Faster. Smarter. Safer.
Several weeks ago, we took off to Barcelona for the 11th edition of f5’s Agility. The unique line-up of keynotes, presentations, demonstrations, breakout sessions and more, provided us with some very interesting new insights. The event focused on making applications faster, smarter and safer.
In most companies, there is an increase in the number of applications that are used. Some of them are implemented and maintained by the IT team, but as SaaS (software-as-a-service) models are becoming more popular amongst users, this no longer always the case.
All these applications and where they are located have an important impact on the speed of the network.
In this blogpost we’ll discuss how you can make your network faster, smarter and safer.
Security in the Cloud
As you might know, there are different types of ‘cloud’: private, public and hybrid cloud. Hybrid cloud is a combination of the first two with multiple providers offering a variety of public and private options. Using a hybrid cloud allows you to keep each aspect in your business in the most efficient environment possible.
When choosing a cloud model, different drivers such as cost, agility scale, …, are taken into account.
Although, each cloud model has its own advantages and disadvantages with regards to security.
How to secure your end-to-end application delivery?
When using web applications, we recommend implementing an f5 Web Application Firewall (WAF) and/or an Application Security Manager (ASM) to secure them. Thus, preventing vulnerabilities in web applications from being exploited by outside threats.
Securing web applications with WAF / ASM
When traffic loads get high and need to be scaled, a load balancer can be added to the configuration to balance the traffic load between the servers. Adding a load balancer allows optimizing resource use, maximizing throughput, minimizing response time and avoiding overload of any single resource.
Adding a load balancer to the WAF
Some applications, e.g. accounting, HR, CRM applications, require user authentication and/or Secure Socket Layer (SSL) offloading, to make sure that the available data is only consulted by the people who are entitled to.
We recommend combining a two-factor or multi-factor authentication solution (2FA / MFA) together with an f5 Access Policy Manager (APM) to solve this issue.
Adding 2FA/MFA for user authentication.
As mentioned in the introduction, there are different drivers to opt for a public, private, hybrid cloud model. No matter what the reason is, we can link private and public cloud resources together with DNS (domain name system, formerly known as GTM). For example, when you need to cope with a peak in traffic, you can spin up resources in a public cloud (AWS, Azure, Google Cloud) to deliver the same user experience as usual.
DNS can also be used when you have a Disaster Recovery site or when you need to be provider independent.
Using DNS to include public cloud when needed
Securing the endpoint IoT device
Internet of Things (IoT) is growing faster than expected. IoT devices are hackers’ favorite targets (Mirai, BrickerBot, etc), which means we need to secure them.
IoT and Cloud are linked because all IoT devices talk to applications in the Cloud. How to secure this communication is explained above.
As f5 is contextually aware, we can strip the protocol from certain attributes so they can’t be misused for DDOS, data tampering and more.
During one of the breakout sessions we attended, someone asked how f5 will secure the endpoint IoT device. A good question, in my opinion; a pity f5 does not have an answer today. Luckily, at SecureLink, we have solutions based on a carefully selected portfolio containing different vendors. Therefore, we suggest the following approach:
- Secure the device from vulnerabilities
- Control the misuse of these devices as Bots
How to secure IoT devices from vulnerabilities?
If you want to secure devices (IoT in this example) against their vulnerabilities, there are only 2 ways to do that:
- Install patches of the vendor of this device
- Deploy an Intrusion Detection and Prevention (IDP) in front of these devices
The first action is the best one, but it might take a while before the vendor has a patch. A lot of these IoT device vendors (mainly in the consumer market) don’t bother to provide a patch. In the IIoT (Industrial Internet of Things) space, the main problem is that they can’t bring these devices down in time to patch them as production depends on them.
Conclusion: You first solve the problem with option 2 (IDP) and then patch the systems when you can.
How to control the misuse of these devices as Bots?
The second advice was to control the misuse of these IoT devices to be used as a Bot. The main problem is that most of the time you can’t control these devices, because they are created by third party vendors.
The only solution is to have a system that detects when these devices are contacting a Command and Control server. Detection only is not enough; we still need to act in an automated way. The best way to do this is to quarantine this device and take it off the network.
The solution that can detect and respond in an automated way is Juniper Networks SDSN solution.
If you want more information or have questions regarding the solutions mentioned above, please do not hesitate to contact us via firstname.lastname@example.org or via +32 3 641 95 95.If you want more information or have questions regarding the solutions mentioned above, please do not hesitate to contact us.