Collaborate Disseminate
In this Lightboard Post of the Week, I answer a question about 2FA and SSO with AD/RSA on BIG-IP by creating a SSO Credential Mapping policy agent in the Visual Policy Editor, that takes the username and password from the logon page, and maps them to v… Continue reading Post of the Week: Two-Factor Auth and SSO with BIG-IP
That title sounds so 2009 but let’s go with it anyway. #Flashback…no, #Throwback…no, how about #TinkerTuesday? Is there such a thing? (There is.) #DevCentral will be ramping up our social activities in 2018 and we wanted to share some… Continue reading Get Social with DevCentral
Welcome to 2018! If the kids in the back seat have been chanting, ‘Are we there yet?, Are we there yet?’ you can tell them, ‘Yes! Now, Get out the car!’ If, like me, you’ve taken a couple weeks off to enjoy the holidays an… Continue reading The DevCentral Chronicles Volume 1, Issue 1
It’s that time of year when we gift and re-gift, just like this text from last year. And the perfect opportunity to re-post, re-purpose and re-use all my 2017 entries. If you missed any of the 64 attempts including 16 videos, here they are wrappe… Continue reading Blog Roll 2017
In this Lightboard Post of the Week, I answer a few questions about SSL/https on Virtual Servers. BIG-IP being a default deny, full proxy device, it’s important to configure specific ports, like 443, to accept https traffic along with client and … Continue reading Post of the Week: SSL on a Virtual Server
A newly identified cybercrime scheme uses a malware mish-mash of two leaked NSA hacking tools and specialized PowerShell agents to covertly install cryptomining software on computers left vulnerable by a well-known Apache Struts flaw, according to research from F5 Networks. The campaign, labeled “Zealot” by F5 researchers, has already been used in attacks on Windows and Linux systems to feed miners targeting Monero. The malware also utilizes the NSA-linked EternalBlue and EternalSynergy exploits; which helps spread malware across a compromised network. “As far as we know, this is the second time a cryptomining scheme has used the EternalBlue or EternalSynergy exploits,” said Maxim Zavodchik, a security research manager with F5. “The significance of this discovery is that it’s the first time we’ve seen a massive campaign targeting web vulnerabilities that automatically spreads into the internal network. This technique is sometimes used in targeted attacks, but seems to be the first time […]
The post Newly uncovered ‘Zealot’ malware could double as 2017 buzzword bingo appeared first on Cyberscoop.
Continue reading Newly uncovered ‘Zealot’ malware could double as 2017 buzzword bingo
Thinking of taking the F5 Certified 101 or 201 exams but not sure if you are ready? Ease the anxiety by taking a F5 Practice Exam! That’s what I did, and it sure helped. If you remember, back in August I attempted the 201-TMOS Administrator exam … Continue reading F5 Certified Practice Exams
When we prepare for our Featured Member series, I typically send out a questionnaire and the DevCentral member writes out their answers. With the opening question I’ll do a bit of editing and use that for the intro. This month however, airloom… Continue reading DevCentral’s Featured Member for December – Kevin Davies
With the release of the new 2017 Edition of the OWASP Top 10, we wanted to give a quick rundown of how BIG-IP ASM can mitigate these vulnerabilities. First, here’s how the 2013 edition compares to 2017. And how BIG-IP ASM mitigates the vulnerabil… Continue reading The OWASP Top 10 – 2017 vs. BIG-IP ASM
Today, let’s look at a couple ways to mitigate an application DDoS attack with BIG-IP ASM. We’ve logged into a BIG-IP ASM and navigated to Security>DDoS Protection>DDoS Profiles. In the General Settings of Application Security,… Continue reading Mitigate L7 DDoS with BIG-IP ASM