Forum Discussion

GUIZ49_261118's avatar
GUIZ49_261118
Icon for Nimbostratus rankNimbostratus
Apr 26, 2016

LTM reverse proxy for Lync security capabilities

Hello we are planning to use LTM as reverse proxy for lync mobile, however I can't find any document explaining how LTM is making lync more secure, is LTM able to detect DDOS attack and to prevent account lockout? Thanks for your help

 

LTM
MobileSafe
security
  • Yann_Desmarest_'s avatar
    Yann_Desmarest_
    Apr 26, 2016

    Hello,

     

    In fact, you are able to do reverse proxy (full proxy capabilities - tcp connection on each side not correlated)

     

    You can add some offloading for error messages from the lync servers, you can add some security headers, you can restrict access to some specific uri and using irules you can protect against account lockout. (irule from devcentral named Lync_NTLM_Stalker_v1)

     

    You can also protect against L3 to L7 DDoS attacks.

     

    But, I don't remember that there is any official documentation explaining how to secure Lync services.

     

    So, you can do plenty of things using the BIG-IP for SFB architectures

     

8 Replies

Sort By
  • Yann_Desmarest_'s avatar
    Yann_Desmarest_
    Icon for Nacreous rankNacreous
    Apr 26, 2016

    Hello,

     

    In fact, you are able to do reverse proxy (full proxy capabilities - tcp connection on each side not correlated)

     

    You can add some offloading for error messages from the lync servers, you can add some security headers, you can restrict access to some specific uri and using irules you can protect against account lockout. (irule from devcentral named Lync_NTLM_Stalker_v1)

     

    You can also protect against L3 to L7 DDoS attacks.

     

    But, I don't remember that there is any official documentation explaining how to secure Lync services.

     

    So, you can do plenty of things using the BIG-IP for SFB architectures

     

    • GUIZ49_261118's avatar
      GUIZ49_261118
      Icon for Nimbostratus rankNimbostratus
      Apr 26, 2016
      hi Yann thanks for your reply -can i have more details about how we can protect again L£ to L& DDOS attacks using LTM ?
    • Yann_Desmarest_'s avatar
      Yann_Desmarest_
      Icon for Nacreous rankNacreous
      Apr 26, 2016
      You can use ASM with its L7 DDoS profiles. For L3-4 DDoS protection, you can use AFM or take advantages of the out of the box LTM features. You have options on the system section, on the TCP profile, you can also implement rate limiting on the Virtual Server, there is many ways to do the job. By design, the LTM is able to protect against network DoS attacks, by adding ASM, you add a protection against web based DoS attacks like HeavyURLs or HTTP flooding
    • GUIZ49_261118's avatar
      GUIZ49_261118
      Icon for Nimbostratus rankNimbostratus
      Apr 26, 2016
      thanks for the reply it is really unfortunate that there is no document that cover LTM securtiy for lync :(
  • Yann_Desmarest's avatar
    Yann_Desmarest
    Icon for Cirrus rankCirrus
    Apr 26, 2016

    Hello,

     

    In fact, you are able to do reverse proxy (full proxy capabilities - tcp connection on each side not correlated)

     

    You can add some offloading for error messages from the lync servers, you can add some security headers, you can restrict access to some specific uri and using irules you can protect against account lockout. (irule from devcentral named Lync_NTLM_Stalker_v1)

     

    You can also protect against L3 to L7 DDoS attacks.

     

    But, I don't remember that there is any official documentation explaining how to secure Lync services.

     

    So, you can do plenty of things using the BIG-IP for SFB architectures

     

    • GUIZ49_261118's avatar
      GUIZ49_261118
      Icon for Nimbostratus rankNimbostratus
      Apr 26, 2016
      hi Yann thanks for your reply -can i have more details about how we can protect again L£ to L& DDOS attacks using LTM ?
    • Yann_Desmarest's avatar
      Yann_Desmarest
      Icon for Cirrus rankCirrus
      Apr 26, 2016
      You can use ASM with its L7 DDoS profiles. For L3-4 DDoS protection, you can use AFM or take advantages of the out of the box LTM features. You have options on the system section, on the TCP profile, you can also implement rate limiting on the Virtual Server, there is many ways to do the job. By design, the LTM is able to protect against network DoS attacks, by adding ASM, you add a protection against web based DoS attacks like HeavyURLs or HTTP flooding
    • GUIZ49_261118's avatar
      GUIZ49_261118
      Icon for Nimbostratus rankNimbostratus
      Apr 26, 2016
      thanks for the reply it is really unfortunate that there is no document that cover LTM securtiy for lync :(