Skip to main content

BIG IP F5 DataSafe

 DataSafe is all about malware and the threat malware posses. Malware is usually injected in end host and the username, password, social security number , credit card number is usually theft making use of it. End User accesses any application like internet banking and this the point when malware get activated. DataSafe is all about protecting user while data is in use which basically means protecting while used is inputting username and password in case of internet banking. 

DataSafe Benefits

1. Protects data-in-use input fields
2. Protects against keyboard logging
3. Dynamically obfuscates HTML form fields
4. Performs encryption of data ( such as passwords) in real time.

Fraud Protection Service (FPS) license is required for using DataSafe profile. DataSafe profile is located under Security > Data Protection > DataSafe Profiles. DataSafe Profile once configured must be applied under Virtual Server like we do for Application Security Profile.

Before DataSafe

1. No Encryption 

Let me briefly display you the application that we are currently trying to use Datasafe profile and protect it . Before we start using DataSafe profile in the virtual server let me show you the issues that we face before it . Below is the page that we are going to secure making use of DataSafe profile.



Once we login inside the site we can clearly in the below image that our username and password is clearly visible . We will need to inspect in order to see the payload.



Now , let's imagine  the end host PC is infected  with malware. So, basically there will usually be two types of malware one which gets activated after we click the login page inputting username and password and the other one would get immediately activated after we start inputting username and password. This type of malware is also known as key stroke logger. Malware will now send the username and password details to the dead zone (Attacker ).
2. No Obfuscation
Obfuscates the form field names and change their names dynamically in order to mitigate bot activity on forms. Without Obfuscation your parameter for username and password will be visible which attacker will gain privilege  from and create malware accordingly. We can clearly see below that name=UserName and also name=Password. Obfuscating will dynamically change their named which will not be humanly readable.

3. No Decoy Input Fields

Last major problem that we face is although the parameters like username and password can be obfuscated there does exists one more issues which is visibility of source code. Using Decoy inputs we can easily change the source code making use of adding different fields every few seconds. 

After DataSafe Profile
1. Encryption
Encryption is the first major protection that DataSafe Profile provides. Encryption can be provided both while inputting the form fields ( Example : Username and password ) as well as while during logging in. We can clearly see in the below example how encryption work comparing it with the older one where we could clearly see username and password. Malware will only be able to send the encrypted username and password to the attacker.


2. HTML Field Obfuscation
Using obfuscation we can see parameters is now not visible and random number appears and on top of that the numbers will get changed from time to time.

Decoy Inputs

This is the one that must be used as this feature not only changes the certain parameters characters but add random string in the entire source code. On top of that the integer also do change from time to time. We can see in below image how decoy is working where id randomly adds characters and string into the source page which would make impossible for the hackers to find the original source code.

Configuration

DataSafe profile is located under Security > Data Protection > DataSafe Profiles. DataSafe Profile once configured must be applied under Virtual Server like we do for Application Security Profile.
We must first specify the exact URI that we are trying to protect along with the parameter name.
Parameter must also be mentioned along with the URI path for DataSafe profile to be completed.













DataSafe Profile finally needs to be used along with the Virtual Server and bingo !





























Labels:

Comments

Post a Comment

Popular posts from this blog

SSL Decryption FortiGate

  We have pretty much heard about SSL decryption and of malware hiding inside an encrypted traffic. A large amount of traffic in the internet is pretty much encrypted which basically means that bad things like malware, virus, ransomware can hide inside this encrypted traffic. If majority of these traffic are encrypted our Firewalls are not able to analyze these traffic which can easily infect our organization and the investment which we have done in these firewalls are wasted. There does come around a solution for this and as my topic suggest SSL Decryption also know as Deep Packet Inspection as by some IT folks. The image that I have attached down below clearly suggest about what I am trying to explain. Using deep packet inspection, the firewall simply decrypts the encrypted traffic happening  between client and server, inspects the content to find the threats and block them , then forwards it to the destination re-encrypting it . We will need to first setup the SSL/SSH in...
Post a Comment
Read more

SAN Switch Zoning with Brocade

Zoning in Brocade SAN Switch Let's begin with resetting the switch completely. In my environment I have two brocade SAN Switch connecting to 2 Dell R940 server configured with VMware. The SAN switch will be having connectivity between Dell Unity 500 storage and Dell R940 servers. Multipathing will be done between the server and storage with the help of SAN Switch. Multipathing, also called SAN multipathing or I/O multipathing, is the establishment of multiple physical routes between a server and the storage device that supports. It results in better fault tolerance and performance enhancement. DESIGN The idea behind zoning is that intended WWPN talk with each other . This is more like ACL in the world of Ethernet. To see the devices which are logged into the switch the following commands can be executed. SAN-A:admin> switchshow switchName: SAN-A switchType: 118.1 switchState: Online switchMode: Native switchRole: Principal switchDomain: 1 switchId: ...
Post a Comment
Read more

High Availability Palo Alto (Active/Standby)

 High Availability is usually performed in most of the data centers networks today which ensures application availability . High Availability is usually achieved in case one of the appliance goes down or have some physical or logical connectivity issues.  Achieving high availability in Palo Alto firewall is relatively very easy. Palo Alto firewall can work in both Active/Standby mode or in Active/Active. We will basically be talking about Active/Standby mode in this article. There are basically two links that needs to be configure in Palo Alto for HA. 1. Control Links Control Links are associated with control plane traffic which is mainly used for heartbeat exchanged, configuration synchronization. Dedicate HA ports are available in higher series of Palo Alto or even a HA interface can be created for some inband ports.   2. Data Links Data Links are mainly used for session synchronization, forwarding table synchronization. Dedicated HSCI Ports are available for highe...
Post a Comment
Read more