inquiry about BIGIP LTM`s security feature
regarding security screening my client request below ACL on BIGIP.
below things are cisco ACL but I`m not good at cisco.
I need to implement below ACL on BIGIP.
1> Source IP ACL access-list ㅇㅇㅇ deny ip 127.0.0.0 0.255.255.255 any access-list ㅇㅇㅇ deny ip 184.108.40.206 220.127.116.11 any access-list ㅇㅇㅇ deny ip host 0.0.0.0 any access-list ㅇㅇㅇ permit ip any any
2> DDoS attack depense access-list ㅁㅁㅁ deny ip 0.0.0.0 0.255.255.255 any access-list ㅁㅁㅁ deny ip 127.0.0.0 0.255.255.255 any access-list ㅁㅁㅁ deny ip 169.254.0.0 0.0.255.255 any access-list ㅁㅁㅁ deny ip 192.0.2.0 0.0.0.255 any access-list ㅁㅁㅁ permit ip any any
The security features of the F5 LTM I know are:
httpd and sshd allow -> only way to access bigip is using ssh or https
port lock down -> set which procotol is allowed
Virtual server`s standard type -> prevent syn flood
hardware / software syncookie protection -> I know vaguely.
packet filter -> I`m not good at this option
is there any more useful security feature, please let me know
and how does BIGIP defense IP spoofing and ICMP flooding?
When an attacker attacks a VIP or self ip, BIGIP will behave differently.
Do you know any more security feature, please let me know