From F5 BIG-IP Local Traffic Manager 11.x Security Technical Implementation Guide
Part of SRG-NET-000230-ALG-000113
Associated with: CCI-001184
Authenticity protection provides protection against man-in-the-middle attacks/session hijacking and the insertion of false information into sessions.
Verify the BIG-IP Core is configured to protect the authenticity of communications sessions. Navigate to the BIG-IP System manager >> Local Traffic >> Profiles >> SSL >> Client Verify a profile exists that is FIPS compliant. Select FIPS-compliant profile. Select "Advanced" next to "Configuration". Verify "Ciphers" under "Configuration" section is configured to use FIPS-compliant ciphers. Verify the BIG-IP Core is configured to use FIPS-compliant profile: Navigate to the BIG-IP System manager >> Local Traffic >> Virtual Servers >> Virtual Servers List tab. Select Virtual Server(s) from the list that the LTM module is managing the Client SSL side traffic. Verify under "Configuration" section, that FIPS-compliant profile is in the "Selected" area for "SSL Profile (Client)". If the BIG-IP Core is not configured to protect the authenticity of communications sessions, this is a finding.
Configure BIG-IP Core to protect the authenticity of communications sessions.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer