DevCentral Top 5: Sep 8, 2014

But soft!  What light through yonder window breaks?  It is the east, and this week's edition of the DevCentral Top 5 is the sun.  Yep, you guessed it.  The top 5 is back...but unlike Shakespeare's Romeo and Juliet, this is no tragedy.  Rather, it's a celebration of the most awesome articles you'll read anywhere on the Internet.  Our DevCentral authors have been writing with freakish speed and determination, and they have turned out quality articles that are simply second to none.  Choosing only five articles was a tough task given all the great content out there, but here's my take on the top articles since our last posting.

 

F5 SOC Malware Summary Report: Neverquest

I literally could have chosen five Lori MacVittie articles for this "top 5" but I resisted the urge and only chose one.  In this article, Lori explains the details of a Trojan known as "Neverquest" that has been active since July 2013.  Most of us get that warm, fuzzy, secure feeling when using 2-factor authentication because, you know, it's got 2 factors!  Maybe automated malware has a shot at cracking one factor, but two?  No way.  Well, apparently Neverquest has found a way to automate the demise of our beloved 2FA.  Lori does a magnificent job of explaining how Neverquest works, and then she discusses the amazing work that was completed by our F5 Security Operations Center in their analysis of this malware (in case you didn't know, F5 has a Security Operations Center that analyzes malware like this and provides amazing reports that are free for anyone to read).  Lori provides links to the downloads of the executive summary as well as the full technical analysis of Neverquest.  This one is not optional...if you care about anything at all, you gotta read this one.

 

Leveraging BIG-IP APM for seamless client NTLM Authentication

Michael Koyfman reminds us why we love the BIG-IP APM...transparent seamless authentication for users.  In this article, Michael specifically discusses how to configure the APM to perform client NTLM authentication and use it in the context of sending a SAML assertion to the Office 365 service.  This is a step-by-step masterpiece that shows you exactly what to do at every turn.  In the end, you point your browser to the FQDN of the APM virtual server and you will be silently authenticated (let's be honest...silent authentication is a bucket-list item for each and every one of us).  Michael also reminds us of the SSO options at the end of his article.

 

Webshells

Nir Zigler introduces us to Webshells (web scripts that act as a control panel for the server running them), and talks about some of the common uses for these scripts.  But you know the story...scripts that were created for good can also be used for evil.  After Nir explains all the valid uses for legitimate webshells, he takes us to a place where mere mortals dare not tread...through a webshell attack.  He gives us an overview of how a webshell attack works, and then he explains some of the specific tools that are used for these nefarious actions.  After walking through the power and functionality of an open source webshell called b374k, Nir shows how this tool can be used to attack an unsuspecting user.  But have no fear!  Nir finishes up the article by discussing the power of the BIG-IP ASM and how it will detect and prevent webshell attacks.

 

Continuing the DDoS Arms Race

How long have DDoS attacks been around, and why are they still news today?  Because they are consistently one of the top attack vectors that companies face today.  Shauntine'z discusses the DDoS arms race and provides some poignant statistics that remind us of the very real and credible DDoS threat.  But the article doesn't stop there...it goes on to provide some excellent tips on what to do to strengthen your DDoS defense posture (it even has a well-placed picture of Professor John Frink...you gotta check this one out).  Last, Shauntine'z reveals new features that are loaded in the latest release of the BIG-IP...version 11.6.  The AFM and ASM have some new and exciting capabilities that are "must haves" for any company that is serious about securing their applications and critical business functions.

 

(Editors note: the LineRate product has been discontinued for several years. 09/2023)

Why ECC and PFS Matter: SSL offloading with LineRate 
We all know that sensitive data traverses our networks every day.  We also know it's critically important to secure this information.  We also know that SSL/TLS is the primary method used to secure said information.  Andrew Ragone discusses SSL offloading and tells us why Elliptical Curve Cryptography (ECC) and Perfect Forward Secrecy (PFS) are great candidates for securing your information.  He highlights the advantages of the software based LineRate solution, and gives great examples of why LineRate is the clear-cut winner over any existing software-based or hardware-based SSL/TLS offload solutions.  Andrew also published another series of articles related to this very topic, and in these articles he walks you through the exact steps needed to configure SSL certificates and offload SSL on LineRate.  On that subject...if you haven't had a chance to check out LineRate and learn all about the awesomeness that it is, do yourself a favor and visit 

 

Updated Sep 26, 2023
Version 2.0
No CommentsBe the first to comment