Security Guru Question

We are using the ASM module for our web application to help protect common web security vulnerabilities (i.e OWASP).

 

 

During web penetration and vulnerabiltiy assessment, would you recommend that we turn on or off the ASM? What is a good strategy?

 

 

Thanks.

Another question, what is a good strategy for creating a baseline profile/policy for the ASM?

We are designing a small cloud infrastructure with F5 LB, thought of taking this opportunity to clarify below security concerns:

 

 

1. We'll have multiple customers with source overlapping IPs

 

Is it secure enough to create a VLAN in LTM or do we need separate route domains (for route domains is partitioning required)

 

 

2. What are the hardware based limitation for above if we choose F5 LTM models

 

 

3. If it's a VLAN segregation, can a server from one vlan communicate to other.

 

We would like to understand what are the security problems for other customers when a server from any of the configured customer is compromised.

 

 

4. If there is a DoS attack to one of the customer servers, is it going to affect the performance of entire LB (we do not plan to limit the connections per virtual server)

 

Is Viprion the only alternative to keep other customers unaffected.