Sunday, 12 June 2022

**** 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐓𝐢𝐩𝐬 𝐀𝐛𝐨𝐮𝐭 𝐅𝟓 "𝐂𝐨𝐨𝐤𝐢𝐞 𝐏𝐞𝐫𝐬𝐢𝐬𝐭𝐞𝐧𝐜𝐞 𝐏𝐫𝐨𝐟𝐢𝐥𝐞" ****

 As a Security Concern, there are always some Companies that reveals their 𝐒𝐞𝐧𝐬𝐢𝐭𝐢𝐯𝐞 𝐈𝐧𝐟𝐨𝐫𝐦𝐚𝐭𝐢𝐨𝐧 from Inside to Outside the Company, intentionally or unintentionally!

Today, I am going to share some 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐑𝐞𝐜𝐨𝐦𝐦𝐞𝐧𝐝𝐚𝐭𝐢𝐨𝐧𝐬 about securing the F5 "𝐂𝐨𝐨𝐤𝐢𝐞 𝐏𝐞𝐫𝐬𝐢𝐬𝐭𝐞𝐧𝐜𝐞 𝐏𝐫𝐨𝐟𝐢𝐥𝐞", as it is so popular for 𝐀𝐩𝐩-𝐥𝐚𝐲𝐞𝐫 (𝐇𝐓𝐓𝐏) 𝐏𝐞𝐫𝐬𝐢𝐬𝐭𝐞𝐧𝐜𝐲 Technique in 𝐁𝐈𝐆-𝐈𝐏 𝐋𝐓𝐌 𝐌𝐨𝐝𝐮𝐥𝐞.

Absolutely, keeping these simple rules could prevent from or at least reduce the risk of Information Leakage about your "𝐒𝐞𝐫𝐯𝐞𝐫 𝐏𝐨𝐨𝐥'𝐬 𝐍𝐚𝐦𝐞" and specially the Involved "𝐏𝐨𝐨𝐥 𝐌𝐞𝐦𝐞𝐛𝐞𝐫'𝐬 𝐈𝐏 𝐀𝐝𝐝𝐫𝐞𝐬𝐬"! Below are my Recommendation Tips:

⊛ 𝐔𝐬𝐞 𝐲𝐨𝐮𝐫 𝐃𝐞𝐬𝐢𝐫𝐞𝐝 "𝐂𝐨𝐨𝐤𝐢𝐞 𝐍𝐚𝐦𝐞" (𝐀𝐧𝐝 𝐍𝐎𝐓 𝐭𝐡𝐞 𝐃𝐞𝐟𝐚𝐮𝐥𝐭 𝐅𝐨𝐫𝐦𝐚𝐭) --> In case of using Mobile-App or some special Scenarios, you may need to inform your Front-end Developer regarding the New Cookie Object which is created by TMOS, and used JUST between F5 and Client App

⊛ 𝐂𝐡𝐚𝐧𝐠𝐞 𝐭𝐡𝐞 𝐒𝐭𝐚𝐭𝐞 𝐨𝐟 "𝐃𝐞𝐟𝐚𝐮𝐥𝐭 𝐂𝐨𝐨𝐤𝐢𝐞 𝐄𝐧𝐜𝐫𝐲𝐩𝐭 𝐏𝐨𝐨𝐥 𝐍𝐚𝐦𝐞" --> "Enable"

⊛ 𝐄𝐧𝐚𝐛𝐥𝐞 𝐚𝐧𝐝 𝐒𝐞𝐭 𝐭𝐡𝐞 𝐕𝐚𝐥𝐮𝐞 𝐨𝐟 "𝐂𝐨𝐨𝐤𝐢𝐞 𝐄𝐧𝐜𝐫𝐲𝐩𝐭𝐢𝐨𝐧 𝐔𝐬𝐞 𝐏𝐨𝐥𝐢𝐜𝐲" --> "Required"

⊛ 𝐂𝐡𝐨𝐨𝐬𝐞 𝐚𝐧𝐝 𝐓𝐲𝐩𝐞 𝐒𝐭𝐫𝐨𝐧𝐠 "𝐄𝐧𝐜𝐫𝐲𝐩𝐭𝐢𝐨𝐧 𝐏𝐚𝐬𝐬𝐩𝐡𝐫𝐚𝐬𝐞" 

No comments:

Post a Comment

iRule

  iRule: -- o iRule is a powerful and flexible feature within the BIG-IP local traffic management (LTM). o IRule is a powerful & flexibl...