Forum Discussion

field_bad_service's avatar
field_bad_service
Icon for Altocumulus rankAltocumulus
Dec 06, 2023

How to block software information from BigIP APM

Hello everybody,

I am facing a challenge with the exposure of information in Censys when using a portal via BIgIP APM. I would like to know if it is possible to restrict access or block information publicly displayed by Censys.

Currently, when I use Censys, I notice that some information is being publicly exposed, and I would like to take steps to limit or prevent this exposure.

My question is: is there any specific setting, profile, policy etc in BIgIP APM that can be adjusted to prevent certain information from being publicly displayed?

security

4 Replies

Sort By
  • zamroni777's avatar
    zamroni777
    Icon for Cumulonimbus rankCumulonimbus
    Dec 06, 2023

    if those fields comes from f5's http response header, you can try use irules or traffic policy to remove the headers

    • field_bad_service's avatar
      field_bad_service
      Icon for Altocumulus rankAltocumulus
      Dec 08, 2023

      Thanks for your response.


      The problem is precisely this, I don't know exactly where this information is coming from, the question is along these lines, finding out where this is visible so that it can be blocked and not be something exploitable.

      • zamroni777's avatar
        zamroni777
        Icon for Cumulonimbus rankCumulonimbus
        Dec 08, 2023

        you can use Network tab in browser's Developer Tool to see the http details.

        tcpdump -s0 -f5 ssl ... can also give you the plain http layer data.

  • Lucas_Thompson's avatar
    Lucas_Thompson
    Icon for Employee rankEmployee
    Dec 13, 2023

    You'll have to figure out how that Censys system creates these guesses. The vendor may be able to provide this information, though security vendors often are secretive or rely on obsucurity: they may not want to divulge how their product works technically in an effort to thwart researchers. It may also be that this Censys product combines multiple sources of information at different layers of the OSI stack and has a complex set of rules to arrive at a guess. 

    You can read here about how this stuff works at L4 (IP/TCP):

    https://my.f5.com/manage/s/article/K9491

    You can read here about how this stuff works at L5-L6 (TLS):

    https://community.f5.com/t5/technical-articles/tls-fingerprinting-update-a-method-for-identifying-a-tls-client/ta-p/286117

    You can read about one method to fingerprint a BIG-IP at L7:

    https://my.f5.com/manage/s/article/K30552235