sunhux
asked on
Hardening for F5 products esp F5 WAF App Security Manager
CIS has hardening guides for various Windows, UNIXes and Cisco switches/routers.
There are hardening guides for Juniper as well.
Now our Audit wants a hardening guide for WAF : we use F5.
Q1:
Can anyone point me to such a hardening guide for F5 WAF?
Q2:
if there's none, any link/authoritative guide indicating it's been
sufficiently hardened (as it's an appliance customized from RHEL 5?)
will be appreciated.
Need a good justification why we don't have hardening guide in place
for F5 WAF
There are hardening guides for Juniper as well.
Now our Audit wants a hardening guide for WAF : we use F5.
Q1:
Can anyone point me to such a hardening guide for F5 WAF?
Q2:
if there's none, any link/authoritative guide indicating it's been
sufficiently hardened (as it's an appliance customized from RHEL 5?)
will be appreciated.
Need a good justification why we don't have hardening guide in place
for F5 WAF
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Found 3 links that's what I'm looking for:
https://devcentral.f5.com/questions/big-ip-device-hardening-
https://support.f5.com/csp/article/K13092
https://devcentral.f5.com/questions/bigip-hardening
https://devcentral.f5.com/questions/big-ip-device-hardening-
https://support.f5.com/csp/article/K13092
https://devcentral.f5.com/questions/bigip-hardening
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
For author advice
ASKER
A question is raised what are the pre-hardening that F5 has done out-of-the-box for this F5 ASM (our model is 4200).
Any doc / links on this?
Any doc / links on this?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
For author advice
ASKER
of WAF supported by F5 is one of the latest : it's common that many
appliances are customized from older base OS. I've not heard of
F5 WAF/GTM/LTM that's based on RHEL7, has anyone?
So long as the principal (in this case F5) supports it, that's what matters.
In fact, a number of PABX/voice recorders are based on RHEL5 too.
I know one McAfee NSM appliance was still based on Windows 2003
& McAfee supports it