Hackers attack applications to disrupt availability, responsiveness, and reputation. F5 provides comprehensive application-centric security across layers 3 through 7 to consolidate firewall, application security, and traffic management functions. This protects data centers and application servers from attacks targeting the most common inbound protocols.
Spider & F5 Round Table - Application Centric SecurityTzoori Tamam
Hackers attack for various reasons like politics, money, fame or boredom. They target applications by disrupting availability, performance, and reputation. F5 provides comprehensive application-centric security across layers 3 to 7 to protect applications. It consolidates firewall, traffic management, and security functions into one platform and provides protections like DDoS mitigation, web application firewall, and IP intelligence to secure applications. F5's high-performance appliances are purpose-built to deliver carrier-grade reliability and scalability.
F5 Offers Advanced Web Security With BIG-IP v10.1DSorensenCPR
With the new v10.1 release of BIG-IP, F5 tackles existing and emerging web security threats, while optimizing web applications to enhance end-user experience. The new release enhances an IT staff’s operational efficiency, reduces security risks and associated litigation costs, while streamlining application delivery.
F5 Infosec Israel 2013 Application Centric SecurityTzoori Tamam
This document summarizes F5 Networks and their application-centric security solutions. F5 provides application delivery controllers and firewalls that consolidate network and security functions. Their solutions provide comprehensive protection for applications from layers 3 through 7, including firewalling, SSL inspection, traffic management, and web application security. They aim to gain visibility into application traffic and detect attacks while maintaining high performance and scalability.
FortiCloud is Fortinet's cloud-based solution for provisioning, managing, and analyzing security and wireless devices. It provides a single pane of glass to remotely manage FortiGate firewalls, FortiAP access points, and other Fortinet devices from any location without incurring additional expenses. FortiCloud offers zero-touch provisioning, integrated security policies and firmware updates, wireless settings management, and reporting and visibility capabilities to help organizations reduce costs, improve operations, and strengthen security across distributed networks.
This document summarizes the antivirus features of FortiGate, including proxy-based and flow-based scanning, file type filtering, heuristic analysis, file quarantine, anti-botnet protection, and integration with FortiSandbox and FortiCloud for advanced file analysis. FortiGate uses signatures, behavioral analysis, and emulation to detect known and unknown malware. It can draw from normal, extended, or extreme signature databases and supports various protocols. File scanning results are displayed on FortiGate and detailed analysis is available through FortiSandbox.
This document discusses strategies for reducing ransomware risks. It begins with a poll asking organizations about their ransomware experiences. It then discusses malware trends seen by the Cisco Talos threat intelligence team, including the continued prevalence of ransomware variants like Maze and Sodinokibi. The document outlines the basic process of how ransomware works and how it has evolved over time. It recommends high-level solutions like education, network segmentation, and planning to make lateral movement within networks harder for attackers.
Radware provides a hybrid web application protection solution including an on-premise WAF appliance and cloud-based WAF service. The solution offers complete coverage of the OWASP Top 10 vulnerabilities through negative and positive security models. Radware's WAF requires minimal manual configuration and provides automatic policy generation for fast time to protection against both known and unknown attacks. The cloud-based WAF service provides always-on DDoS and behavioral protection along with a fully managed web application security solution.
Spider & F5 Round Table - Application Centric SecurityTzoori Tamam
Hackers attack for various reasons like politics, money, fame or boredom. They target applications by disrupting availability, performance, and reputation. F5 provides comprehensive application-centric security across layers 3 to 7 to protect applications. It consolidates firewall, traffic management, and security functions into one platform and provides protections like DDoS mitigation, web application firewall, and IP intelligence to secure applications. F5's high-performance appliances are purpose-built to deliver carrier-grade reliability and scalability.
F5 Offers Advanced Web Security With BIG-IP v10.1DSorensenCPR
With the new v10.1 release of BIG-IP, F5 tackles existing and emerging web security threats, while optimizing web applications to enhance end-user experience. The new release enhances an IT staff’s operational efficiency, reduces security risks and associated litigation costs, while streamlining application delivery.
F5 Infosec Israel 2013 Application Centric SecurityTzoori Tamam
This document summarizes F5 Networks and their application-centric security solutions. F5 provides application delivery controllers and firewalls that consolidate network and security functions. Their solutions provide comprehensive protection for applications from layers 3 through 7, including firewalling, SSL inspection, traffic management, and web application security. They aim to gain visibility into application traffic and detect attacks while maintaining high performance and scalability.
FortiCloud is Fortinet's cloud-based solution for provisioning, managing, and analyzing security and wireless devices. It provides a single pane of glass to remotely manage FortiGate firewalls, FortiAP access points, and other Fortinet devices from any location without incurring additional expenses. FortiCloud offers zero-touch provisioning, integrated security policies and firmware updates, wireless settings management, and reporting and visibility capabilities to help organizations reduce costs, improve operations, and strengthen security across distributed networks.
This document summarizes the antivirus features of FortiGate, including proxy-based and flow-based scanning, file type filtering, heuristic analysis, file quarantine, anti-botnet protection, and integration with FortiSandbox and FortiCloud for advanced file analysis. FortiGate uses signatures, behavioral analysis, and emulation to detect known and unknown malware. It can draw from normal, extended, or extreme signature databases and supports various protocols. File scanning results are displayed on FortiGate and detailed analysis is available through FortiSandbox.
This document discusses strategies for reducing ransomware risks. It begins with a poll asking organizations about their ransomware experiences. It then discusses malware trends seen by the Cisco Talos threat intelligence team, including the continued prevalence of ransomware variants like Maze and Sodinokibi. The document outlines the basic process of how ransomware works and how it has evolved over time. It recommends high-level solutions like education, network segmentation, and planning to make lateral movement within networks harder for attackers.
Radware provides a hybrid web application protection solution including an on-premise WAF appliance and cloud-based WAF service. The solution offers complete coverage of the OWASP Top 10 vulnerabilities through negative and positive security models. Radware's WAF requires minimal manual configuration and provides automatic policy generation for fast time to protection against both known and unknown attacks. The cloud-based WAF service provides always-on DDoS and behavioral protection along with a fully managed web application security solution.
This document discusses advanced threat protection and sandboxing techniques. It summarizes that many breaches still come from older vulnerabilities even as new threats emerge. Sandboxing allows potentially malicious files and code to be executed and analyzed safely in an isolated virtual environment. This helps identify unknown threats that evade traditional defenses. The document advocates an integrated security approach using sandbox analysis to detect unknown threats, along with preventative defenses and updated intelligence to help mitigate risks and prevent future attacks.
This document provides an overview of the key features and capabilities of the FortiOS firewall, including policy management, network address translation (NAT), traffic support, hardware acceleration, identity-based policies, policy objects, and the policy table interface. Key capabilities include granular user and device-based policies, policy coloring and tagging, intelligent object searching, and hardware offloading for high performance packet processing.
This document provides an overview of the features included in FortiOS 5.2, including IPsec and SSL VPN capabilities, SSL offloading and inspection, and virtual desktop features for SSL VPN. Key capabilities mentioned are IPsec and SSL VPN configurations, customizable SSL VPN portals, application control and host checking for virtual desktops, and SSL traffic inspection options. Contact information is also provided for certified experts in Fortinet products.
RADAR - Le nouveau scanner de vulnérabilité par F-SecureNRC
F-Secure RADAR lance sur le marché français un scanner de vulnérabilité puissant et accessible à la fois qui vous permettra d'identifier et contrôler les failles de sécurité sur l'ensemble de votre infrastructure.
Grâce à F-Secure RADAR :
-Cartographiez vos dispositifs et réseaux en temps réel.
-Comprenez le niveau de risque.
-Suivez automatiquement les évolutions des risques.
-Générez des rapports détaillés et personnalisés.
Testez la solution gratuitement pendant 1 mois !
Latest Trends in Web Application SecurityCloudflare
Hear the talk on YouTube: https://www.youtube.com/watch?v=lp4dQTSH130
Web Application Firewall security is evolving. Join John Graham-Cumming, CTO of CloudFlare, as he shares the latest trends and changes in Web Application Security. This talk will give details of the big trends in web application security seen in 2015, and how to defend against these threats and talk about the evolving web application security landscape.
The enterprise perimeter is disappearing. Migration to the cloud means a more distributed network infrastructure. Transition of web based applications to the cloud renders on premise mitigation tools ineffective against web attacks and requires organizations to protect applications both on premise and in-the-cloud.
Introducing Radware's Hybrid Cloud WAF Service - a fully-managed, always on service that integrates cloud-based with on premise protection against a broad range of attack vectors.
Visit here http://www.radware.com/social/hybridcloudwaf/ to read "The Dawn of Hybrid Cloud WAF" and to learn how the industry's first hybrid cloud-based WAF service addresses today's most challenging web-based cyber-attacks.
FireSIGHT Management Center (FMC) slidesAmy Gerrie
The FireSIGHT Management Center (FMC) provides concise summaries of security events in 3 sentences or less by leveraging extensive network, endpoint, application and threat intelligence data. It improves security operations by reducing the number of tools needed to understand events, shortening the time to scoping and containment. The FMC also automates the correlation of critical events to identify indicators of compromise and focus security teams on remediation.
DDoS Threat Landscape - Ron Winward CHINOG16Radware
- DDoS attacks continue to grow in complexity and now utilize multi-vector attacks across all layers of the infrastructure. The top failure points for networks are internet pipe saturation and stateful firewalls.
- Common attack types include UDP, ICMP, reflection attacks, TCP weaknesses like SYN floods, low and slow attacks like Slowloris, and encrypted attacks such as HTTPS floods. Anonymous hacking tools enable these attacks.
- Successful mitigation of DDoS attacks requires proactive preparation across the network, including a hybrid solution of on-premise and cloud-based detection and mitigation, emergency response planning, and a single point of contact during attacks.
StealthWatch 6.5 is a significant release of the StealthWatch network monitoring software that features new security and flow analysis capabilities. It introduces an operational network and security intelligence dashboard for faster threat investigation. The release also includes user-defined threat criteria for more collaborative threat defense, an enhanced quick view of flow data, and integration with Palo Alto Networks firewalls for added context. StealthWatch Labs security updates provide detection of suspect and target data hoarding.
Preparing for the Imminent Terabit DDoS AttackImperva
The document discusses the growing threat of DDoS attacks and the need for resilient network protection. It notes that average attack sizes have grown to 10Gbps in 2013 and many recent attacks have exceeded 40Gbps. While botnets and open resolvers have not increased significantly, attackers are able to generate high volumes of traffic using a small number of "super resources." The document argues a terabit-level attack could occur within the next 1-3 years. It advocates for a cloud-based, scalable architecture with visibility across different asset types and rapid response capabilities. The document presents Incapsula as a solution offering application protection, DNS protection, and infrastructure protection against DDoS attacks.
This document discusses advanced threat protection and sandboxing techniques. It summarizes that many breaches still come from older vulnerabilities even as new threats emerge. Sandboxing allows potentially malicious files and code to be executed and analyzed safely in an isolated virtual environment. This helps identify unknown threats that evade traditional defenses. The document advocates an integrated security approach using sandbox analysis to detect unknown threats, along with preventative defenses and updated intelligence to help mitigate risks and prevent future attacks.
Cisco, Sourcefire and Lancope - Better TogetherLancope, Inc.
Technology overview for Sourcefire FireSIGHT and Lancope StealthWatch including:
• Core features and functionality
• Market positioning and differentiators
• Technology integration for effective incident response
SOPHOS presentation used during the SWITCHPOINT NV/SA Quarterly Experience Da...SWITCHPOINT NV/SA
Sophos provides cybersecurity solutions including next-generation firewalls, endpoint security, encryption, and more. The document discusses Sophos' approach to addressing advanced threats like ransomware through new products. Sophos Clean removes malware infections, Hitman Pro offers signatureless protection, and Sandstorm safely analyzes suspicious files in a sandbox before allowing or blocking them. These solutions aim to prevent ransomware infections and other advanced attacks through techniques like monitoring for suspicious file encryption activity and detecting exploits.
Zero Day Malware Detection/Prevention Using Open Source SoftwareMyNOG
Zero Day Malware Detection/Prevention Using Open Source Software – Proof of Concept
Fathi Kamil Mohad Zainuddin
Senior Analyst (Malware Research Centre, MyCERT)
Your network holds the key to defending your organization. The Cisco switches, routers, and wireless solutions you deploy can complement and empower your security systems. Cisco provides a broad portfolio of capabilities to improve your defenses across the entire attack continuum. This presentation outlines how you can use your network as a sensor to protect your data, your customers, and your reputation.
Register to Watch Webcast: http://cs.co/9003CRsH
Join the Conversation: http://cs.co/9008CRt6
Secure Your Apps with NGINX Plus and the ModSecurity WAFNGINX, Inc.
On-demand recording: https://nginx.webex.com/nginx/lsr.php?RCID=e62ece89fb21133d312f02af7be8e2c0
The NGINX Plus with ModSecurity WAF (web application firewall) protects your applications from a wide variety of threats, including DDoS and Layer 7 attacks. Improve application uptime, block malicious users, and log crucial data about suspicious transactions with this new offering from NGINX.
The NGINX Plus with ModSecurity WAF is built on a new architecture, offered first to NGINX Plus customers. Our new WAF will help you protect your site against top threats and comply with PCI-DSS Requirement 6.6.
Join us in this webinar to learn:
* The top security attacks against websites
* How much attacks are increasing and why
* How a WAF adds to your site's security protection
* How NGINX Plus with ModSecurity WAF works, in a live demo
Sophos Day Belgium - What's cooking in Sophos' Network Security Group?Sophos Benelux
During the Sophos Security Day Belgium, Chris McCormack showed the audience what Sophos has been working on in the field of Network Security products. Amongst other things, Sophos XG v16 was elaborately discussed.
Como hace una buena presentación en power pointCarla Lilibeth
Este documento ofrece consejos para hacer una buena presentación en PowerPoint, incluyendo mantener un tamaño y fuente adecuados en las diapositivas, organizar el contenido de manera sistemática y sencilla, evitar frases largas, y practicar antes de la presentación para estar preparado.
O documento resume a primeira unidade de um curso sobre tecnologias na educação. Os participantes foram divididos em grupos para pesquisar no Portal do Professor e apresentar seus achados utilizando recursos da internet. Eles devem entregar uma síntese da unidade por escrito e o documento encerra com um vídeo questionando o papel da tecnologia versus a metodologia no ensino e desejando a todos um feliz feriado.
This document discusses advanced threat protection and sandboxing techniques. It summarizes that many breaches still come from older vulnerabilities even as new threats emerge. Sandboxing allows potentially malicious files and code to be executed and analyzed safely in an isolated virtual environment. This helps identify unknown threats that evade traditional defenses. The document advocates an integrated security approach using sandbox analysis to detect unknown threats, along with preventative defenses and updated intelligence to help mitigate risks and prevent future attacks.
This document provides an overview of the key features and capabilities of the FortiOS firewall, including policy management, network address translation (NAT), traffic support, hardware acceleration, identity-based policies, policy objects, and the policy table interface. Key capabilities include granular user and device-based policies, policy coloring and tagging, intelligent object searching, and hardware offloading for high performance packet processing.
This document provides an overview of the features included in FortiOS 5.2, including IPsec and SSL VPN capabilities, SSL offloading and inspection, and virtual desktop features for SSL VPN. Key capabilities mentioned are IPsec and SSL VPN configurations, customizable SSL VPN portals, application control and host checking for virtual desktops, and SSL traffic inspection options. Contact information is also provided for certified experts in Fortinet products.
RADAR - Le nouveau scanner de vulnérabilité par F-SecureNRC
F-Secure RADAR lance sur le marché français un scanner de vulnérabilité puissant et accessible à la fois qui vous permettra d'identifier et contrôler les failles de sécurité sur l'ensemble de votre infrastructure.
Grâce à F-Secure RADAR :
-Cartographiez vos dispositifs et réseaux en temps réel.
-Comprenez le niveau de risque.
-Suivez automatiquement les évolutions des risques.
-Générez des rapports détaillés et personnalisés.
Testez la solution gratuitement pendant 1 mois !
Latest Trends in Web Application SecurityCloudflare
Hear the talk on YouTube: https://www.youtube.com/watch?v=lp4dQTSH130
Web Application Firewall security is evolving. Join John Graham-Cumming, CTO of CloudFlare, as he shares the latest trends and changes in Web Application Security. This talk will give details of the big trends in web application security seen in 2015, and how to defend against these threats and talk about the evolving web application security landscape.
The enterprise perimeter is disappearing. Migration to the cloud means a more distributed network infrastructure. Transition of web based applications to the cloud renders on premise mitigation tools ineffective against web attacks and requires organizations to protect applications both on premise and in-the-cloud.
Introducing Radware's Hybrid Cloud WAF Service - a fully-managed, always on service that integrates cloud-based with on premise protection against a broad range of attack vectors.
Visit here http://www.radware.com/social/hybridcloudwaf/ to read "The Dawn of Hybrid Cloud WAF" and to learn how the industry's first hybrid cloud-based WAF service addresses today's most challenging web-based cyber-attacks.
FireSIGHT Management Center (FMC) slidesAmy Gerrie
The FireSIGHT Management Center (FMC) provides concise summaries of security events in 3 sentences or less by leveraging extensive network, endpoint, application and threat intelligence data. It improves security operations by reducing the number of tools needed to understand events, shortening the time to scoping and containment. The FMC also automates the correlation of critical events to identify indicators of compromise and focus security teams on remediation.
DDoS Threat Landscape - Ron Winward CHINOG16Radware
- DDoS attacks continue to grow in complexity and now utilize multi-vector attacks across all layers of the infrastructure. The top failure points for networks are internet pipe saturation and stateful firewalls.
- Common attack types include UDP, ICMP, reflection attacks, TCP weaknesses like SYN floods, low and slow attacks like Slowloris, and encrypted attacks such as HTTPS floods. Anonymous hacking tools enable these attacks.
- Successful mitigation of DDoS attacks requires proactive preparation across the network, including a hybrid solution of on-premise and cloud-based detection and mitigation, emergency response planning, and a single point of contact during attacks.
StealthWatch 6.5 is a significant release of the StealthWatch network monitoring software that features new security and flow analysis capabilities. It introduces an operational network and security intelligence dashboard for faster threat investigation. The release also includes user-defined threat criteria for more collaborative threat defense, an enhanced quick view of flow data, and integration with Palo Alto Networks firewalls for added context. StealthWatch Labs security updates provide detection of suspect and target data hoarding.
Preparing for the Imminent Terabit DDoS AttackImperva
The document discusses the growing threat of DDoS attacks and the need for resilient network protection. It notes that average attack sizes have grown to 10Gbps in 2013 and many recent attacks have exceeded 40Gbps. While botnets and open resolvers have not increased significantly, attackers are able to generate high volumes of traffic using a small number of "super resources." The document argues a terabit-level attack could occur within the next 1-3 years. It advocates for a cloud-based, scalable architecture with visibility across different asset types and rapid response capabilities. The document presents Incapsula as a solution offering application protection, DNS protection, and infrastructure protection against DDoS attacks.
This document discusses advanced threat protection and sandboxing techniques. It summarizes that many breaches still come from older vulnerabilities even as new threats emerge. Sandboxing allows potentially malicious files and code to be executed and analyzed safely in an isolated virtual environment. This helps identify unknown threats that evade traditional defenses. The document advocates an integrated security approach using sandbox analysis to detect unknown threats, along with preventative defenses and updated intelligence to help mitigate risks and prevent future attacks.
Cisco, Sourcefire and Lancope - Better TogetherLancope, Inc.
Technology overview for Sourcefire FireSIGHT and Lancope StealthWatch including:
• Core features and functionality
• Market positioning and differentiators
• Technology integration for effective incident response
SOPHOS presentation used during the SWITCHPOINT NV/SA Quarterly Experience Da...SWITCHPOINT NV/SA
Sophos provides cybersecurity solutions including next-generation firewalls, endpoint security, encryption, and more. The document discusses Sophos' approach to addressing advanced threats like ransomware through new products. Sophos Clean removes malware infections, Hitman Pro offers signatureless protection, and Sandstorm safely analyzes suspicious files in a sandbox before allowing or blocking them. These solutions aim to prevent ransomware infections and other advanced attacks through techniques like monitoring for suspicious file encryption activity and detecting exploits.
Zero Day Malware Detection/Prevention Using Open Source SoftwareMyNOG
Zero Day Malware Detection/Prevention Using Open Source Software – Proof of Concept
Fathi Kamil Mohad Zainuddin
Senior Analyst (Malware Research Centre, MyCERT)
Your network holds the key to defending your organization. The Cisco switches, routers, and wireless solutions you deploy can complement and empower your security systems. Cisco provides a broad portfolio of capabilities to improve your defenses across the entire attack continuum. This presentation outlines how you can use your network as a sensor to protect your data, your customers, and your reputation.
Register to Watch Webcast: http://cs.co/9003CRsH
Join the Conversation: http://cs.co/9008CRt6
Secure Your Apps with NGINX Plus and the ModSecurity WAFNGINX, Inc.
On-demand recording: https://nginx.webex.com/nginx/lsr.php?RCID=e62ece89fb21133d312f02af7be8e2c0
The NGINX Plus with ModSecurity WAF (web application firewall) protects your applications from a wide variety of threats, including DDoS and Layer 7 attacks. Improve application uptime, block malicious users, and log crucial data about suspicious transactions with this new offering from NGINX.
The NGINX Plus with ModSecurity WAF is built on a new architecture, offered first to NGINX Plus customers. Our new WAF will help you protect your site against top threats and comply with PCI-DSS Requirement 6.6.
Join us in this webinar to learn:
* The top security attacks against websites
* How much attacks are increasing and why
* How a WAF adds to your site's security protection
* How NGINX Plus with ModSecurity WAF works, in a live demo
Sophos Day Belgium - What's cooking in Sophos' Network Security Group?Sophos Benelux
During the Sophos Security Day Belgium, Chris McCormack showed the audience what Sophos has been working on in the field of Network Security products. Amongst other things, Sophos XG v16 was elaborately discussed.
Como hace una buena presentación en power pointCarla Lilibeth
Este documento ofrece consejos para hacer una buena presentación en PowerPoint, incluyendo mantener un tamaño y fuente adecuados en las diapositivas, organizar el contenido de manera sistemática y sencilla, evitar frases largas, y practicar antes de la presentación para estar preparado.
O documento resume a primeira unidade de um curso sobre tecnologias na educação. Os participantes foram divididos em grupos para pesquisar no Portal do Professor e apresentar seus achados utilizando recursos da internet. Eles devem entregar uma síntese da unidade por escrito e o documento encerra com um vídeo questionando o papel da tecnologia versus a metodologia no ensino e desejando a todos um feliz feriado.
Registrations of new cars in the UK increased in December 2013 and for the year-to-date compared to the previous year. Ford, BMW, Mercedes-Benz, and Vauxhall saw the largest increases in December registrations of over 20%. Overall, total registrations increased by 23.76% in December and 10.77% for the year-to-date.
This document summarizes information about a farm and outdoor equipment retailer called Tractor Supply Company (TSC). It provides background on the company's founding in 1938, its employee training programs, stock price, and core values. It then discusses TSC's target market of hobby/recreational farmers, competitors, retail mix, SWOT analysis, key issues around its niche market, and potential alternatives like expanding its online presence, opening new locations, or developing private label brands.
eLearning Pioneers: Transforming Teaching and Learning In Saudia Arabia with ...Una Daly
The Open Education Consortium entered a partnership in 2015 with the National Center for e-Learning and Distance Education in Saudi Arabia to offer a year-long, comprehensive eLearning Pioneers Program. Motivations for forming this partnership included:
1. The Saudi Arabian Ministry of Education has a strong desire to expand access and enhance education through online and blended learning.
2. Saudi Arabian educators who want to teach online still face barriers due to assumptions that online teaching will be lower quality than traditional classroom teaching.
3. Cultural and religious restrictions on females can make online learning an attractive option for them.
4. Hosting institutions in the U.S. can benefit from having a cultural and information exchange with educators from another country.
The core of the program is built on sharing the principles of online learning in the U.S. and providing mentoring and internships to prepare female faculty and university leaders with skills in online and blending learning. Over forty participants from multiple universities and disciplines were nominated by their universities to learn and apply best online teaching techniques and practices and also interact in-person with U.S. faculty and administrators engaged in online learning at leading universities and colleges. Providing a strong foundation in eLearning tools and techniques, pedagogy, and learning theory the goal is for participants to bring back these new skills and strategies to better educate the Saudi population of girls and women.
Participants entered either a leadership or instructional cohort based on their university roles and mentoring, training, and summer internships were customized to support those roles.
Each participant developed a Personal Development Plan to capture their goals for the year-long program. These plans were reviewed with a mentor and updated throughout the year. Summer placements were provided at community colleges, state universities, and private colleges and universities in California, Massachusetts, and New Hampshire.
We will share participant reflections on different phases of the program as they progressed from personal development planning to earning an online teaching certificate, interacting with faculty and staff at U.S. colleges and universities, to implementing the new ideas back home.
This resume is for Deepa Shetty, who has over 5 years of experience in manual and automated software testing. She is looking for a challenging role in software testing and quality assurance. Some of her key qualifications and experiences include expertise in test case writing, database testing, working knowledge of tools like QTP and QFT, and experience in agile methodologies. Her most recent role was as an Associate Consultant at Capgemini working on automation testing for Experian using tools like QFT and Oracle.
El documento analiza 5 imágenes que expresan diferentes formas de decir "te quiero" sin palabras, como mostrar dolor por la ausencia de alguien, capturar momentos entrañables entre amigas, dar consejos de sonreír a pesar de sentirse mal, y abrazarse para transmitir afecto.
REDRAFT - Resume Martin Firth 2017-01-03Martin Firth
Martin Firth has over 35 years of experience providing business analysis, management, and transformation services. He has expertise in areas such as business process reengineering, change management, organizational design, and performance measurement. For the Canadian Food Inspection Agency, he worked on projects to develop an electronic risk assessment model and strategies for addressing antimicrobial resistance. He gathered requirements, consulted stakeholders, and helped develop strategies, policies, and performance metrics for these initiatives.
F5 GOV Round Table - Securing Application AccessTzoori Tamam
This document discusses how the F5 BIG-IP Access Policy Manager (APM) can be used to manage user access and applications. It provides examples of how APM can simplify VDI, enhance web access management, streamline Exchange, and consolidate app authentication through single sign-on. It also describes how APM can provide load balancing, access control, and reporting for Active Directory Federation Services and SAML federation.
The document outlines the roles and responsibilities of a Community Programs Coordinator position focused on schools and promotion. Key responsibilities include coordinating the AFL School Ambassador program, managing the SANFL school football competition zones and convenors, overseeing the Sporting Schools program, liaising with various school sporting associations, and planning promotional activities for SANFL programs.
El documento presenta una introducción a la musicoterapia, definiendo el término, explicando su historia y etiología, y detallando cómo se usa en diferentes contextos terapéuticos. También describe ejercicios prácticos de musicoterapia y los efectos psicológicos de diferentes tipos de acordes musicales.
Facilitating product discovery in e-commerce inventory, The Fifth elephant, 2016Ekta Grover
This document discusses facilitating product discovery in e-commerce. It outlines two specific problems with search: 1) cart abandonments due to popular sizes being out of stock and 2) handling special events which can generate huge demand not aligned with user intent. Solutions proposed include clustering sizes to factor availability into rankings, borrowing scores from related products for new items, understanding user segments through query analysis, and reverse engineering consumer preferences from web logs. The key themes are being metric driven, matching intent to product purpose, and segmenting customers to isolate trends.
The document provides branding guidelines for Hamleys, including instructions on proper usage of the Hamleys logo, color palette, fonts, and imagery. It outlines which logo versions to use based on background and size, and specifies that all externally-facing design must be approved by the Hamleys Design Team to ensure brand consistency. Examples of correct and incorrect usage of logos and mascots like William Hamley are displayed.
El 8 de marzo se celebra el Día Internacional de la Mujer para conmemorar la lucha histórica de las mujeres por la igualdad de derechos y su participación en la sociedad. En 1857, mujeres trabajadoras de Nueva York protestaron contra las malas condiciones laborales y los bajos salarios, dando inicio al movimiento. Más tarde, en 1908, 15.000 mujeres marcharon exigiendo el derecho al voto y mejores condiciones laborales. En 1975, las Naciones Unidas declararon oficialmente el 8 de marzo como Día Internacional de
España ha avanzado en educación inclusiva en las últimas décadas integrando a alumnos con necesidades educativas especiales en el sistema educativo ordinario. Se han aumentado los recursos para atender a estos alumnos y se usan los centros de educación especial solo cuando la educación ordinaria no es posible o aconsejable. Aún quedan retos como mejorar la inclusión en niveles educativos más avanzados y evitar cambios frecuentes en las leyes y normativas educativas.
HMT Machine Tools Ltd Ajmer Practical Summer Training PresentationSiddharth Bhatnagar
This presentation provides an overview of HMT Machine Tools Ltd. in Ajmer, India. It discusses the company's establishment, departments, manufacturing processes, products, achievements and customers. Key points include:
- HMT was established by the Indian government in 1953 and diversified into various industries over time. The Ajmer unit focuses on CNC grinding machines.
- Major departments include manufacturing, assembly, foundry, maintenance, inspection and HR.
- The foundry produces metal castings using processes like pattern making, sand moulding, and metal melting.
- Notable products are CGM-225, GTC28, and CGM-175 CNC grinding machines.
-
The document discusses accounting concepts and the accounting cycle. It defines accounting as a tool for decision making. It distinguishes between financial and management accounting based on their users. It also describes the key components of the accounting cycle including journalizing transactions, the general journal, debit and credit rules, and how the double-entry system ensures equal debits and credits.
F5 provides comprehensive application security and DDoS protection solutions. It uses a full proxy security architecture with hardware-based mitigation of DDoS attacks. The document describes F5's security architecture which includes perimeter network firewall services, DNS security, web application firewall, and DDoS protection across layers 3 to 7 using scrubbing centers and global points of presence. It also summarizes F5's routed and proxy configuration options for DDoS protection and provides details on its AttackView portal for attack visibility and mitigation configuration.
Plnog 3: Zbigniew Skurczyński - Wirtualizacja i optymalizacja infrastrukturyPROIDEA
This document discusses virtualization and optimization of infrastructure using F5 Networks products. It describes how F5 solutions can consolidate infrastructure, optimize application delivery across networks, and provide security, availability and visibility. Examples are given of how F5 virtualizes servers, storage, and data centers to improve performance, flexibility and efficiency.
Thinking about SDN and whether it is the right approach for your organization?Cisco Canada
Thinking about SDN and whether it is the right approach for your organization? Have you heard about Cisco’s Application Centric Infrastructure and F5 Synthesis yet? The path to radically simplify and accelerate application deployment and datacenter agility can be a phased approach that leverages your existing investment. Rapid delivery of applications to anyone, anywhere, at any time is complex—and many businesses struggle with it.
The document outlines an agenda for an F5 Synthesis Information Session. The agenda includes introductions, a discussion of Software Defined Application Services, reference architectures, total cost of ownership models, ecosystem partners, and global services. It also provides an overview of key technology challenges like mobility, cloud computing, threats, and the growth of software-defined networks and APIs.
This document provides an overview of denial of service attacks and service provider solutions from F5 Networks. It discusses how DNS protocols are commonly used in DDoS attacks and how F5 solutions can provide DNS firewalling, DDoS protection, and high performance DNS services. The document also summarizes how the F5 Advanced Firewall Manager (AFM) can mitigate DDoS attacks through detection, filtering, and dynamic blacklisting capabilities. Finally, it addresses challenges of IPv6 and the transition to IPv6 through integrated firewall and CGNAT solutions.
PLNOG15 :Scale and Secure the Internet of Things with Intelligent DNS ServicesPROIDEA
The document discusses the Internet of Things and how it is driving changes to network architectures. It covers using intelligent DNS services to securely scale networks for IoT use cases internally and externally. The topics of DNS security, user protection from protocol abuse, and the operational cost savings of a DNS firewall solution are summarized.
F5 provides both on-premises and cloud-based DDoS protection solutions. Their hybrid approach mitigates attacks at the network, transport, and application layers using hardware-accelerated detection and filtering of over 110 DDoS vector types. Key capabilities include comprehensive L3-L7 protection, multi-terabit cloud scrubbing, and integration of network firewall and web application firewall technologies to strengthen security and ensure application availability even during large DDoS attacks.
NGINX AppProtect is a web application firewall (WAF) module for NGINX Plus that provides security protections beyond just signatures. It offers a lightweight software package that can be installed on top of NGINX Plus and leverages F5's core WAF technology. NGINX AppProtect provides high performance, security protections beyond signatures, simple CI/CD integration, and is designed for modern infrastructures.
F5 Infosec Israel 2013 Locking the Door in the CloudsTzoori Tamam
F5 Networks is a leading provider of application delivery and security solutions with over $1.38 billion in revenue in 2012. They have over 3,000 employees globally including 120+ in Israel. Their products provide load balancing, traffic management, and proxy-based security. They can offload SSL processing and provide web application firewall capabilities. F5 also offers solutions for single sign-on and access control through their BIG-IP Access Policy Manager product which supports SAML for federated authentication. BIG-IP APM can consolidate authentication infrastructure and simplify remote access policies for organizations adopting cloud applications.
F5 Synthesis Toronto February 2014 Roadshowpatmisasi
February 2014 Update on F5 Synthesis Program, delivered by Pat Fiorino in Toronto at the Hockey Hall of Fame. Prepared for IT decision- makers and administrators.
В связи с завершением разработки Microsoft Forefront Threat Management Gateway (TMG) множество организаций, использующих или планировавших использовать TMG столкнулись с дилеммой: как и, более важно, что администраторы будут использовать для защиты своих приложений Microsoft, имеющих доступ в Интернет типа Exchange, SharePoint и Lync?
F5 Networks предлагает ответ на эти вопросы. Подробности описываются в данной презентации.
https://f5.com/solutions/enterprise/reference-architectures/intelligent-dns-scale
DNS is the backbone of the Internet. It allows humans to find domain names like www.f5.com instead of the numerical IP addresses web servers require. It is also one of the most vulnerable points in your network. DNS failures account for 41 percent of web downtime, so keeping your DNS available is essential to your business. F5 can help you manage DNS's rapid growth and avoid outages with end-to-end solutions that increase the speed, availability, scalability, and security of your DNS infrastructure. Plus, our solution enables you to consolidate DNS services onto fewer devices, which are easier to secure and manage than traditional DNS deployments
O Sophos XG Firewall traz uma nova abordagem na forma de gerenciar o seu firewall, responder às ameaças e monitorar o que acontece na sua rede. Prepare-se para um novo nível de simplicidade, segurança e percepção.
DDoS Mitigation on the Front Line with RedShieldSam Pickles
The document discusses DDoS mitigation strategies presented by Aura Information Security. It outlines common DDoS threats like NTP amplification attacks and application layer attacks. It then discusses the limitations of traditional firewalls and how the TMOS platform can better mitigate attacks through TCP proxying, behavioral analysis and interaction. The presentation concludes with an overview of Aura's DDoS reference architecture using F5 technology and their managed security services.
The document discusses how DNS is critical infrastructure for the internet but is facing increasing demands due to growth in internet-connected devices, mobile users, and cloud services. It notes that DNS performance, security from DDoS attacks, and high availability will be increasingly important. The document promotes F5 solutions for optimizing, securing, and scaling DNS to handle these rising demands.
Presentation network design and security for your v mware view deployment w...solarisyourep
This document discusses how F5 networks can provide network design and security solutions to optimize VMware View deployments. It highlights F5 and VMware's partnership, some common challenges with desktop virtualization like user experience and security, and how F5 solutions address these challenges through application delivery networking, simplified authentication, encryption, acceleration, load balancing and high availability. It provides an example architecture showing how F5 integrates with VMware View and concludes that F5 helps improve the user experience, unify security, scale deployments globally, and reduce costs for VMware View.
IBM InterConnect 2013 Cloud General Session: George KaridisIBM Events
SoftLayer is a global hosting provider that offers public, private, and hybrid cloud solutions through its standardized modular infrastructure platform. It has data centers in 13 locations around the world and a robust API that allows customers to automate provisioning and management of servers, storage, networking and other resources on its unified platform. SoftLayer serves over 21,000 customers across industries with a focus on providing flexible, on-demand computing infrastructure and services.
F5 iApps and iWorkflow provide abstraction of L4-7 configurations and services which results in faster time to value, faster time to change, and reduced operation risk. iWorkflow additionally provides service abstraction, tenant/provider models, and role-based access control. These tools can simplify integration and reduce deployment complexity.
Similar to F5 GOV Round Table - Application Centeric Security (20)
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
“An Outlook of the Ongoing and Future Relationship between Blockchain Technologies and Process-aware Information Systems.” Invited talk at the joint workshop on Blockchain for Information Systems (BC4IS) and Blockchain for Trusted Data Sharing (B4TDS), co-located with with the 36th International Conference on Advanced Information Systems Engineering (CAiSE), 3 June 2024, Limassol, Cyprus.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Infrastructure Challenges in Scaling RAG with Custom AI modelsZilliz
Building Retrieval-Augmented Generation (RAG) systems with open-source and custom AI models is a complex task. This talk explores the challenges in productionizing RAG systems, including retrieval performance, response synthesis, and evaluation. We’ll discuss how to leverage open-source models like text embeddings, language models, and custom fine-tuned models to enhance RAG performance. Additionally, we’ll cover how BentoML can help orchestrate and scale these AI components efficiently, ensuring seamless deployment and management of RAG systems in the cloud.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
GraphRAG for Life Science to increase LLM accuracyTomaz Bratanic
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
Building Production Ready Search Pipelines with Spark and MilvusZilliz
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
6. Full Proxy Security
Network
Session
Application
Web application
Physical
Client / Server
L4 Firewall: Full stateful policy enforcement and TCP DDoS mitigation
SSL inspection and SSL DDoS mitigation
HTTP proxy, HTTP DDoS and application security
Application health monitoring and performance anomaly detection
Network
Session
Application
Web application
Physical
Client / Server
7. Network
Session
Application
Web application
Physical
Client / Server
L4 Firewall: Full stateful policy enforcement and TCP DDoS mitigation
SSL inspection and SSL DDoS mitigation
HTTP proxy, HTTP DDoS and application security
Application health monitoring and performance anomaly detection
Network
Session
Application
Web application
Physical
Client / Server
Full Proxy Security
High-performance HW
iRules
iControl API
F5’s Approach
• TMOS traffic plug-ins
• High-performance networking microkernel
• Powerful application protocol support
• iControl—External monitoring and control
• iRules—Network programming language
IPv4/IPv6
SSL
TCP
HTTP
Optional modules plug in for all F5 products and solutions
APM
Firewall
…
Traffic management microkernel
Proxy
Client
side
Server
side
SSL
TCP
OneConnect
HTTP
8. CONSOLIDATE NETWORK AND SECURITY FUNCTIONS
Use case
• Consolidation of
firewall, app security,
traffic management
• Protection for data
centers and
application servers
• High scale for the
most common inbound
protocols
Before f5
with f5
Load
Balancer
DNS Security
Network DDoS
Web Application Firewall
Web Access
Management
Load
Balancer & SSL
Application DDoS
Firewall
9. CONSOLIDATE NETWORK AND SECURITY FUNCTIONS
Use case
• Consolidation of
firewall, app
security, traffic
• Protection for data
centers and
application servers
most common inbound
protocols
Before f5
with f5
Load
Balancer
DNS Security
Network DDoS
Web Application Firewall
Web Access
Management
Load
Balancer & SSL
Application DDoS
Firewall
10. Introducing F5’s Application Delivery Firewall
Aligning applications with firewall security
One platform
SSL
inspection
Traffic
management
DNS
security
Access
control
Application
security
Network
firewall
EAL2+
EAL4+ (in process)
DDoS
mitigation
11. • Provides comprehensive protection for all web
application vulnerabilities
• Delivers out of the box security
• Enables L2->L7 protection
• Unifies security and application delivery
• Logs and reports all application traffic and attacks
• Educates admin. on attack type definitions and examples
• Sees application level performance
• XML FW, L7 DOS, BruteForce and Web Scraping
• Application visibility and reporting
• FREE Vulnerability Scanning from Cenzic/WhiteHat
BIG-IP Application Security Manager
Powerful Adaptable Solution
13. DDoS MITIGATION
Application attacksNetwork attacks Session attacks
Slowloris, Slow Post,
HashDos, GET Floods
SYN Flood, Connection Flood, UDP Flood, Push and ACK
Floods, Teardrop, ICMP Floods, Ping Floods and Smurf Attacks
BIG-IP ASM
Positive and negative policy
reinforcement, iRules, full
proxy for HTTP, server
performance anomaly
detection
DNS UDP Floods, DNS Query
Floods, DNS NXDOMAIN Floods, SSL
Floods, SSL Renegotiation
BIG-IP LTM and GTM
High-scale performance, DNS
Express, SSL termination, iRules, SSL
renegotiation validation
BIG-IP AFM
SynCheck, default-deny posture, high-capacity connection table, full-
proxy traffic visibility, rate-limiting, strict TCP forwarding.
Packet Velocity Accelerator (PVA) is a purpose-built, customized
hardware solution that increases scale by an order of magnitude above
software-only solutions.
F5MitigationTechnologies
Application (7)Presentation (6)Session (5)Transport (4)Network (3)Data Link (2)Physical (1)
Increasing difficulty of attack detection
• Protect against DDoS
at all layers – 38 vectors
covered
• Withstand the
largest attacks
• Gain visibility and
detection of SSL
encrypted attacks
F5mitigationtechnologies
OSI stackOSI stack
Use case
14. DNS Security
• DNS Flooding
• UDP Flooding
• DNS Cache Poisoning
• DNS Spoofing
• DNS Tunneling
• Reflective DNS Attack
15. • Consolidated firewall
and DNS Service
• High
performance, scalable
DNS
• Secure DNS queries
DNS Security
Use case
with f5
Before f5
65,000 concurrent queries
?
http://www.f5.com
http://www.f5.com
• Cache poisoning
• DNS spoofing
• Man in the middle
• DDoS
16. • Consolidated firewall
and DNS Service
• High
performance, scalable
DNS
• Secure DNS queries
DNS Security
Use case
with f5
Before f5
65,000 concurrent queries
?
http://www.f5.com
http://www.f5.com
• Cache poisoning
• DNS spoofing
• Man in the middle
• DDoS
Secure and available DNS
infrastructure:
8 million concurrent queries
17. IP INTELLIGENCE
IP intelligence
service
IP address feed
updates every 5 min
Custom
application
Financial
application
Internally infected devices
and servers
Geolocation database
Botnet
Attacker
Anonymous
requests
Anonymous
proxies
Scanner
Restricted
region or
country
So one of F5's key differentiators and value-add with regard to security is the fact that we provide it on a full proxy architecture. And the value of a full proxy architecture for those who are not familiar can be analogous to the role that an escrow agent or an escrow officer might play in a real estate transaction. The reason for the escrow officer is to protect the buyer from the seller and the seller from the buyer by acting as an independent third party or a neutral third party to protect the buyer and the seller. And the role of this officer is also to inspect all elements of the transaction before allowing the transaction to be completed, safely and securely. And much in the same way F5's full proxy security looks and examines all elements within the OSI stack, because we are located at strategic points in the network and we are by nature inspecting that traffic, it allows us to understand what's happening and take action on that traffic, from an application perspective, from a session perspective and from a network session perspective, all throughout the stack. {NOTE TO SPEAKER: F5 Mitigation Technologies:Application: BIG-IP ASM:Positive and negative policy reinforcement, iRules, full proxy for HTTP, server performance anomaly detectionSession: BIG-IP LTM and GTM: high scale performance, DNS Express, SSL termination, iRules, SSL renegotiation validationNetwork: BIG-IP LTM: SynCheck, default-deny posture, high-capacity connection table, full proxy traffic visibility, rate-limiting, strict TCP forwarding. Network layer bullets:L4 Stateful firewall – including TCP checksum checks, fragmentation and reassemblyDDoS mitigationSession layer:SSL inspectionSSL DDoS attacksApplication Layer:OWASP top 10Application content scrubbing (S -> C)}
Because we are located in strategic points of the network, and because we do take a full proxy approach, performance is absolutely critical, because you can imagine all of the traffic traveling through this point being inspected. It must be done at very, very high rates of speed. Because F5 combines purpose-built software with purpose-built hardware, we're able to achieve and add multiple services on our intelligent services platform with minimal performance degradation, and we're able to do these at scale much higher, at a scale much higher than can be traditionally done with existing security solutions.
Unable to secure disperse web appsNo virtual WAF option for private cloud apps Replication of production environment complicated and cost-prohibitiveNeed to block app requests from countries or regions due to compliance restrictionsLimiting app. access based on location is a good practice to quickly reduce the attack sourcesScanner scans applications to identify vulnerabilities and directly configures BIG-IP ASM policies to implement a virtual patch that blocks web app attacksBIG-IP ASM is now importing vulnerabilities – not patches – (in v11), it effectively becomes a Vulnerability Management Tool along with being WAF. Obviously, the net effect is enabling very rapid response, particularly in the instance where you're waiting for the third-party vendor to patch the vulnerability.
If a client connection attempts to renegotiate more than five times in any 60 second period, that client connection is silently dropped.By silently dropping the client connection, the iRule causes the attack tool to stall for long periods of time, fully negating the attack. There should be no false-positives dropped, either, as there are very few valid use cases for renegotiating more than once a minute.The tool itself is about 700 lines of readable C code. Actually, it looks better than your typical hack-tool so I have to give “The Hacker’s Choice” props on their craftmanship. The attack tool ramps up to 400 open connections and attempts to do as many renegotiations on each connection as it can. On my dedicated test client, it comes out to 800 handshakes per second (or 2 per connection per second).Moment of IronyWhen you first run the tool against your BIG-IP virtual server, it might say “Server does not support SSL Renegotiation.” That’s because everyone, including F5, is still recovering from last year’s SSL renegotiation vulnerability and by default our recent versions disable SSL renegotiation. So in order to do any testing at all, you have to re-enable renegotiation. But this also means that by default, virtual servers (on 10.x) are already not vulnerable unless they’ve explicitly re-enabled renegotiation. The irony is that the last critical SSL vulnerability provides some protection against this new SSL vulnerability. The iRule CountermeasureEnter DevCentral. After setting up the attack lab, we asked Jason Rahm (blog) for his assistance. He put together a beautiful little iRule that elegantly defeats the attack. Its premise is simple:If a client connection attempts to renegotiate more than five times in any 60 second period, that client connection is silently dropped.By silently dropping the client connection, the iRule causes the attack tool to stall for long periods of time, fully negating the attack. There should be no false-positives dropped, either, as there are very few valid use cases for renegotiating more than once a minute.The iRulewhen RULE_INIT { set static::maxquery 5 set static::seconds 60 } when CLIENT_ACCEPTED { set rand [expr { int(10000000 * rand()) }] } when CLIENTSSL_HANDSHAKE { set reqno [table incr "reqs$rand"] table set -subtable "reqrate:$rand" $reqno "ignored" indefinite $static::seconds if { [table keys -count -subtable "reqrate:$rand"] > $static::maxquery } { after 5000 drop } } when CLIENT_CLOSED { table delete reqs$rand table delete –subtable reqrate:$rand –all } With the iRule in place, you can see its effect within a few seconds of the test restarting.Handshakes 2000 [0.00 h/s], 400 Conn, 0 Err Handshakes 2000 [0.00 h/s], 400 Conn, 0 Err Handshakes 2000 [0.00 h/s], 400 Conn, 0 Err Handshakes 2000 [0.00 h/s], 400 Conn, 0 Err Handshakes 2000 [0.00 h/s], 400 Conn, 0 ErrThe 400 connections each get their five renegotiations and then the iRule waits five seconds (to ack any outstanding client data) before silently dropping the connection. The attack tool believes the connection is still open, so it stalls. Note that the test had to be restarted, because the iRule doesn’t apply to existing connections when it’s attached to a virtual server. Take that into account if you are already under attack.Its understandable if you are thinking “that’s the coolest 20-line iRule I’ve ever seen, I wish I understood it better.” Jason also provided a visual workflow to elucidate its mechanics.iRule DDOS countermeasure workflowConclusionAt a meeting earlier this year here in Seattle we were talking about the previous Renegotiation flaw. The question was posed “What is the next vulnerability that we’re all going to slap our foreheads about?” This particular attack falls into that category. Its a simple attack against a known property of the protocol. Fortunately, BIG-IP can leverage its hardware-offload or use countermeasures like this iRule to counter the attack. There are two take-aways here: first, even long-established and reviewed protocols like SSL/TLS can be used against you and second, iRules are pretty sweet!And thanks again, to Jason Rahm for his invaluable assistance!