protection Stress Based (formally known as “Latency Based”) DoS Protection Less prone to false positives DoS Mitigation methods JavaScript Challenges Called Client-Side Integrity Defense CAPTCHA challenges

Attack Categories and DDoS architecture components: Volumetric – Flood-based attacks that can be L3-4 or L7 Cloud-based Scrubbing Service (Silverline) Web Application Firewall (ASM) GTM Express Asymmetric – Attacks designed to invoke timeouts or session-state changes Web Application Firewall (ASM) Computational – Attacks designed to consume CPU and memory Application Delivery Controller (LTM) Slowloris attack migration Adaptive connection...

Cain & Abel Windows only password recovery tool Sniffs the network cracking encrypted passwords, brute force cracking NMAP Detect remote OS running on host(s) nmap -O 192.168.1.0/24 nmap -O 192.168.1.1 nmap -v -O –osscan-guess 192.168.1.1 https://highon.coffee/blog/nmap-cheat-sheet/#host-discovery THC Hydra Brute force attack tool used to show the ease to gain unauthorized access remotely Performs dictionary attacks against more than...

Security >> Application Security: Sessions and Logins: Session Tracking Session Awareness (disabled by default) Configure login page to detect username and associate it with the HTTP session None (default) Allows the use of Violation Detection Actions only User APM Usernames and Session ID Use Login Pages Select the custom login page Properties Authentication type (HTML Form, HTTP Basic/Digest Auth and NTLM) Username/Password Parameters Access...

Data Guard Data Guard will block (by default) or will mask (transparent) the sensitive information for the responses sent by the application server to the client Settings Location General Security -> Application Security: Data Guard Policy Security -> Application Security: Blocking: Settings – Negative Security Violations Data Guard: Information leakage detected Modes of Operation Data Guard in Transparent (Mask Data) Default Learn/Alarm...

Buffer Overflow Security -> Options: Application Security: Advanced Configuration: System Variables long_request_buffer_size – specifies the longest request length supported by the system (default is 10Mb) request_buffer_size – specifies the common request length supported by the system (default is 10Kb) https://support.f5.com/csp/article/K7935 File Uploads Once the new parameter that the application uses for the file upload...