Re: F5 and similar

From: Gareth Bromley (gbromley@intstar.com)
Date: Wed Aug 27 2003 - 09:56:32 EDT

• Next message: Fernando Cardoso: "RE: F5 and similar"
• Previous message: Paul R: "Re: F5 and similar"
• In reply to: pen test: "F5 and similar"
• Next in thread: jatkinson: "Re: F5 and similar"
• Reply: jatkinson: "Re: F5 and similar"
• Reply: Luis Cerdas: "Re: F5 and similar"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Wed, 27 Aug 2003, pen test wrote:
> Does the BigIp handle all requests and stay between the client and server or
> does it just simply redirect to the server?
> Bascially what I am getting at is if the the BigIp is between the client and
> application server
> client ---ssl--- bigip ---http--- application server
Depends on how the F5 (or any load balancer) has been setup.

Most products support a number of modes, and at there basic either sit in
front of the server for requests and replies or along side it for
requests and see none of the replies (Direct Server return, nFlow? in F5
terms) either at Layer 2 or Layer 3 depending on configuration.

> is the the application server safe from attacks that may affect it as the
> bigip will actually be on the one that is attacked?
Well that has to depend on what level are you inspecting/looking at. If
your looking at L2 then the F5 will be the victim of L2 style attacks instead
of the server, however the L3-7 attacks will then pass, unless suitable
network/application inspection/filtering is carried out. Of course if
you've activated the L7 intelligence and are filternig at that level and
use some of the L3-4 DoS protection mechanisms that F5 provides, you have
a partially protected server farm. Ofcourse, you need to ask what L7
attack intelligence is built into the F5 product to detect against Web
attacks injected into SSL, from my experience none, so another product is
required i.e. IDS, Application Aware product (Sanctum, KaVaDo, Whale
e-Gap, Spearheads AirGap, etc..)

However, the F5 and other LBs are NOT security products and thus dont
contain network/application security features found in other products,
instead these products cover the Availability of the CIA security trilogy.

Hope these helps

Gareth

---------------------------------------------------------------------------
FREE Trial!
New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL
and PROFESSIONAL TL software. Fast, reliable vulnerability assessment
technology powered by the award-winning FoundScan engine. Try it free for 21 days at: http://www.securityfocus.com/sponsor/Foundstone_pen-test_030825
----------------------------------------------------------------------------

• Next message: Fernando Cardoso: "RE: F5 and similar"
• Previous message: Paul R: "Re: F5 and similar"
• In reply to: pen test: "F5 and similar"
• Next in thread: jatkinson: "Re: F5 and similar"
• Reply: jatkinson: "Re: F5 and similar"
• Reply: Luis Cerdas: "Re: F5 and similar"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:38 EDT