Help
Technical Articles
F5 SMEs share good practice.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

HTTP Brute Force Mitigation Playbook: Overview - Chapter 1

AaronJB
F5 SIRT
F5 SIRT

‎10-Apr-2020 16:03 - edited ‎17-Apr-2022 07:52

Overview

When we talk about Brute Force attacks, we usually tend to think about a malicious actor using a script or botnet to inject credentials into a login form in order to try to brute force their way past an authentication mechanism, but that is far from the only kind of brute force attack we see in the wild today, with attacks against API endpoints becoming increasingly common as traditional web development gives way to an API-centric, cloud-driven microservices model alongside moves to federated authentication for services like Office 365. While many of these moves are great for scalability and accessibility, they also open up an increasingly large attack surface that malicious actors are beginning to take advantage of.

In this document, we aim to show you some of the BIG-IP tools and techniques available to mitigate brute force attacks against your organisation, as well as sample configurations you can use as a basis for part of your security configuration.

Introduction

In this series of articles we will show you the BIG-IP tools and techniques you can leverage to understand, classify and mitigate brute force attacks using:

  • BIG-IP AVR Analytics
  • BIG-IP LTM, iRules and Local Traffic Policies
  • BIG-IP ASM with
  • ASM Brute Force protections
  • Bot Defence Fingerprinting (TLS Fingerprinting & HTTP Fingerprinting)
  • L7DoS protections

We will cover the following kinds of Brute Force attack:

  • Attacks against traditional HTML form-based authentication pages
  • "Low and slow" attacks against form-based authentication or other form-based submissions
  • API attacks against authenticated and non-authenticated API endpoints
  • Outlook Web Access/Outlook 365 authentication brute force attacks

All configuration examples and suggested mitigation methods will be based on features available in BIG-IP 14.1 and later, and at the end of this document you will find an Appendix with example configurations summarised and presented for easy deployment.

Chapters

  • Bad Actor Behaviours and Gathering Statistics using BIG-IP LTM Policies, iRules and BIG-IP AVR | Chapter 2
  • BIG-IP LTM Mitigation Options for HTTP Brute Force Attacks | Chapter 3
  • Protecting HTML Form Based Authorization using ASM | Chapter 4
  • Using the Bot Profile for Brute Force Mitigation | Chapter 5
  • Slow Brute Force Protection Using Behavioural DOS | Chapter 6
  • Appendix
Labels:
Version history
Last update:
‎17-Apr-2022 07:52
Updated by:
F5 SIRT
Copyright © 2023 Khoros, LLC