f5 user’s group. 2 it agility. your way. welcome! introductions name title company role requests...
TRANSCRIPT
![Page 1: F5 User’s Group. 2 IT agility. Your way. Welcome! Introductions Name Title Company Role Requests (optional) Please introduce yourself Name Title](https://reader036.vdocument.in/reader036/viewer/2022062407/56649cf05503460f949bf0a1/html5/thumbnails/1.jpg)
F5 User’s Group
![Page 2: F5 User’s Group. 2 IT agility. Your way. Welcome! Introductions Name Title Company Role Requests (optional) Please introduce yourself Name Title](https://reader036.vdocument.in/reader036/viewer/2022062407/56649cf05503460f949bf0a1/html5/thumbnails/2.jpg)
2
I T a g i l i t y. Yo u r w a y.
Welcome!Introductions
NameTitleCompany
RoleRequests (optional)
Please introduce yourself Name Title Company Your role
• Application• Network• Security
Requests? (optional)
![Page 3: F5 User’s Group. 2 IT agility. Your way. Welcome! Introductions Name Title Company Role Requests (optional) Please introduce yourself Name Title](https://reader036.vdocument.in/reader036/viewer/2022062407/56649cf05503460f949bf0a1/html5/thumbnails/3.jpg)
3
F5 User’s Group Meeting October 3rd 2012Agenda
The new F5 Technical Certification Program
Ken Salchow, Program Manager
F5 Technology Update – What’s new
Nathan McMahon – Sr. Solution Architect
10 Minute Break
Creating an ASM (Web Application Firewall) policy using Cenzic Hailstorm
Jon Bartlett, Field Systems Engineer
F5 Customer, SE and SA roundtable
![Page 4: F5 User’s Group. 2 IT agility. Your way. Welcome! Introductions Name Title Company Role Requests (optional) Please introduce yourself Name Title](https://reader036.vdocument.in/reader036/viewer/2022062407/56649cf05503460f949bf0a1/html5/thumbnails/4.jpg)
KJ (Ken) Salchow, Jr.Program Manager, Technical Certification
F5 TECHNICAL CERTIFICATION PROGRAM CERTIFICATION & TEST OVERVIEW
![Page 5: F5 User’s Group. 2 IT agility. Your way. Welcome! Introductions Name Title Company Role Requests (optional) Please introduce yourself Name Title](https://reader036.vdocument.in/reader036/viewer/2022062407/56649cf05503460f949bf0a1/html5/thumbnails/5.jpg)
5
Partner Programs
Guardian Service
Guardian Consulting
Certification
Three Distinct Pieces
F5 Training
Industry Knowledge
Internal
Customer
Individual
![Page 6: F5 User’s Group. 2 IT agility. Your way. Welcome! Introductions Name Title Company Role Requests (optional) Please introduce yourself Name Title](https://reader036.vdocument.in/reader036/viewer/2022062407/56649cf05503460f949bf0a1/html5/thumbnails/6.jpg)
6
Increasing Complexity and Risk
![Page 7: F5 User’s Group. 2 IT agility. Your way. Welcome! Introductions Name Title Company Role Requests (optional) Please introduce yourself Name Title](https://reader036.vdocument.in/reader036/viewer/2022062407/56649cf05503460f949bf0a1/html5/thumbnails/7.jpg)
7
The Missing Pieces
BIG-IP LTM
BIG-IP LTM
BIG-IP GTM ASM FirePass
ARX Configurati
on
BIG-IP LTM
Advanced
ARXTroublesho
oting
Product Consulta
nt
Engineer
End-to-End Application Delivery Knowledge
Solution KnowledgeMISSING
Basic Application Delivery KnowledgeMISSING
![Page 8: F5 User’s Group. 2 IT agility. Your way. Welcome! Introductions Name Title Company Role Requests (optional) Please introduce yourself Name Title](https://reader036.vdocument.in/reader036/viewer/2022062407/56649cf05503460f949bf0a1/html5/thumbnails/8.jpg)
8
NO ADCHANDBOOK
NO COLLEGECOURSES
NO LEARNINGPATH
NO TECHNOLOGYKNOWLEDGE
![Page 9: F5 User’s Group. 2 IT agility. Your way. Welcome! Introductions Name Title Company Role Requests (optional) Please introduce yourself Name Title](https://reader036.vdocument.in/reader036/viewer/2022062407/56649cf05503460f949bf0a1/html5/thumbnails/9.jpg)
9
Program Objective
Bring applications and networks together through technologists
rigorously verified to have expertise across the technology
stack.
![Page 10: F5 User’s Group. 2 IT agility. Your way. Welcome! Introductions Name Title Company Role Requests (optional) Please introduce yourself Name Title](https://reader036.vdocument.in/reader036/viewer/2022062407/56649cf05503460f949bf0a1/html5/thumbnails/10.jpg)
10
Engineer Certification Track
BIG-IP Administrator
LTM Speciali
st
GTM Speciali
st
ASM Speciali
st
APM Speciali
st
iRules Speciali
st
WAM/ WOM
Specialist
Availability Expert
Security Expert
Optimization
Expert
Service Provider Expert
Application Delivery Architect
Application Delivery Engineer
![Page 11: F5 User’s Group. 2 IT agility. Your way. Welcome! Introductions Name Title Company Role Requests (optional) Please introduce yourself Name Title](https://reader036.vdocument.in/reader036/viewer/2022062407/56649cf05503460f949bf0a1/html5/thumbnails/11.jpg)
11
Testing Tracks
Application Delivery Fundamentals100 Level
TMOS Administration200 Level
GTM Speciali
st
ASM Speciali
st
APM Speciali
st
WAM/ WOM
Specialist
iRules Develop
er
300 Level
Application Delivery Architect Lab500
Level iApps Developer
400 Level
Availability Solutions
Security Solutions
Optimization Solutions
Service Provider Solutions
LTM Specialist (b)
LTM Specialist (a)
LTM Specialist (a) - Architect, Setup & DeployLTM Specialist (b) - Maintain & Troubleshoot
![Page 12: F5 User’s Group. 2 IT agility. Your way. Welcome! Introductions Name Title Company Role Requests (optional) Please introduce yourself Name Title](https://reader036.vdocument.in/reader036/viewer/2022062407/56649cf05503460f949bf0a1/html5/thumbnails/12.jpg)
12
Course Developme
nt
Test Design
Job Analysis
Blueprint Developme
nt
Item Developme
nt
Beta Publication
Item Analysis
Exam Assembly
Standard Setting
Publication
Development ProcessEach Exam:• 7 Months from Start
to Finish• 1200 Man-Hours
(just SMEs)• ~ $85,000 USD
(direct costs)
![Page 13: F5 User’s Group. 2 IT agility. Your way. Welcome! Introductions Name Title Company Role Requests (optional) Please introduce yourself Name Title](https://reader036.vdocument.in/reader036/viewer/2022062407/56649cf05503460f949bf0a1/html5/thumbnails/13.jpg)
Nathan McMahonSolution Architect
BIG-IP V11.2.1
![Page 14: F5 User’s Group. 2 IT agility. Your way. Welcome! Introductions Name Title Company Role Requests (optional) Please introduce yourself Name Title](https://reader036.vdocument.in/reader036/viewer/2022062407/56649cf05503460f949bf0a1/html5/thumbnails/14.jpg)
14
•2x 10G Ports
•8x 1G Ports
•Quad Core CPU
•16GB Memory
•Triple the SSL 2K key TPS
•2.5x the L7 performance
•2.5x the throughput
•8G Hardware Compression
•80+ Gold Power Supply
•Future vCMP support (TBD)
BIG-IP 4200vBIG-IP 3600
BIG-IP 3900
800K
BIG
-IP
42
00
v
L7 RPS SSL TPS (2K) H/W Compression
400K
BIG
-IP
390
09000 TPS
BIG
-IP
42
00
v
3000 TPSB
IG-I
P 3
900
8G
BIG
-IP
42
00
v
BIG
-IP
390
0
Software Only
10G
BIG
-IP
42
00
v
Throughput
4G
BIG
-IP
39
00
![Page 15: F5 User’s Group. 2 IT agility. Your way. Welcome! Introductions Name Title Company Role Requests (optional) Please introduce yourself Name Title](https://reader036.vdocument.in/reader036/viewer/2022062407/56649cf05503460f949bf0a1/html5/thumbnails/15.jpg)
15
Rate Shaping Bandwidth throttling
Connection Limit Maximum connections
Slow Ramp Ramp up the number of new connections per second sent to the server
Set limits for the amount of traffic sent to a server.Useful to mitigate DoS or for less scalable applications
Connection Throttling
![Page 16: F5 User’s Group. 2 IT agility. Your way. Welcome! Introductions Name Title Company Role Requests (optional) Please introduce yourself Name Title](https://reader036.vdocument.in/reader036/viewer/2022062407/56649cf05503460f949bf0a1/html5/thumbnails/16.jpg)
16
Connection Throttling
![Page 17: F5 User’s Group. 2 IT agility. Your way. Welcome! Introductions Name Title Company Role Requests (optional) Please introduce yourself Name Title](https://reader036.vdocument.in/reader036/viewer/2022062407/56649cf05503460f949bf0a1/html5/thumbnails/17.jpg)
17
18 when RULE_INIT {21 set static::conn_debug 125 set static::conn_rate 1030 set static::interval 132 log local0. "Configured to enforce a rate of [expr {$static::conn_rate / $static::interval}]\33 cps ($static::conn_rate connections / $static::interval second)"36 set static::whitelist_class vsratelimit_whitelist_class40 set static::tbl "vsratelimit"41 }42 when CLIENT_ACCEPTED {45 if {[class match [IP::client_addr] equals vsratelimit_whitelist_class]}{48 return49 }50 set key "[IP::client_addr]:[TCP::client_port]"55 set tbl ${static::tbl}_[virtual name]58 set current [table keys -subtable $tbl -count]59 if { $current >= $static::conn_rate } {62 if { $static::conn_debug }{ log local0. "$key: Connection to [IP::local_addr]:[TCP::local_port]\63 ([virtual name]). At limit, rejecting (current: $current / max: $static::conn_rate)" }66 TCP::close68 } else {72 table set -subtable $tbl $key " " indefinite $static::interval73 if { $static::conn_debug }{ log local0. "$key: Connection to [IP::local_addr]:[TCP::local_port]\74 ([virtual name]). Under limit, allowing (current: [table keys -subtable $tbl -count] / max: $static::conn_rate)" }75 }76 }
Connection Throttling
![Page 18: F5 User’s Group. 2 IT agility. Your way. Welcome! Introductions Name Title Company Role Requests (optional) Please introduce yourself Name Title](https://reader036.vdocument.in/reader036/viewer/2022062407/56649cf05503460f949bf0a1/html5/thumbnails/18.jpg)
18
Connection Throttling
Now in the GUI
Virtual Server
Pool Member
![Page 19: F5 User’s Group. 2 IT agility. Your way. Welcome! Introductions Name Title Company Role Requests (optional) Please introduce yourself Name Title](https://reader036.vdocument.in/reader036/viewer/2022062407/56649cf05503460f949bf0a1/html5/thumbnails/19.jpg)
19
Specifies the maximum number of connections-per-second allowed for a virtual server, pool member, or node. When the number of number of connections-per-second reaches the limit for a given virtual server, pool member, or node, the system redirects additional connection requests. This helps detect Denial of Service attacks, where connection requests flood a virtual server, pool member, or node. Setting this to 0 turns off connection limits. The default is 0.
Connection Throttling
![Page 20: F5 User’s Group. 2 IT agility. Your way. Welcome! Introductions Name Title Company Role Requests (optional) Please introduce yourself Name Title](https://reader036.vdocument.in/reader036/viewer/2022062407/56649cf05503460f949bf0a1/html5/thumbnails/20.jpg)
20
Rate Shaping Bandwidth throttling
Connection Limit Maximum connections
Connection Rate Limit Max new connections / sec
Slow Ramp Ramp up the number of new connections per second sent to the server
Set limits for the amount of traffic sent to a server.Useful to mitigate DoS or for less scalable applications
Connection Throttling
![Page 21: F5 User’s Group. 2 IT agility. Your way. Welcome! Introductions Name Title Company Role Requests (optional) Please introduce yourself Name Title](https://reader036.vdocument.in/reader036/viewer/2022062407/56649cf05503460f949bf0a1/html5/thumbnails/21.jpg)
Jon BartlettField Systems Engineer
ASM DEMO
![Page 22: F5 User’s Group. 2 IT agility. Your way. Welcome! Introductions Name Title Company Role Requests (optional) Please introduce yourself Name Title](https://reader036.vdocument.in/reader036/viewer/2022062407/56649cf05503460f949bf0a1/html5/thumbnails/22.jpg)
22
Requesting a Scan from the Cenzic Cloud
Running Cenzic Scans from F5 ASM (core usage)
![Page 23: F5 User’s Group. 2 IT agility. Your way. Welcome! Introductions Name Title Company Role Requests (optional) Please introduce yourself Name Title](https://reader036.vdocument.in/reader036/viewer/2022062407/56649cf05503460f949bf0a1/html5/thumbnails/23.jpg)
23
Scan Finished
Running Cenzic Scans from F5 ASM (core usage)
![Page 24: F5 User’s Group. 2 IT agility. Your way. Welcome! Introductions Name Title Company Role Requests (optional) Please introduce yourself Name Title](https://reader036.vdocument.in/reader036/viewer/2022062407/56649cf05503460f949bf0a1/html5/thumbnails/24.jpg)
24
Selecting a Class of Vulnerabilities
Running Cenzic Scans from F5 ASM (core usage)
![Page 25: F5 User’s Group. 2 IT agility. Your way. Welcome! Introductions Name Title Company Role Requests (optional) Please introduce yourself Name Title](https://reader036.vdocument.in/reader036/viewer/2022062407/56649cf05503460f949bf0a1/html5/thumbnails/25.jpg)
25
Selecting Vulnerabilities to Resolve
Running Cenzic Scans from F5 ASM (core usage)
![Page 26: F5 User’s Group. 2 IT agility. Your way. Welcome! Introductions Name Title Company Role Requests (optional) Please introduce yourself Name Title](https://reader036.vdocument.in/reader036/viewer/2022062407/56649cf05503460f949bf0a1/html5/thumbnails/26.jpg)
26
Resolving
Running Cenzic Scans from F5 ASM (core usage)
![Page 27: F5 User’s Group. 2 IT agility. Your way. Welcome! Introductions Name Title Company Role Requests (optional) Please introduce yourself Name Title](https://reader036.vdocument.in/reader036/viewer/2022062407/56649cf05503460f949bf0a1/html5/thumbnails/27.jpg)
27
Resolving
Running Cenzic Scans from F5 ASM (core usage)
![Page 28: F5 User’s Group. 2 IT agility. Your way. Welcome! Introductions Name Title Company Role Requests (optional) Please introduce yourself Name Title](https://reader036.vdocument.in/reader036/viewer/2022062407/56649cf05503460f949bf0a1/html5/thumbnails/28.jpg)
28
Resolved (Mitigated)
Running Cenzic Scans from F5 ASM (core usage)
![Page 29: F5 User’s Group. 2 IT agility. Your way. Welcome! Introductions Name Title Company Role Requests (optional) Please introduce yourself Name Title](https://reader036.vdocument.in/reader036/viewer/2022062407/56649cf05503460f949bf0a1/html5/thumbnails/29.jpg)
29
Resolved (Mitigated)
Running Cenzic Scans from F5 ASM (core usage)
![Page 30: F5 User’s Group. 2 IT agility. Your way. Welcome! Introductions Name Title Company Role Requests (optional) Please introduce yourself Name Title](https://reader036.vdocument.in/reader036/viewer/2022062407/56649cf05503460f949bf0a1/html5/thumbnails/30.jpg)
30
ASM Parameters View
Running Cenzic Scans from F5 ASM (core usage)
![Page 31: F5 User’s Group. 2 IT agility. Your way. Welcome! Introductions Name Title Company Role Requests (optional) Please introduce yourself Name Title](https://reader036.vdocument.in/reader036/viewer/2022062407/56649cf05503460f949bf0a1/html5/thumbnails/31.jpg)
31
• 3 free application scans
• Free scans are limited health check services
• No time limits once signed up
• No other vendors currently provide free scan via our ASM UI
• Or “off box” http://www.cenzic.com/f5/reg
Cenzic HealthCheck Scans test for:
F5 Free Scans by Cenzic Find Vulnerabilities and Reduce Exposure
1. Cross-Site Scripting*
2. Application Exception
3. SQL Injection
4. Open Redirect
5. Password Auto-Complete*
6. Credit Card Disclosure
7. Non-SSL Password*
8. Check HTTP Methods
9. Basic Auth over HTTP
10.Directory Browsing
*Only these three included in non-F5 Free promotions
![Page 32: F5 User’s Group. 2 IT agility. Your way. Welcome! Introductions Name Title Company Role Requests (optional) Please introduce yourself Name Title](https://reader036.vdocument.in/reader036/viewer/2022062407/56649cf05503460f949bf0a1/html5/thumbnails/32.jpg)
32
• 30-90 day free application scans pulled into ASM/VE dashboard
• Free assessments are unlimited during eval period
WH Enterprise BE test for:
F5 Free Scans by WhiteHatPersistent Assessment and Reduced Exposure
1. Injection
2. Cross Site Scripting Insecure Direct Object References
3. Security Misconfiguration
4. Insecure Cryptographic Storage
5. Failure to Restrict URL Access
6. Insufficient Transport Layer Protection
7. Invalidated Redirects and Forwards
![Page 33: F5 User’s Group. 2 IT agility. Your way. Welcome! Introductions Name Title Company Role Requests (optional) Please introduce yourself Name Title](https://reader036.vdocument.in/reader036/viewer/2022062407/56649cf05503460f949bf0a1/html5/thumbnails/33.jpg)
33
Manually import vulnerability scan results from:
• IBM AppScan
• Qualys QualysGuard
Single click remediation
Use to build a new policy or add to an
existing policy
![Page 34: F5 User’s Group. 2 IT agility. Your way. Welcome! Introductions Name Title Company Role Requests (optional) Please introduce yourself Name Title](https://reader036.vdocument.in/reader036/viewer/2022062407/56649cf05503460f949bf0a1/html5/thumbnails/34.jpg)
34
Roundtable Topics
VDI GatewayIndustry News
Security Attacks
Encryption makes me blind
ImprovingPerformance
I thought virtualization
would be more fun
![Page 35: F5 User’s Group. 2 IT agility. Your way. Welcome! Introductions Name Title Company Role Requests (optional) Please introduce yourself Name Title](https://reader036.vdocument.in/reader036/viewer/2022062407/56649cf05503460f949bf0a1/html5/thumbnails/35.jpg)
35
Roundtable Topics
BYODScale to the
Nth
Life in the cloud
Data, Data, Data – I can’t make bricks without clay
Where you come from
matters
![Page 36: F5 User’s Group. 2 IT agility. Your way. Welcome! Introductions Name Title Company Role Requests (optional) Please introduce yourself Name Title](https://reader036.vdocument.in/reader036/viewer/2022062407/56649cf05503460f949bf0a1/html5/thumbnails/36.jpg)
Thank You!
Please fill out a survey