Last week we talked about WebSafe and how it can help protect against phishing attacks with a little piece of code. This is important since malware can steal credentials from every visited web application from an infected machine. This time we’re going to look at how to protect against credential grabbing on a BIG-IP APM login page with WebSafe encryption layer.
You’ll need two modules for this, BIG-IP APM and of course, WebSafe Fraud Protection Service. The goal is to protect the laptop from any malware that grabs sensitive login credentials. In this case, the malware would be configured to grab the login page along with the username and password parameter fields. Command and control could also be set to retrieve any credentials from the infected machine at certain intervals, like every 5 minutes.
The first goal would be to encrypt the password. Within your BIG-IP admin GUI, you would navigate to Security>Fraud Protection Service> Anti-Fraud Profiles>URL List. APM’s logon page usually ends with ‘/my.policy’.
Create then click that URL to open the configuration page and enable Application Layer Encryption.
And select the Parameters tab to configure the fields you want to protect. In this case it is password and username.
In the screen grab, you can see ‘Obfuscate’ is selected and to both ‘Encrypt’ and ‘Substitute Value’ for the password field.
And if the malware also grabs the password, since we set that to encrypt, all they get is useless information.
At this point, the BIG-IP will decrypt the password and pass on the traffic to appropriate domain controller for verification. This is a great way to protect your login credentials with BIG-IP. If you’d like to see a demonstration of this, check out F5’s Security Specialist Matthieu Dierick’s demo video. Pretty cool.