Skip to main content

BIG IP F5 DataSafe

 DataSafe is all about malware and the threat malware posses. Malware is usually injected in end host and the username, password, social security number , credit card number is usually theft making use of it. End User accesses any application like internet banking and this the point when malware get activated. DataSafe is all about protecting user while data is in use which basically means protecting while used is inputting username and password in case of internet banking. 

DataSafe Benefits

1. Protects data-in-use input fields
2. Protects against keyboard logging
3. Dynamically obfuscates HTML form fields
4. Performs encryption of data ( such as passwords) in real time.

Fraud Protection Service (FPS) license is required for using DataSafe profile. DataSafe profile is located under Security > Data Protection > DataSafe Profiles. DataSafe Profile once configured must be applied under Virtual Server like we do for Application Security Profile.

Before DataSafe

1. No Encryption 

Let me briefly display you the application that we are currently trying to use Datasafe profile and protect it . Before we start using DataSafe profile in the virtual server let me show you the issues that we face before it . Below is the page that we are going to secure making use of DataSafe profile.



Once we login inside the site we can clearly in the below image that our username and password is clearly visible . We will need to inspect in order to see the payload.



Now , let's imagine  the end host PC is infected  with malware. So, basically there will usually be two types of malware one which gets activated after we click the login page inputting username and password and the other one would get immediately activated after we start inputting username and password. This type of malware is also known as key stroke logger. Malware will now send the username and password details to the dead zone (Attacker ).
2. No Obfuscation
Obfuscates the form field names and change their names dynamically in order to mitigate bot activity on forms. Without Obfuscation your parameter for username and password will be visible which attacker will gain privilege  from and create malware accordingly. We can clearly see below that name=UserName and also name=Password. Obfuscating will dynamically change their named which will not be humanly readable.

3. No Decoy Input Fields

Last major problem that we face is although the parameters like username and password can be obfuscated there does exists one more issues which is visibility of source code. Using Decoy inputs we can easily change the source code making use of adding different fields every few seconds. 

After DataSafe Profile
1. Encryption
Encryption is the first major protection that DataSafe Profile provides. Encryption can be provided both while inputting the form fields ( Example : Username and password ) as well as while during logging in. We can clearly see in the below example how encryption work comparing it with the older one where we could clearly see username and password. Malware will only be able to send the encrypted username and password to the attacker.


2. HTML Field Obfuscation
Using obfuscation we can see parameters is now not visible and random number appears and on top of that the numbers will get changed from time to time.

Decoy Inputs

This is the one that must be used as this feature not only changes the certain parameters characters but add random string in the entire source code. On top of that the integer also do change from time to time. We can see in below image how decoy is working where id randomly adds characters and string into the source page which would make impossible for the hackers to find the original source code.

Configuration

DataSafe profile is located under Security > Data Protection > DataSafe Profiles. DataSafe Profile once configured must be applied under Virtual Server like we do for Application Security Profile.
We must first specify the exact URI that we are trying to protect along with the parameter name.
Parameter must also be mentioned along with the URI path for DataSafe profile to be completed.













DataSafe Profile finally needs to be used along with the Virtual Server and bingo !





























Labels

Labels:

Comments

Post a Comment

Popular posts from this blog

SAN Switch Zoning with Brocade

Zoning in Brocade SAN Switch Let's begin with resetting the switch completely. In my environment I have two brocade SAN Switch connecting to 2 Dell R940 server configured with VMware. The SAN switch will be having connectivity between Dell Unity 500 storage and Dell R940 servers. Multipathing will be done between the server and storage with the help of SAN Switch. Multipathing, also called SAN multipathing or I/O multipathing, is the establishment of multiple physical routes between a server and the storage device that supports. It results in better fault tolerance and performance enhancement. DESIGN The idea behind zoning is that intended WWPN talk with each other . This is more like ACL in the world of Ethernet. To see the devices which are logged into the switch the following commands can be executed. SAN-A:admin> switchshow switchName: SAN-A switchType: 118.1 switchState: Online switchMode: Native switchRole: Principal switchDomain: 1 switchId: ...
Post a Comment
Read more

Device Mapper Multipath with LVM in Oracle Linux

This blog describes you the step by step procedure for configuring multipath in liunx using Device Mapper and will also help you understanding what Device Mapper is. Simply stating Device Mapper is an interface to Linux Kernel which helps us to configure multiple I/O path between the server and the storage arrays.  Device Mapper interface allows the linux kernel to communicate with LVM Logical Volumes, EVMS Volumes , Software RAID, multipath and many other solutions. Multipathing is a must for all those mission critical applications as we all know that data is the most important thing in an enterprise network . Let me now share the installation process for multipathing. Installing Device Mapper #yum install device-mapper-multipath -y #rpm -qa | grep device-mapper Enabling Multipath #cp /usr/sare/doc/device-mapper-multipath - */multipath.conf   /etc/multipath.conf #mpathconf -enable -user_firendly_names n #modprobe dm_multipath #lsmod | grep dm_multip...
Post a Comment
Read more

Upgrade Catalyst C9500

Upgrading Catalyst 9500 series switch is relatively easy. The one that I'm going to upgrade today is on Install mode containing packages.conf file. Install mode consumes far less resources in compared to the traditional bundle mode and has some advantage like auto upgrade when configured in stacked mode. We can talk about the difference between bundle and install mode later on. Let's focus on upgrading the Catalyst 9500 switch. Switch I am trying to upgrade is in 17.03.03 which has some bugs and security vulnerabilities. I am upgrading it from 17.03.03 to 17.6.5(MD) golden image present in the cisco download site for C9500 series switch and also reading down the linked document from cisco that is what they recommend. You can have a look at it . https://www.cisco.com/c/en/us/support/docs/switches/catalyst-9300-series-switches/221498-recommended-releases-for-catalyst-9200-9.html We will first need to create FTP username and password in the switch. The username and password must b...
1 comment
Read more