Forum Discussion
GUIZ49_261118
Nimbostratus
NimbostratusLTM reverse proxy for Lync security capabilities
Hello we are planning to use LTM as reverse proxy for lync mobile, however I can't find any document explaining how LTM is making lync more secure, is LTM able to detect DDOS attack and to prevent account lockout? Thanks for your help
Hello,
In fact, you are able to do reverse proxy (full proxy capabilities - tcp connection on each side not correlated)
You can add some offloading for error messages from the lync servers, you can add some security headers, you can restrict access to some specific uri and using irules you can protect against account lockout. (irule from devcentral named Lync_NTLM_Stalker_v1)
You can also protect against L3 to L7 DDoS attacks.
But, I don't remember that there is any official documentation explaining how to secure Lync services.
So, you can do plenty of things using the BIG-IP for SFB architectures
Yann_Desmarest_Nacreous
Hello,
In fact, you are able to do reverse proxy (full proxy capabilities - tcp connection on each side not correlated)
You can add some offloading for error messages from the lync servers, you can add some security headers, you can restrict access to some specific uri and using irules you can protect against account lockout. (irule from devcentral named Lync_NTLM_Stalker_v1)
You can also protect against L3 to L7 DDoS attacks.
But, I don't remember that there is any official documentation explaining how to secure Lync services.
So, you can do plenty of things using the BIG-IP for SFB architectures
GUIZ49_261118hi Yann thanks for your reply -can i have more details about how we can protect again L£ to L& DDOS attacks using LTM ?- Yann_Desmarest_You can use ASM with its L7 DDoS profiles. For L3-4 DDoS protection, you can use AFM or take advantages of the out of the box LTM features. You have options on the system section, on the TCP profile, you can also implement rate limiting on the Virtual Server, there is many ways to do the job. By design, the LTM is able to protect against network DoS attacks, by adding ASM, you add a protection against web based DoS attacks like HeavyURLs or HTTP flooding
- GUIZ49_261118thanks for the reply it is really unfortunate that there is no document that cover LTM securtiy for lync :(
Yann_DesmarestCirrus
Hello,
In fact, you are able to do reverse proxy (full proxy capabilities - tcp connection on each side not correlated)
You can add some offloading for error messages from the lync servers, you can add some security headers, you can restrict access to some specific uri and using irules you can protect against account lockout. (irule from devcentral named Lync_NTLM_Stalker_v1)
You can also protect against L3 to L7 DDoS attacks.
But, I don't remember that there is any official documentation explaining how to secure Lync services.
So, you can do plenty of things using the BIG-IP for SFB architectures
- GUIZ49_261118hi Yann thanks for your reply -can i have more details about how we can protect again L£ to L& DDOS attacks using LTM ?
- Yann_DesmarestYou can use ASM with its L7 DDoS profiles. For L3-4 DDoS protection, you can use AFM or take advantages of the out of the box LTM features. You have options on the system section, on the TCP profile, you can also implement rate limiting on the Virtual Server, there is many ways to do the job. By design, the LTM is able to protect against network DoS attacks, by adding ASM, you add a protection against web based DoS attacks like HeavyURLs or HTTP flooding
- GUIZ49_261118thanks for the reply it is really unfortunate that there is no document that cover LTM securtiy for lync :(