Forum Discussion
JohnnySV
Nimbostratus
NimbostratusHow does F5 Protect from Token Theft
We currently use F5 to establish secure connections to our remote desktop sessions for remote users. These users are using their personal machines so we dont provide any additional NextGen AV protection
Token stealing / Token Theft / Cookie session stealing to bypass MFA is a concern. An attacker can reply a token and byass MFA. How does F5's protect users from Token theft?
you may find this useful : https://my.f5.com/manage/s/article/K08943176
I am sorry I am not expert with APM module , but if you provision it , I think this Article will be useful for you.Hi,
Which functions / modules are you using?
APM and AWAF could possibly be used to look for more than cookies.
So cookies and say orginating IP. So if the IP changes it might have been hijacked.But if someone is on a mobile connection which could have its IP changed mid-session this may course other issues.
If you're using APM - you could look at client cert verification, or the agent to try to be more comfortable that your connection isn't hijackable.
JohnnySVDoes the F5 Big IP have the ability to enable Session Quotas?
Limit the number of active sessions a user can have simultaneously. If token theft occurred the previous session would time out, causing the user to alert
- boneyard
MVP
Things like that are possible, as asked before, which modules are you using? This helps giving hints of where to look for the functionality.
