Documente Academic
Documente Profesional
Documente Cultură
F5 Company Snapshot
Leading provider of Application Delivery Networking products
that optimize the security, performance & availability of
network applications, servers and storage systems
Gartner, Inc. Market Share: Application Acceleration Equipment, Worldwide, CYQ212, Joe
Skorupa, Nhat Pham, Sept 2012
Government Certifications
Certifications
Automated
Local
ServerGlobal
Load Site
Balancing
Redirection
Application
Network
andLayer
Application
Health Monitoring
Health Monitoring
ACLs, Packet
DNSSEC,
IP Geolocation
Filters, SYN Flood Protection
: WebAccelerator
: WAN Optimization Manager
: Application Acceleration Manager
WebAccelerator
HTTP
Symmetric
Protocol
Adaptive
Optimization
Features
Compression
Intelligent
Symmetric
WAN
Optimization
Browser
Data Deduplication
Features
Referencing
Image
L7
Combined
QoSOptimization
Module with 11.4
Full-Proxy
User
Layer
Access
7 Targeted
Firewall
Control
Attack Prevention / DDoS / DDDoS
CAC/PIV/Smartcard
Data
Layer
Leakage
4 DoS Protection
Protection
Enablement
Portal, WebTop
OWASP
Protocol
Top
Anomaly
Ten Detection
Fast
WBA
WOM
AAM
Secure
APM
ASM
AFM
F5 Security Architecture
Network DDoS
Application DDoS
Internet
Load
Balancer
Load
Balancer
& SSL
DNS Security
Web Application
Firewall
Web Access
Management
Client / Server
Client / Server
Web application
Web application
Application
Application
Session
Session
Network
Network
Physical
Physical
Session
Network
Application
TCP
OneConnect
Server
side
SSL
Client
side
Client / Server
Web application
Proxy
SSL
TCP
Application
HTTP
IPv4/IPv6
Web application
APM
Firewall
Session
Network
iRules
Physical
High-performance HW
iControl API
Physical
One platform
Network
firewall
Traffic
management
Application
security
Access
control
DDoS
mitigation
SSL
inspection
DNS
security
F5 Networks, Inc
13
IP
Intelligence
Defend against
malicious activity and
web attacks.
Web Application
Security
OWASP
Top 10
SDLC
Dynamic App
Security
Testing
SSL INSPECTION
SSL?
SSL?
F5 Networks, Inc
Achieve high-scale/high-
performance SSL proxy
Injection
Cross-Site Scripting (XSS)
Broken Authentication and Session Management
Insecure Direct Object References
Cross-Site Request Forgery (CSRF)
Security Misconfiguration
Insecure Cryptographic Storage
Failure to Restrict URL Access
Insufficient Transport Layer Protection
Unvalidated Redirects and Forwards
Source: www.owasp.org
F5 Networks, Inc
17
DDoS MITIGATION
Increasing difficulty of attack detection
Physical (1)
Network (3)
Transport (4)
Session (5)
F5 mitigation technologies
Network attacks
Presentation (6)
Session attacks
Application (7)
Application attacks
SYN Flood, Connection Flood, UDP Flood, Push and ACK Floods, Teardrop,
ICMP Floods, Ping Floods and Smurf Attacks
BIG-IP AFM
SynCheck, default-deny posture, high-capacity connection table, full-proxy
traffic visibility, rate-limiting, strict TCP forwarding.
BIG-IP ASM
Positive and negative policy
reinforcement, iRules, full
proxy for HTTP, server
performance anomaly
detection
F5 Networks, Inc
Withstand the
largest attacks
OSI stack
F5 Mitigation Technologies
OSI stack
18
IP INTELLIGENCE
Botnet
Restricted
region or
country
IP intelligence
service
IP address feed
updates every 5 min
Attacker
Custom
application
Financial
application
Anonymous
requests
Anonymous
proxies
F5 Networks, Inc
Scanner
Geolocation database
19
ICSA-certified
firewall
Access
Control
Application
delivery cont.
DDoS
Mitigation
SSL
inspection
Application
security
DNS
security
Products
Access Policy
Manager
F5 Networks, Inc
Local Traffic
Manager
Dynamic, identity-based
access control
Simplified authentication,
consolidated infrastructure
Application Security
Manager
#1 application delivery
controller
Application fluency
PCI compliance
App-specific health
monitoring
HTTP anti-DDoS
IP protection
20
Authentication
Kerberos
NTLM
Basic Auth
407
Real Time
Classification
Malware
Analysis
E-Commerce
Secure Web Gateway
Malicious
Server
Private Network
Access Policy
Web Security
Reporting
B2B Server
Firewall
Internet
Entertainment
Site
BIG-IP Platform
Users
Identification
Mapping
Agent
Active
Directory
F5 Networks, Inc
Youtube
Viral Video
Web security
Categorization
Database
Malware protection
Control bandwidth by policy
Malware
LTM
APM
22
Employees
Partner
Customer
Administrator
24
Web Servers
1
3
App 1
App 2
Agents on servers
App 3
Difficult to manage
Not interoperable or secure
Decentralized and costly
App n
Policy Manager
Directory
A Better Alternative
Proxy
BIG-IP benefits:
Web Servers
App 1
LTM +
APM
App 2
App 3
App n
Policy Manager
Directory
SharePoint
OWA
Cloud
Users
Hosted virtual
desktop
APP
OS
APP
OS
APP
OS
APP
OS
Directory
Web servers
App 1
F5 Networks, Inc
App n
27
CAC/PIV/Smartcard Enablement
Centralizes single sign-on and access control services
Full proxy L4 L7 access control at BIG-IP speeds
Adds endpoint inspection to the access policy
Visual Policy Editor (VPE) provides policy-based access control
VPE Rulesprogrammatic interface for custom access policies
Supports IPv6
Web
BIG-IP APM
Salesforce.com
Finance
Corporate managed
device
Latest AV software
Expense Report
App
AAA
server
User = Finance
F5 Networks, Inc
Dramatically reduce
infrastructure costs;
increase productivity
Provides seamless
access to all web
resources
Integrated with
common applications
30
Client
Improve the user experience
for traditional and mobile
users
Deliver the right content to
the right user in the fastest
time
Network
Data center
Improve availability of
enterprise applications
Increase application server
capacity
Integrate new technologies
without recoding applications
Load balance
Distribute application load
across multiple servers to
increase availability
Offload
Increase server capacity
Accelerate SSL processing
Manage TCP connections
more efficiently
Fast cache
Offload repetitive traffic from
web and application servers
to increase server capacity
SPDY gateway
Leverage SPDY and other
protocols without recoding
applications
Protocol optimization
Tune TCP and HTTP parameters to
adapt to changing network conditions
Loss correction
Correct for high-loss networks to
decrease transmission time and
improve user experience
Content control
Data reduction
Client Status
Content
location, device,
relationship
Site Status
performance,
location,
capacity
Network
Conditions
local, remote,
public, private
Transaction Assurance
Dynamic DNSSEC
DNS DDoS Mitigation
Data Center 2
iControl
iControl
vCenter
VM Provision
F5 Provision
Monitoring and
Management
Demand
Detection
Automation
F5 Deprovision
Storage Virtualization
iRules
Key Component of F5s High-Performance Fabric
High-Performance Fabric
Network
Interoperability
BIG-IQ
Multi-Cloud Control
Orchestrate F5
Services
F5 Networks, Inc.
41
Additional Resources
DevCentral : devcentral.f5.com
Web Support : websupport.f5.com
Account Team