On the night of December 13, 2018, the HTTP and HTTPS online services of a number of Domestic banks were attacked mainly from overseas addresses. Domestic telecom operators in the first place for port 80 and blocking port 443 CC attack, be attacked effectively protect the financial customer link, but even after the operators further filter, there are still many data center attack reach the bank, in its external WEB server CPU utilization, response speed is reduced, The normal access of domestic users is affected. F5 Advanced WAF(API Security – next generation WAF) security policies proved to be very effective in defending users against DDoS attacks. Here is Wu Jingtao, CHIEF technology officer of F5, to share some innovative ideas of F5 for security protection from the perspective of application.
F5 Advanced WAF(API Security – the next generation OF WAF) provides many other security protection advantages, among which the one-click protection function is the most suitable for users. Since the transition between offense and defense is often a matter of minutes, customers need to have a very fast tool to deal with it. Obviously, it’s too late to build a DevOps model for the development department to change, because the code needs to be validated, tested, and evaluated before it goes live. Therefore, the best solution is to automatically modify and configure, but most customers do not allow automatic switching, so F5 launched a “one-click switch” function to help customers quickly respond, very well to meet the user’s application availability, security, visualization and automation improvement and other needs.
From the perspective of enterprise customers, it is a long process to fight against DDoS attacks, and attack methods and tools will be constantly updated. So how can we make ourselves invincible? F5 gives four suggestions.
The first suggestion is that users need to realize that network attack and defense and compliance are two different things. Security deployment should not aim at compliance, but attack and defense should be the priority.
The second suggestion is not to put all the security defense capabilities in the full automatic security mode. From another point of view, automatic also means security risks, and the best way to deal with it is to do controllable risk management.
Third, choose the transparent mode and Bypass mode carefully. A lot of customers are attacked because of these two modes. The ultimate goal of today’s DDoS attacks is not to cripple services, but to cover up criminals stealing core data as if they were in no man’s land after thoroughly penetrating the transparent mode and Bypass mode. The solution for F5 is to build a super-flexible all-agent architecture that does modern offensive and defensive processing.
Fourth, you need to change the unified security policy. For critical applications, configure security policies based on the traffic in different gray scales after classifying the traffic. F5 Advanced WAF(API Security – a new generation of WAF) security protection strategy + service attack and defense model has been proved to be effective by many users, for reference.
“Attack and defense is the first goal, and flow is the way to achieve it. “What F5 wants to achieve is a complete security system based on one-click operation of machine learning, rather than automatic operation.” Wu Jingtao concluded.