Forum Discussion

JohnnySV's avatar
Icon for Nimbostratus rankNimbostratus
Sep 28, 2023

How does F5 Protect from Token Theft

We currently use F5 to establish secure connections to our remote desktop sessions for remote users. These users are using their personal machines so we dont provide any additional NextGen AV protection

Token stealing / Token Theft / Cookie session stealing to bypass MFA is a concern. An attacker can reply a token and byass MFA. How does F5's protect users from Token theft? 

4 Replies

  • Hi, 

    Which functions / modules are you using?
    APM and AWAF could possibly be used to look for more than cookies.
    So cookies and say orginating IP. So if the IP changes it might have been hijacked.

    But if someone is on a mobile connection which could have its IP changed mid-session this may course other issues.

    If you're using APM - you could look at client cert verification, or the agent to try to be more comfortable that your connection isn't hijackable.

  • Does the F5 Big IP have the ability to enable Session Quotas? 


    Limit the number of active sessions a user can have simultaneously. If token theft occurred the previous session would time out, causing the user to alert

    • boneyard's avatar
      Icon for MVP rankMVP

      Things like that are possible, as asked before, which modules are you using? This helps giving hints of where to look for the functionality.