F5 SSL Everywhere
3ztjr
3ztjr
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
RECOMMENDED PRACTICES<br />
<strong>F5</strong> <strong>SSL</strong> <strong>Everywhere</strong><br />
Contents<br />
Introduction 3<br />
About the acronyms <strong>SSL</strong> vs. TLS 4<br />
Deployment Scenarios 4<br />
Deployment scenario: Inbound enterprise applications 5<br />
Deployment scenario: Inbound retail data center 5<br />
Deployment scenario: Inbound <strong>SSL</strong> pass-through 6<br />
Deployment scenario: Outbound <strong>SSL</strong> visibility 6<br />
A recommended security posture 6<br />
Fine-Tuning Data Protection 8<br />
A primer on <strong>SSL</strong> cipher strings 8<br />
Transformational services 13<br />
Client certificates 19<br />
<strong>SSL</strong> failover options 22<br />
Cipher agility 25<br />
Key Management 28<br />
Certificate expiration notification 29<br />
Use the certificate manager role 30<br />
Key protection 31<br />
Revocation verification 34<br />
Visibility and Control 42<br />
<strong>SSL</strong> and the OWASP Top Ten 42<br />
<strong>SSL</strong> outbound visibility 43<br />
Mitigating brute force attacks 47<br />
Instrumentation: The <strong>SSL</strong> statistics panel 50<br />
Conclusion 52<br />
2