Post of the Week: Two-Factor Auth and SSO with BIG-IP
In this Lightboard Post of the Week, I answer a question about 2FA and SSO with AD/RSA on BIG-IP by creating a SSO Credential Mapping policy agent in the Visual Policy Editor, that takes the username and password from the logon page, and maps them to variables to be used for SSO services. Special thanks to senthil147for the question and a new 2018 MVP, MrPlastic (Lee Sutcliffe, which I flubbed) for the great answer. Posted Question on DevCentral: 2FA Authentication with SSO on APM ps1.2KViews0likes1CommentLightboard Lessons: What is a Proxy?
The term ‘Proxy’ is a contraction that comes from the middle English word procuracy, a legal term meaning to act on behalf of another. In networking and web traffic, a proxy is a device or server that acts on behalf of other devices. It sits between two entities and performs a service. Proxies are hardware or software solutions that sit between the client and the server and do something to requests and sometimes responses. In this Lightboard Lesson, I light up the various types of proxies. ps Related: Encrypted malware vs. F5's full proxy architecture The Concise Guide to Proxies The Full-Proxy Data Center Architecture Three things your proxy can't do unless it's a full-proxy Back to Basics: The Many Modes of Proxies1.1KViews0likes0CommentsLightboard Lessons: What is BIG-IP APM?
In this Lightboard, I light up some lessons on BIG-IP Access Policy Manager. BIG-IP APM provides granular access controls to discreet applications and networks supporting 2FA and federated identity management. You can also check out Chase's written article What is BIG-IP APM? ps Resources Getting Started with BIG-IP APM (Lesson 1) Getting Started with BIG-IP APM (Lesson 2) Getting Started with BIG-IP APM (Lesson 3) Configuring BIG-IP Access Policy Manager (APM)642Views0likes2CommentsPost of the Week: SAML IdP and SP on One BIG-IP
In this Lightboard Post of the Week, I answer a question about being able to do SAML IdP and SP on a single BIG-IP VE. Thanks to DevCentral Members hpr and Daniel Varela for the question and answer. +25 DC points for ya! Posted Question on DevCentral: https://devcentral.f5.com/s/questions/apm-ltm-121-saml-idp-and-sp-possible-in-one-ve-58114 If you got an answer you'd like lit up on the Lightboard, let us know in the comments! ps613Views0likes1CommentLightboard Lessons: What is BIG-IQ?
In this Lightboard Lesson, I light up many of the tasks you can do with BIG-IQ, BIG-IQ centralizes management, licensing, monitoring, and analytics for your dispersed BIG-IP infrastructure. If you have more than a few F5 BIG-IP's within your organization, managing devices as separate entities will become an administrative bottleneck and slow application deployments. Deploying cloud applications, you're potentially managing thousands of systems and having to deal with traditionally monolithic administrative functions is a simple no-go. Enter BIG-IQ. ps Related: What is BIG-IQ?584Views0likes0CommentsLightboard Lessons: Connecting Cars with BIG-IP
I light up how BIG-IP and Solace work together in a MQTT connected car infrastructure. ps Related: Using F5 BIG-IP and Solace Open Data Movement technology for MQTT message routing and delivery Lightboard Lessons: What is MQTT? Solace and F5: Partnering for Better IoT458Views0likes0CommentsThe DevCentral Chronicles Volume 1, Issue 4
If you missed our initial issues of the DC Chronicles, you can catch up with the links at the bottom. The Chronicles are intended to keep you updated on DevCentral happenings and highlight some of the cool content you may have missed since the last issue. Welcome! Like last month, we’re digging the OWASP Top 10 #Lightboard series from @JohnWagnon. He wrapped it up this month with numbers 9 & 10 - Using Components With Known Vulnerabilities and Insufficient Logging and Monitoring. To give you a sense of how these have been received, YouTube viewer Sanket Kamath says, ‘Thank you for the excellent overview for all of the OWASP Top 10 2017! John made it really easy to understand each of the 10 attacks with his explanation!’ Check out the entire playlist! Speaking of LightBoard Lessons, we had a few fantastic ones this past month. John took on lighting up the GitHub DDoS Attack and Explaining the Spectre and Meltdown Vulnerabilities while Jason gave us the OSI and TCP/IP Models and What Are Containers? I added SAML IdP and SP on One BIG-IP to round out our videos. On the Security front, we had a bunch of great articles covering a mess, and I mean a mess of stuff. The mess was some new vulnerabilities and our Security Researchers had the mitigations for many including Spring Framework Spring-Messaging Remote Code Execution (CVE-2018-1270), Drupal Core SA-CORE-2018-002 Remote Code Execution Vulnerability and Jackson-Databind - A Story of Blacklisting Java Deserialization Gadgets. We also learned how to Protect your AWS API Gateway with F5 BIG-IP WAF, how to configure F5 BIG-IP as an Explicit Forward Web Proxy Using Secure Web Gateway (SWG) and how to set up ADFS Proxy Replacement on F5 BIG-IP. The Cloud folks will love Lori’s Three Types of Load Balancing You Meet in the Cloud, DNS Admins will dig Eric’s Unbreaking the Internet and Converting Protocols and Coders will enjoy Jason’s Debugging API calls with the python sdk and Satoshi’s iControl REST Fine-Grained Role Based Access Control. And, we couldn’t let this Chronicle pass without mentioning an awesome @haveibeenpwned #Pwned Passwords Check #CodeShare from MVP Niels van Sluis. This snippet makes it possible to use @troyhunt ‘Pwned Passwords’ API to check if the password has been exposed. See it here: http://bit.ly/2GOhi1y And wrapping up, a wonderful contributor Daniel Varela is DevCentral's Featured Member for April and F5 Agility is coming to Boston, MA this August! As always, You can stay engaged with @DevCentral by following us on Twitter, joining our LinkedIn Group or subscribing to our YouTube Channel. Look forward to hearing about your BIG-IP adventures. ps Previous Volume 1, Issue 1 Volume 1, Issue 2 Volume 1, Issue 3371Views0likes0CommentsPost of the Week: BIG-IP Policy Sync
In this Lightboard Post of the Week, I light up the answer to a question about BIG-IP APM Policy Sync. Posted Question on DevCentral: https://devcentral.f5.com/s/questions/apm-policy-sync-56330 Thanks to DevCentral user Murali (@MuraliGopalaRao) for the question and special thanks to Leonardo Souza for the answer! ps Related: DevCentral’s Featured Member for May – NTT Security’s Leonardo Souza Manual Chapter:Synchronizing Access Policies352Views1like0CommentsLightboard Lessons: Service Consolidation on BIG-IP
The Consolidation of point devices and services in your datacenter or cloud can help with cost, complexity, efficiency, management, provisioning and troubleshooting your infrastructure and systems. In this Lightboard Lesson, I light up many of the services you can consolidate on BIG-IP. ps347Views0likes0Comments750th Blog Spectacular - Lessons of the LightBoard
I recently built out a LightBoard Studio for my home office so I can start contributing to the awesome LightBoard Lessons on DevCentral. These are short, informative videos explaining various technologies and often, how to implement on a BIG-IP system. Instead of writing on a whiteboard and looking over your shoulder into the camera as you explain something, Lightboards allow you to draw on and look through the crystal clear glass (into the camera) while discussing technical concepts. A transparent whiteboard. The LEDs that surround the glass accompanied with neon markers make the images pop. It’s pretty darn cool. So the story goes, a college professor was looking for a better way to deliver lessons to his students both on campus and online without a chalkboard. He called it the Learning Glass and now there are Lightboards all over the world, especially in universities. Incidentally, there is cool video of Picasso painting on glass from 1949. He had the right idea. You may have read or watched Jason & John’s Lightboard Lessons: Behind the Scenes and I wanted to report on my own experiences. First, I followed Jason’s bill of materials (except the camera) and it provides most everything you need to get started. I initially thought about a 3’ x 5’ pane of glass due to my smaller venue but couldn’t find an appropriate frame for that size. Well, to be clear, there may have been one but it was way outside my budget. I looked at various saw horses, ladder frames and other apparatus thinking I could ‘make’ something that could properly hold the glass in place. No dice. So I decided to go a little larger with the 4’ x 6’ size since there is a frame specifically built for this purpose. Rahm is correct about ordering the frame first since you’ll need to carefully measure the mounting holes so the glass can be drilled perfectly. It also takes a few weeks to order and have the glass delivered - at least in my area. This was fine since it allowed me to set up the other equipment like the lights, back drop and camera location. In addition, make sure you have the delivery folks help you place it on the frame…depending on the size, this is not a pick up and install yourself deal. The glass is large, heavy and certainly needs a few people to carry and properly align with the holes. Once the glass is installed (and cleaned) you can wrap the LEDs around the edge. There are a couple ways to go with this step. You could use large binder clips to hold the lights at the edge or, like Jason, I got 3/8” shower u-channels to go around the glass and hold the lights in place. Instead of silicon to hold the u-channel, I used clamp clips to hold the outer metal. This allows me to easily change and adjust the LEDs if needed. The Expo Neon markers do make a greasy mess and I’ve got the same Sprayway glass cleaner. I also got one of those magic erasers to help clean and old hotel room keys work well on dried ink. It’s not that difficult to have a clean slate but any smudges will certainly appear if it’s not sparkle-city. This week I’ll be moving around the lights and doing some test shots for audio and visual screen tests and look forward to publishing my first LightBoard Lesson very soon. Shooting for next week if all tests go well. I’m excited. It’s always been a dream of mine to have a home studio. Some guys want a man-cave, some want a game room, others a high end home theatre or a rack of computer equipment. Me? A studio. And for my 750th DevCentral article I wanted to say: Thanks Gang!! ps329Views0likes1Comment