Your Applications Deserve iApps

Posted in f5, big-ip, cloud, saml, federation, saas, office 365 by psilva on June 21st, 2016

enterprise-cloud-secureappsanywhere.png

F5iApps are user-customizable frameworks for deploying applications that enablesyou to ‘templatize’ sets of functionality on your F5 gear. You can automate theprocess of adding virtual servers or build a custom iApp to manage your iRulesinventory.

Applicationready templates were introduced in BIG-IP v10 and the goal was to provide awizard for the often deployed applications like Exchange, SharePoint, Citrix,Oracle, VMware and so forth. This allowed the abstraction some of theconfiguration details and reduced the human error when following the pages ofthe thick deployment guides for those applications. Application templates weregreat but there was no way to customize the template either during thedeployment or adjust it after.

Then came iApps®.

Introducedin TMOS v11, iApps is the current BIG-IP system framework for deployingservices-based, template-driven configurations on BIG-IP systems. iApps bundlesall of the configuration options for a particular application together.

Roughly athird of F5 customers use iApps and they are especially popular for morecomplex configurations, like Microsoft Exchange, for example, which requires upto 1200 mouse clicks to configure manually and only 50 mouse clicks toconfigure with the iApp. iApps are also often used to roll out similarconfigurations to multiple BIG-IP's. Some customers run hundreds of iApps, somerun none--the choice is yours.

Hereis one example of iApp customization and its evolution. When we released SAMLsupport in v11.3, many customers wanted to use BIG-IP APM as a SAML IdentityProvider (IdP) for Office365 but there are a few steps to configure that inBIG-IP. Configure Active Directory, then SAML, then the access policy and soforth. One of our very smart Security Architects, Michael Koyfman, wanted tomake that task simple, repeatable and accurate.

o365-logo.jpg

He decidedto write an O365 iApp and posted it to DevCentral where there was immediateinterest from the community. From that, Product Development engineers rewroteit to follow their libraries and best practices and then moved to the supportedstatus.  You can now use this F5supported iApp template to configure the BIG-IP system as a SAML IdP toMicrosoft Office 365 applications, such as Exchange and SharePoint. Thistemplate configures the BIG-IP APM system as an IdP for Office 365 to performsingle sign-on (SSO) between the local Active Directory user accounts andOffice 365-based resources such as Microsoft Outlook Web App and MicrosoftSharePoint.

But we didn’tstop there.

Since it isthe same framework and easily extensible to add more services to an iApp, theytook it a step further. With the O365 iApp as the basis, the team then built a SaaS FederationiApp which allows you to configure BIG-IP APM as SAML IdP to 11 commonlyused SaaS applications including Salesforce, Concur, WebEx, O365 and others.Now, with a single iApp, you can federate your employees to many SaaSapplications easily, efficiently and securely. This iApp also went through abeta period on DevCentral and was recently released as a F5 supported iApp.

ui_saas_iapp.png 

UI configurations for the SaaS iApp

 

saas_iapp_after.png 

Summary of configurations for the SaaSiApp

So if youneed quick and easy way to deploy your applications, look no further than F5iApps. You can use the F5 built iApps, you can customize F5 built iApps or youcan build your own iApps. Your applications, infrastructure and business willthank you.

ps




Control It All with iControl

Posted in f5, big-ip, cloud computing, silva, application delivery, api, programmability, sddc by psilva on June 14th, 2016

The concept of Application programming interfaces (APIs) has been around for a while.

According to CSC Distinguished Engineer & Chief Product Architect (and bass player) Martin Bartlett,

'The concept of an API pre-dates even the advent of personal computing, let alone the Web, by a very long time! The principal of a well-documented set of publicly addressable "entry points" that allow an application to interact with another system has been an essential part of software development since the earliest days of utility data processing. However, the advent of distributed systems, and then the web itself, has seen the importance and utility of these same basic concepts increased dramatically.’ (Courtesy: http://history.apievangelist.com/)

An API is a set of routine definitions, protocols, and tools for building software and applications. It is software written to function as a communication bridge between Web applications. That’s how iControl started according to Joe Pruitt – as a way for the early versions of BIG-IP LTM (BIG-IP) and BIG-IP DNS (3-DNS/GTM) to communicate with each other to ensure they were making the right traffic management decisions. And this was 16 years ago!

Today, APIs are all over place running behind the curtains without any direct user interaction. They are primarily used for computer consumption and typically absorbed by web applications. APIs make services available for developers to build those same services into their applications. eBay, Amazon & AWS, Facebook, Twitter and Google Maps are some examples you might be familiar with. For instance, Google Maps has an API so developers can use the backend services to create their own ‘maps.’ Maybe it is a map of restaurants in the vicinity of a hotel. The hotel website could use the Google maps API to show different shopping, eating or recreational activities in the area. They wouldn’t need to develop the maps nor house the data themselves.

With the Internet of Things (IoT), APIs allow you to share, manage, access and interact with your previously unconnected items like cameras, bicycles and even medicine bottles. And there are many IoT APIs that are available.

And that’s really the point with iControl.

f5_programmability.png

Whether you’re looking to tweak a feature or spin up 500 new pool members, iControl can do it. Anything you can do via the command line or GUI, you can accomplish via iControl. And, you can do it programmatically so you don’t have to enter in every single command in the chain, or wake up someone at 3am during the change control window just to bleed the servers off a pool.

iControl is F5’s open, web services-based API that allows complete, dynamic, and programmatic control of control over nearly every aspect of both execution and configuration on BIG-IP systems. With iControl you can work like a wizard—add, modify, or configure your F5 device in real time. It is the primary means through which BIG-IP is integrated into both commercial management offerings and cloud computing environments. In short, iControl is a simple, light weight API that allows you programmatic access via Traffic Management Shell (tmsh) commands.

And now you can say, 'I control my infrastructure with iControl.'

ps

Related:




The Double Whammy of Scripting

Posted in f5, big-ip, silva, devcentral, irules, programmability by psilva on June 7th, 2016

Many of you are very familiar with iRules, our Tool Command Language (Tcl) based scripter. It’s a powerful application delivery tool to have a programmable proxy that allows you to manipulate – in real time - any network traffic passing through the BIG-IP. Many BIG-IP fans have used it to address their specific needs and some iRules have even been productized as features. For example, the cool ASM Data Mask feature that blocks sensitive info like SSN or credit card numbers from leaking out was once an iRule. Aw, our baby made it to the BIGs.

And by now you may have heard the trumpets about iRules LX, available in our most recent BIG-IP v12.1 release. So I was wondering if you were wondering what’s the difference between iRules and iRules LX? Why would you use one or the other?

iRules is based on Tcl and is an extremely stable and well-documented solution. We introduced it in BIG-IP v9.0 and we continue ongoing feature development for it. iRules Language eXtensions (where the LX comes from) is the next-generation of network programmability based on JavaScript. IRules LX is not intended to replace or antiquate Tcl, but provide additional functionality in certain situations.

Say you are writing a rule in Tcl that looks for some piece of data. When you find that data, you then need to make a database call to verify the parameters. That could get messy with many lines of code. You may even say to yourself, ‘Geeze, this would be a whole lot easier if I had a parser…wouldn’t that be nice.’ This is where IRules LX can be handy. Toss it over to a Node.js extension and let it do the work. With the proper node package manger (npm), of which there are some 280,000 (and counting), iRules LX will process and send back to Tcl so you can go on your merry way.

F5_Programmability-ISC_2015-v1_1b.jpg

Essentially, that last 10% is 90% of the work so why not have a proper engine run it.

IRules LX is a simple way to solve tough challenges…another tool to use when you need it. Granted, it is not necessarily a hammer but that particular hex tool for precise jobs. It also bridges into the new world of programming. Tcl is still very relevant yet Node.js a popular, cutting edge language that the development community has eaten up. It offers more flexibility when you need it and a new tool in your arsenal of application delivery solutions.

You should also check out Eric Flores' Getting Started with iRules LX series which covers some concepts, use cases, configurations and workflows.

ps

Related:




Are People Programmable?

Posted in silva, music, devcentral, emotions, humans, family, predictions, programmability by psilva on June 1st, 2016

For the month of June, DevCentral is highlighting our Programmability Month and Codeshare Challenge. A fantastic opportunity to catch up on the power of programmability and learn how the BIG-IP platform can transform your infrastructure with a few lines of code.

Since my coding ability is still in the infancy stage, I thought of looking at programmability from a different angle. Can we code a human?

First, the word 'Programmability.' According to multiple sources including dictionary.com, it is derived from the adjective ‘Programmable’ or capable of being programmed. As a noun, it can be an electronic device that can be programmed to perform specific tasks. We hear the word Program in many different contexts – a plan of action to accomplish something, a schedule of events, a television/entertainment program, a planned group of activities for a purpose and so forth. In computing, of course, we hear the word programmer as someone who writes code to facilitate certain functionality within a computer program or application.

But can code be applied to humans? Are we programmable?

dna_spiral_dark_lines_figure_38174_800x6

DNA is our personal genetic code. It determines our eye and hair color, gender, and all of the traits, characteristics and personality that make you, you. Every cell in our body contains a complete set of our DNA. While 99.9% of the DNA from two people will be identical, it’s the 0.1% of DNA code sequences that vary from person to person. This is what make us unique. This is our genetic marker and what scientists look for to use when doing a DNA test.

Genetic disorders are situations where there’s a bug in the DNA code. The gene mutated. For instance, the GLUD1 gene is a Protein Coding gene that encodes mitochondrial enzyme glutamate dehydrogenase (GDH) and is used to control insulin secretion in the pancreas. But if the gene is mutated, then the person could produce too much insulin. The pancreas server works perfectly but it is the gene’s code telling the pancreas what to accomplish that is flawed. My daughter has this genetic disorder – HI/HA GDH. Her GLUD1 code has an insulin bug.

Doctors have been able to flip genes. In lab studies, researchers at The Children’s Hospital of Philadelphia have reprogramed gene expression, showing a proof-of-concept for potential therapy. Reprogramming the gene expression to reverse a biological switch. Imagine being able to reprogram a gene to function properly. Diagnosed with a certain ailment? Let’s change the code with an i{Human}Rule to 0.

It's also interesting and partially scary to think that in the future, instead of getting colored contacts to change your eye color, you could insert the color code into your DNA for a particular look.

And now for something slightly different…

In 1942 Nikola Tesla said, ‘If you want to find the secrets of the Universe, think in terms of energy, frequency and vibration.’ There is a frequency or vibration of energy that fills the Universe. It's alive.

peter_aura_sm051708.jpg

The Universe is energy and each basic element of the atomic chart consists of energy at different rates of vibration. Each person also has their own frequency. With this in mind, I recently went to have some Quantum Biofeedback ‘new age’ therapy due to some back/neck issues. I already see a chiropractor and acupuncturist and thought this might help me delay back surgery.

The idea behind Quantum Biofeedback is that the body is electric and therefore reactivity in the body can be measured electrically since every cell, organ, meridian and emotion has a characteristic electro-magnetic signature. You get hooked up to a few electrodes and it takes a bunch of measurements to determine the electrical factors of the body. It calculates combinations of impedance, amperage, voltage, capacitance, inductance, and resistance. If the frequency of your lungs are off, the system can send the exact frequency of healthy lungs until your lungs respond with that frequency. Essentially reprogramming your lungs to the correct frequency to function properly.

There's also the notion that the 520Hz frequency is the Love frequency. Supposedly it is the 'Miracle' note of the original Solfeggio musical scale. These core creative frequencies were used by ancient priests and healers in advanced civilizations to manifest miracles and produce blessings. The claim is that listening to 528Hz tones/music will heal your DNA. Amazon has a whole section of 528Hz music and if you didn't know, John Lennon's 'Imagine' was recorded in 528Hz. That's why you feel good when listening to the song.

As with any of these non-traditional techniques, there are the pseudoscience naysayers, those who feel it is a scam and those who received no benefit from the therapy session. Their body simply didn’t respond. Happens often in medicine and science. For me, it helped a little but I’m still looking at getting cut and wearing a neck brace for a couple weeks to fix my back issue. As with anything like this, your mileage may vary and I'm not endorsing this technique, I have my wonders too. But the idea of being able to reprogram the human body via energy, frequency and vibrations is interesting. At least to me.

There are a few folks, of course, studying this.

In 2008, scientists looked at Free Will vs. The Programmed Brain to determine if we have a choice about anything. If our actions are determined by prior events and if people believe that they don’t have free will, what will the consequences be for moral responsibility? Do we have any responsibility for what we do since our actions are inevitable consequences of the events leading up to the action? Essentially, what happens when we think our choices have already been predetermined for us and we cannot change that? They found that we hold ourselves responsible when we think that our actions come from free will and we behave less responsibly if we feel our actions as beyond our control. If we think that there’s no point in trying to be good, then we’re less likely to try.

The World Bank has discovered that people are programmable from an economic perspective. In 2014, they released the 2015 World Development Report looking at mind, society and behavior. The assumption for many economic policies is that human behavior arises from “rational “choice with people considering all readily available information, and making decisions on their own. In recent decades, however, novel policies based on a more accurate understanding of how people actually think and behave have shown great promise in addressing some of the most difficult development challenges. They seem to conclude that people are programmable, and some (poor people) are more programmable than others. A number of folks are critical of the report as you can imagine.

emerging-tech-hc.png

Lastly, Gartner’s 2015 hype cycle for Emerging Technologies gives a hint of our programmable future. While IoT is currently riding the top, you can see a few coming up in the next decade that have programmable humans in sight. They got Human Augmentation and Brain-Computer interface neck and neck. Want to become an expert in no time? Simply connect your brain to your laptop and download all the knowledge. Personally I think the brain interface is more about thinking what you want done (click the mouse), and the computer does it with no hand interaction. We’ll shall see.

This article started as an idea about humans, habits and if we can be programmed to change behavior. As I dug in, it became apparent that it wasn’t so simple to concretely conclude but appreciate you coming along this far. As you engage with this month’s Programmability features and how they can help with your environment, think about how programmability may impact all our lives in the near future. Or you can watch this gem from The Office: The Office Classical Conditioning.

ps




The Visible Data of the Invisible User

Posted in security, f5, silva, data center, mobile, devcentral, big data, iot, sensors, wearable by psilva on May 3rd, 2016

walkerlable.jpg

As the march to connect each and every noun on this planet continues with a blistering pace, the various ways, contraptions and sensors used to collect data is greatly expanding. What once was a (relatively) small collection of fitness trackers, smartwatches, thermostats, automobiles and surveillance cameras has grown into a an industry where shirts, shoes, sleeping bags and even liquor bottles want to gather your info. And most of these devices monitor silently without you even knowing. According to Ryan Matthew Pierson over at Readwrite.com, ‘The strength of IoT is in its ability to be invisible to the user.

In addition, the mad dash to simply insert a chip, beacon and software into everyday objects is slowly graduating to era where user experience, privacy and security are becoming critically important for mass adoption. In 2014 Gartner released a report saying the typical family home could have as many as 500 smart devices by 2022. The Consumer Technology Association (CTA) notes that 20% of US households now own an activity tracking wearable device, two-times the households that owned one last year. And Nielsen reported that smartphone penetration has reached 82% in the U.S.

Interacting and engaging with the customer in real time is a desire of many organizations.

From media and entertainment, to appliances, to transport technologies, to security and environmental controls, along with healthcare and fitness equipment almost every ‘thing’ around us will track something. Or as Dr. Nick Riviera sings, ‘The knee bone's connected to the something. The something's connected to the red thing. The red thing's connected to my wrist watch... Uh oh.’

And it is not only consumer items.

farmapp.jpg

The Industrial IoT is helping farmers with connected tractors, soil sensors, crop health apps and the like. There are HVAC systems that are managed by sensors; Streetlights, utilities, parking and traffic in a connected city; and even sports teams are using wearable tech to gain a competitive advantage. And according to Research and Markets, wearable tech in schools is set to surge over the next 5 years.

With the IoT growth comes threats, along with resources to reduce the risks. In Gartner’s latest forecast, IoT security spending is set to nearly double between 2014 and 2018, growing from about $232 million to almost $550 million. Nearly $350 million will go into securing IoT this year alone. They also predict that there will be 6.4 billion connected devices in use worldwide this year, up 30% from 2015.

The security investment is good news since according to Spiceworks and Cox Business, the flood of IT devices entering the market does create security and privacy issues in the workplace. 84% of their survey-takers named the growing number of entry points into the network as a major concern. Number two on the list, at 70% of respondents, was insufficient security measures on the part of IoT manufacturers.

But soon we might be able to solve some of the challenges with our Brain.

There are some very smart research brains out there that have come up with a way to identify you by your brain waves with 100% accuracy. This is your Brainprint. A team of researchers at Binghamton University, recorded the brain activity of 50 people wearing an electroencephalogram headset while they looked at a series of 500 images. The pictures were designed specifically to elicit unique responses from person to person. Images included things like pizza, a boat, certain words, celebrities and so forth. They found that participants' brains reacted differently to each image, enough that a computer system was able to identify each volunteer's ‘brainprint’ with 100% accuracy.

According to researchers, brain biometrics are appealing because they are cancellable and cannot be stolen by malicious means like a fingerprint or retina scan. The results indicate that brainwaves could be used by security systems to verify a person's identity. This could be key since our personal data and pattern of life seems to be more valuable now than a silly, worthless credit card number.

Brain & Invisibility: Activate!

   << signed 'ps' in Invisible Ink

Related:




You Never Know When…

Posted in silva, mobile, blogging, blog traffic, smartphone, scams by psilva on April 28th, 2016

An old article gets new life. #TBT

Back in 2012 I wrote an article titled Bait Phone. It was about cops dropping mobile phones with a tracking device and following the stealing culprit for an arrest. Like Bait Car but with a smartphone.

Over the weekend, I noticed that the article was blowing up but couldn’t figure out why:

428bait.jpg

I even tweeted out on Monday:

baittweet.jpg

At the time, I didn't realize something else was at play.

Then I decided to do a twitter search:

bait_tw.jpg

And found that a video with the same name as my blog post was trending: Bait Phone 2 - basically a stun gun with a remote. Over 2.2 million YouTube views in less than a week. It’s a prank video where they have a remote zapper to sting the culprits when they grab & walk away with the phone. One guy - who had it in his pocket - denied taking it until he was personally shocked.

When I did a Google search over the weekend, my article was still at the top but now the article is like #13 listed (maybe even lower) and the video has taken the top spot.

But you never know when an old article might pop due to some other circumstances. At least folks are reading it and not totally bailing!

Fun stuff.

ps 




The Dangerous Game of DNS

credit-card-perspective.jpg

The Domain Name Service (DNS) is one of the most important components in networking infrastructure, enabling users and services to access applications by translating URLs (names) into IP addresses (numbers). Because every icon and URL and all embedded content on a website requires a DNS lookup, loading complex sites necessitates hundreds of DNS queries.

And because of that, DNS is a precious target and only lags behind http as the most targeted protocol.

DDoS-ing DNS is an effective way to make the service unavailable. As the flood of malicious DNS requests hit the infrastructure, the service can become unresponsive if there is not enough capacity. Organizations can add more servers or turn to their cloud-based security provider for help. One of the strategies cloud-based security providers use to shield DNS is DNS redirection. Cloud providers will divert incoming traffic to their own infrastructure, which is resilient enough to detect and absorb these attacks. The success of this strategy however depends on how well the website's original IP address can be shielded. If the bad guy can find that IP address, then they can get around the protection.

So is DNS redirection effective? Researchers decided to find out.

Scientists from KU Leuven in Belgium built a tool called CLOUDPIERCER, which automatically tries to retrieve websites' original IP address, including the use of unprotected subdomains. Almost 18,000 websites, protected by five different providers, were part to the team's DNS redirection vulnerability tests. In more than 70% of the cases, CLOUDPIERCER was able to retrieve the website's original IP address - the precise info needed to launch a successful attack.

Researchers did share their findings with those cloud-based providers and have made CLOUDPIERCER freely available for organizations to test their own DNS infrastructure.

In another DNS scam, a new version of the NewPosThings PoS (point of sale, not…) malware is using DNS rather than http/https/ftp to extract data from infected PoS terminals. This is an interesting twist since most security solutions monitor http/https traffic for suspicious activity. Anti-virus doesn’t necessarily watch DNS and admins cannot simply turn off DNS since they need it to resolve hostnames and domains. Seems like a clear shot.

The newest version of NewPoSThings is nicknamed MULTIGRAIN and it only targets (and infects) one specific type of PoS platform: The multi.exe process, specific to a popular electronic draft capture software package. If the multi.exe process is not found the malware moves on. Once inside, the malware waits for the Track 2 credit card data and once it has the data, it encrypts and encodes it before sending to the bad guy via a DNS query.

The use of DNS for data exfiltration on PoS devices is not new and shows not only how attackers can adjust to different environments but also, that organizations need to be more aware of their DNS traffic for potential anomalies.

BIG-IP could also help in both instances.

For the redirection issue, BIG-IP or our Silverline Managed Service offers Proxy mode with DNS redirection. With Routed Mode, we offer BGP to Silverline then Generic Routing Encapsulation (GRE) tunnels or L2VPN back to the customer to mask the original IP address.

For the PoS malware, BIG-IP can utilize a DNS response policy zone (RPZ) as a firewall or outbound domain filtering mechanism. An RPZ is a zone that contains a list of known malicious Internet domains. The list includes a resource record set (RRset) for each malicious domain and each RRset includes the names of the malicious domain and any subdomains of the domain.

When the BIG-IP system receives a DNS query for a domain that is on the malicious domain list of the RPZ, the system responds in one of two ways based on your configuration. You can configure the system to return an NXDOMAIN record that indicates that the domain does not exist or return a response that directs the user to a walled garden.

rpz1.png

BIG-IP returns NXDOMAIN response to DNS query for malicious domain

rpz2.png

BIG-IP forwards DNS query for malicious domain to walled garden

DNS is one of those technologies that is so crucial for a functioning internet, especially for human interaction. Yet is often overlooked or seems to only get attention when things are broken. Maybe take a gander today to make sure your DNS infrastructure is secure, scalable and ready to answer each and every query. Ignoring DNS can have grave consequences.

ps

Related:




You’re Getting Under My (e)-Skin

Posted in f5, cloud computing, silva, application delivery, big data, iot, sensors, wearable by psilva on April 20th, 2016

utokyo.jpg

Imagine if the temporary tattoos that come in a box of Cracker Jack (if you’re lucky) had an electronic display logo that lights up when you put it on. Or a fitness tracker that you tape to yourself rather than wearing it around your wrist. Or a watch so thin that it lights the time while blending into your skin. Or even, a sensor that can be applied directly to an organ to determine health.

This is the future for electronic skin. Yup, I said it: E-Skin.

Researchers in Japan have developed an ultra-thin and ultra-stretchy material that can mimic the flexibility of human skin. Ultraflexible organic photonic skin is an organic polymer with light-emitting diodes (PLEDs) or small sheets of energy-efficient lights that are laminated right on the skin. These are intended to equip the human body with electronic components for health-monitoring and information technologies. These are transparent but when powered with electrical pulses, it’ll emit a colored light, number or letter depending on the implementation. The arrangement of PLEDs can also display more complex information. They also report that this PLED film produced less heat and consumed less power than previous e-skin samples.

The interesting thing here is that they used organic materials, added an extra layer of film to protect it from oxygen and water, so it lasted several days. Past organic efforts lasted less than a day due to air exposure. Today, non-organic materials used to make super-thin tattoo-like monitoring devices can last weeks or longer.

These advancements will only fuel the health care wearable market which is growing exponentially.

HCW-16-chart.jpg

Research firm Tractica released findings from its report ‘Wearable Devices for Healthcare Markets’ that show worldwide shipments of healthcare wearables will increase from 2.5 million in 2016 to 97.6 million in 2021…or $17.8 Billion in yearly revenue. The general wearable device market will increase from 85 million units in 2015 to 559.6 million units by 2021 - a compound annual growth rate of about 37%.

If you thought the influx of data center and cloud traffic from mobile was big, just wait until all our body vitals start hitting the wire. Add that to all the other IoT initiates, like home/automotive, big data suddenly turns into ginormous data.

While we may instantly think about the fitness trackers and smartwatches that garner our bodies, the health care industry is also looking at the treatment of chronic diseases, wellness programs, remote patient monitoring and physician use. And there are other devices like posture monitors, connected wearable patches and pain management wearables that are gaining ground.

I can already hear the posture sensor barking, 'Stop Slouching!' and a pain patch that actually works instead of those menthol smelling globs – great idea!

ps

Related




Let the Training Begin!

Posted in f5, big-ip, silva, application delivery, certification by psilva on April 13th, 2016

A few weeks ago I mentioned that I was on a journey to getting properly trained and reacquainted with the more technical nuances of F5 solutions with the goal of achieving F5 Professional Certification sometime this year. In fact, most of F5’s DevCentral team is also shooting for certification and we’ve set up our study path.

As a refresher, F5 has a number of educational programs to help you get acquainted, get fully trained or become a Certified Professional with F5 gear. From free online courses to instructor led classroom seminars to challenging your knowledge with a certification, F5 can help you, as it is helping me, understand the inner workings of BIG-IP. I began at F5 University with the Getting Started series and was able to get through a number of modules at my own pace.

This week, the DC team is in Seattle at the Mother Ship and we decided to kick off our study prep while we’re together. This is for the initial 101-Application Delivery Fundamentals exam and we’re using Eric Mitchell’s excellent Study Guide as our guide. There is also an Exam Blueprint available that goes through the objectives of each section and gives examples of the types of questions asked. Um, what's the purpose and functionality of MTU and MSS again?

osi.jpg

The 101-Application Delivery Fundamentals test is the first exam required to achieve F5 Certified BIG-IP Administrator status. All candidates must take this exam to move forward in the program. Successful completion of the 101 exam acknowledges the skills and understanding necessary for day-to-day management of Application Delivery Networks (ADNs). The 101 exam is not so much, how do you do this on a BIG-IP but more about the basics of the OSI model, networking, protocols, common traffic management/load balancing concepts, cryptographic services and application delivery platforms in general. The essential knowledge needed to deploy any application delivery controller.

We’ve decided to each take and prepare a section of the study guide and present to the team. We’ve set up weekly meetings and each week is an exam section. This week is the OSI model and (theoretically) in 5 weeks, we should be ready to take the exam. If you are prepping or planning to get certified at our Agility event in Chicago this summer, you and your team may want to consider that approach. All the learning benefits, with slightly less stress.

So that’s our most recent update as we continue on the certification path. If you’d like a step-by-step guide, including how to register and schedule your exam, check out Austin Geraci’s article Becoming F5 Certified - BIG-IP Administrator Certification - 101 & 201 Exams and/or join the F5 Certified! Professionals group on LinkedIn. Good stuff.

ps 

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]



Plugging Data Leaks

dataharvest.png

Whether intentional or accidental, data leaks are a huge concern for organizations. And it has been for years. Going back to a 2004 survey from an IT security forum hosted by Qualys, found that 67% of security executives do not have controls in place to prevent data leakage, A December 2006 survey, Boston-based researchers Simon Management Group noted that some 78% of respondents said they were "very concerned" about data exposure. A 2010 article published by Trustwave on CSOonline.comsaid that 65% of leakage occurs due to the following combined methods: Microsoft SMB sharing, Remote Access Applications, and Native FTP clients.

And a recent informal survey conducted by the Avast Mobile Enterprise team at two healthcare technology events indicates that Data Leakage (69%) was the greatest security concern of Healthcare CISOs. Insider threats (34%) and Malware (28%) got silver and bronze.

Information seems to be the gold standard in today’s digital society and it comes in many forms. It can be personally identifiable information (PII) of customers or employees; it can be corporate or financial info; it can be litigation related; it can also be health care related and really, any data that should be kept secret…except from those who are authorized to view it.

According to Cisco, some risky behavior by employees can aggravate the situation. Areas included:

  • Unauthorized application use: 70% of IT professionals believe the use of unauthorized programs resulted in as many as half of their companies' data loss incidents.
  • Misuse of corporate computers: 44% of employees share work devices with others without supervision.
  • Unauthorized physical and network access: 39% of IT professionals said they have dealt with an employee accessing unauthorized parts of a company's network or facility.
  • Remote worker security: 46% of employees admitted to transferring files between work and personal computers when working from home.
  • Misuse of passwords: 18% of employees share passwords with co-workers. That rate jumps to 25 percent in China, India, and Italy.

How can you reduce and mitigate some data leakage risks? BIG-IP can help shore up some areas.

The overall category of Data Loss Prevention (DLP) is a multi-faceted area of security that encompasses securing data storage, data transmission, and data in-use. Specifically, BIG-IP ASM focuses on the protection of data in-flight. For instance, ASM’s DataGuard is a method of protecting against SSN or CC# information from leaking out of back-end databases but ASM’s benefits in a DLP strategy extend well beyond that. DLP is concerned with unauthorized access to any private data, whether confidential personal or corporate information. ASM provides comprehensive protection against unauthorized back-end database access, by preventing the exploit of well-known vulnerabilities such as XSS, SQL-injection, cookie poisoning, etc. If you can’t even reach the info, less likelihood of it leaking.

No single product is going to provide a comprehensive, all inclusive DLP solution. HIPAA, PCI, and other regulatory standards are focused almost entirely on DLP. BIG-IP ASM, as a WAF, provides a vital part of any overall DLP solution in today’s security-conscious environment.

ps

Related:





« Older episodes ·