FFIV-networks: The white knight against virus attack in cyber war
kaeseotto : FFIV-networks: The white knight against virus attack in cyber war
Artikel kann auch auf www.f5.com nachgelesen werden, dann sieht man auch die schoenen Bilder, die leider beim Kopieren des Textes verloren gingen.
A Counter Defense To Denial of
Service Attacks and Other Cyber
The number of organizations integrating web-based applications within their
business systems continues to increase -- as is the reliance of consumers
who want a safe, secure, and reliable environment to do e-Business. The
recent Denial of Service attacks that have drawn national headlines symbolize
the need for networks to shore up their sites in order to handle the onslaught
of legitimate new users - but also to protect their sites from cyber-terrorists
whose only goal is to wreck havoc.
Clearly, businesses must reevaluate their network security strategy in order to
adapt to 1) an open computing environment and 2) protect against the
unsavory part of the population which this open environment has attracted. As
such, many F5 customers are realizing the added security benefits of using
the BIG/ip Controller, a unique high availability, intelligent load balancing
product which also includes a number of built-in features designed to heighten
network security and provide protection of servers and devices against
BIG/ip Controller: Value-Added Security
BIG/ip comes standard with numerous security features to protect your site,
Firewall capable. The BIG/ip Controller uses packet filtering to limit or deny
access to and from servers. You can specify rules, which allow or deny
access based on the source IP address of the packet, the destination IP
address, the source port number, the destination port number (for protocols
that support ports), or even the packet type (UDP, TCP, ICMP, etc). This
feature significantly heightens network security and gives you the flexibility to
restrict access on a very granular basis.
Stringent access control. The BIG/ip Controller is configured to allow only
specific types of traffic to pass through to the servers by granting or denying
ports on BIG/ip and Virtual Servers. A Virtual Server is a specific combination
of virtual addresses and virtual ports. Types of traffic that have not been
defined as allowed to pass through BIG/ip will be denied. This yields
extremely tight security, since only the traffic that you specify is allowed to
pass through BIG/ip.
Secure Administration. The BIG/ip Controller's default configuration only
allows encrypted administration traffic into the device.
Its web-based configuration tool uses SSL and Access Control Lists to
provide secure real-time configuration
BIG/ip command line interface via F-Secure SSH client supports
remote encrypted login and file transfer from most commercial UNIX
platforms, Windows 95, NT, and Mac operating systems
BIG/ip command line interface includes a VGA or serial console with
Resists Common Attacks
BIG/ip is a default deny device that resists common attacks in the following
Thwarts Denial of Service attacks (reaps idle connections)
Thwarts IP spoofing (performs source route tracing)
Resists unacknowledged SYN without ACK buffers (thwarts SYN
Thwarts teardrop and land attacks
Protects itself and servers from ICMP attacks
Does not run SMTPd, FTPd, Telnetd, or any other attackable daemons
Uses packet filtering to limit or deny access to and from Internet sites
based on monitoring the traffic source, destination and port
Uses Secure Remote administration based on secure shell (SSH) for
command line or SSL for browser-based management
In addition, BIG/ip is inherently secure and averts common threats without the
need to purchase additional security devices.
BIG/ip's security report identifies any services and ports that receive illegal
access attempts by monitoring the:
IP address - source IP address of attacker
Frequency - amount of attempts
Port - which port(s) was hit
This information can help you identify security holes in your network and
identify the source of potential attackers. Additionally, access to BIG/ip can
be controlled on any interface. By default, BIG/ip denies access unless types
of specific traffic are enabled. This allows BIG/ip to be dynamic addition to a
site's overall security.
Port Mapping and Network Address Translation (NAT)
BIG/ip can be configured to map a single port into multiple ports. Well known
ports such as 80, 443, 20, 21 can be mapped to any port on the actual
servers. In addition, BIG/ip can translate addresses of the servers behind it to
addresses that are advertised to the outside world. These security features
provide several benefits, including:
Greater security by making it difficult for intruders to identify what
services are running on which port.
Uses non-publicly routed addresses - Using BIG/ip, Internet routable IP
addresses can be saved, thereby reducing consumption of IP
Addresses of the servers behind BIG/ip are never exposed to the
outside world, reducing the chance of hackers gaining access to your
Secure Network Address Translation
BIG/ip also features Secure Network Address Translation (SNAT). This
provides servers with a secure outbound connection to the Internet, or to an
internal server array through a load balanced virtual server.
Firewall Load Balancing
Transparent proxy firewalls are a relatively recent generation of firewalls that
give Intranets the protection of a firewall, while providing internal users
transparent access to the Internet. Due to the growing use of these
transparently configured firewalls, and the inherent need to provide high
availability and scalability to these devices, BIG/ip again is increasingly being
deployed as a solution.
BIG/ip uses a feature called Transparent Node Mode. When enabled, it allows
BIG/ip to work with various devices, such as transparent firewalls. This feature
makes these firewalls more reliable and more scalable. The load balancing
functions of Transparent Node Mode simultaneously functions with BIG/ip's
normal load balancing intelligence. Additionally, BIG/ip can be configured in
front of an array of transparently configured firewalls and an array of Intranet
servers - all at the same time.
BIG/ip tests specific IP address and port combinations to determine if a
firewall is functioning properly. BIG/ip will make a non-transparent request to
the network device. The Extended Content Verification (ECV) feature of BIG/ip
can be used to increase the accuracy of these tests. If a firewall does not
respond to a predetermined amount of time, BIG/ip directs requests to other
devices instead. This delivers high availability to users, who will seamlessly
be redirected to a properly functioning firewall.
Transparent Node Load Balancing/High Availability on the BIG/ip Controller
offers many benefits for businesses. It provides full scaling of firewall solutions
that is not limited by the exchange of agent traffic between multiple firewalls.
It provides high availability and intelligent load balancing for any Intranet web
servers or other backbone or DMZ servers, while allowing them to stay
securely inside your network.
Additionally, the BIG/ip Controller supports a multitude of different firewall
vendor devices, which assists a business in migrating to new firewall
technology in the future. It also allows for implementation of diverse parallel
security, as opposed to serially linked firewall devices.
The Transparent Node Load Balancing/High Availability also adds to the
increased security that BIG/ip already brings to the network, further
supercharging its network-security functionality.
Figure 1: Firewall load balancing/high availability with redundant
Transparent Device Persistence - Firewall Sandwich
In situations where BIG/ip is accepting connections for virtual servers from
more than one device, such as firewalls, routers, or caches, it may be
desirable to send the return data back through the same device from which
the connection originated. This can be used to spread the load among
outbound devices, or to assure that connections go through the same device,
such as a proxy, cache, firewall, or VPN router. You can do this by defining a
pool that contains the list of devices from which the connections are received,
and then associating the pool with a virtual device using the lasthop keyword.
Figure 2: Transparent Device Persistence (Firewall Sandwich)
The BIG/ip Controller, an extremely robust and flexible product, enriches your
network security by cooperatively working with firewall products, router ACLs,
mail filters, and content filters. While F5 does not actively market the BIG/ip
Controller as a firewall or security device, many customers are using its
numerous security features to provide a highly scalable, available and secure
Internet site - more important than ever given recent events.
furby : Hi kaeseotto: verdoppeln wär auch schon nicht schlecht
kaeseotto : F5 ist die internet highway patrol
cisco ist unbestritten ein hervorragendes Unternehmen.
Aber, und das sehe ich sehr unemotional, f5 wird momentan mit einem zu deutlichen Abschlag gegenueber seinen Konkurrenten gehandelt.
f5 wird bis Ende 2000, und dies habe ich bereits schon mehrfach gepostet, einen Kurs von 750 $ - 1000 $ haben. Und in 2-3 Jahren wird die Marktkapitalisierung bei 100 Mrd $ gegenueber 2 Mrd $ liegen.
tgk1 : Hallo kaeseotto
Die Börse ist manchmal paradox, was bei F5 abging, die ein wirklich phenomenales Ergebnis hingelegt haben, ist mir absolut unverständlich!
War ein Split erwartet worden? Ziehen sie nach, Cisco splittet auch?
kaeseotto : TGK, FFIV zieht jetzt wieder an!
Soweit ich mich noch daran erinnere, hat der CEO in einem Interview gesagt, dass er dem Board einen Aktiensplitt vorschlagen wird.
Das momentan kein Splitt bekannt gegeben worden ist, hat fuer mich keinen allzugrossen Einfluss auf den Aktienkurs.
Woanders zieht man shorties als Begruendung fuer den Kursverfall bzw. Insiderverkaeufe heran. (alles sehr schleierhaft)
Fazit: Abwarten und Tee trinken.
Schau dir Sycomore, Juniper Networks, Akamai und Cisco an.
Mach eine Aufstellung von Umsatz, Umsatzwachstum, Boersenkapitalisierung, Gewinn, KGV.
Dann kommst du zu dem einen Ergebnis: F5 strong buy.
tgk1 : Hallo käseotto, hab die Aufstellung schon gemacht
kaeseotto : Ausserdem, kann der Kurs jetzt nur noch steigen, weil
Auch die Kraefte der schwarzen Magie sind auf unserer Seite.
Vielleicht sollten wir in Deutschland auch wieder ein paar alte Riten
aufleben lassen, und Verkaeuferinnen von Cisco Produkten als Hexen
Dann sieht die Welt in Kuerze schon ganz anders aus.
kaeseotto : Von der HV in Seattle
From the meeting
When asked about a potential stock split Hussey commented that
the goal for the stock is to become less volatile but that a split at
the current $100 level is not likely. Hussey commented on the
future potential growth potential based upon the expected growth
in the industry(currently a $200 million dollar market / analysts
estimate that market will expand to well over 1 billion in less than
two years / he also commented that these level are very
conservative and many analysts are projecting the market for F5's
products and their competitors to be in the 3 to 4 billion dollar
range within three years)! This company's potential has been
grossly underestimated. Their products are going head to head
with Cisco's, Radware's, and Alteon's and winning(producing
sales) 9 out of every 10 times. F5's products are far superior to
any in the industry and other companies are taking notice. Hussey
commeted that Cisco has approached F5 in an attempt to
develop an industry standard for content management and traffic
solutions. Others are taking notice of F5's superior products and
services and now have over 1300 customers compared to 1100
less than a month ago!
Roundmaker : Wenn nur die Hälfte der prognostizierten Zahlen zur Realität werden -
tgk1 : Neu BIG-IP-Version rausgekommen, einfach GENIAL
F5 Networks' Industry Leading BIG-IP Dramatically Raises the Bar for Network
Security, High Availability and Load Balancing for Internet Traffic and Content
SEATTLE--(BUSINESS WIRE)--Feb. 22, 2000--
BIG-IP continues to sweep the market as the
superior product that helps keep business-critical
e-Business sites always available, fast and secure
F5 Networks, Inc., (NASDAQ:FFIV), the leading provider of Internet traffic and content management (iTCM) products,
today announced the release of version 3.0 of the Company's flagship product, the BIG-IP(R) Controller.
BIG-IP offers unparalleled Internet traffic and content controls that allow enterprises to deliver the highest quality of
service to their users through their web sites. BIG-IP is designed to provide a new level of fault tolerance for Internet
sites by shielding users from system failure and optimizing response times to user requests and data flow. BIG-IP was
recently honored as the industry's Best Internet Product by the Washington Software Alliance.
"This latest version of BIG-IP is another example of how F5 rewards its customers by enabling them to easily take
advantage of many advanced new features at no extra charge," said Steve Goldman, Senior Vice-President of Sales,
Marketing, and Services at F5 Networks. "BIG-IP has quickly gained broad acceptance in the market, not only by many
large enterprises, but also by the leading ASPs, ISPs, and network equipment manufacturers. This is primarily because
BIG-IP is the most mature and sophisticated product of its kind and is designed to easily integrate into any network
The new version of BIG-IP delivers the markets most sophisticated and comprehensive traffic and content control
features, enabling maximum flexibility for enterprises to best service their users' requests. This unprecedented level of control allows businesses to
optimize backend resources within their Internet infrastructure and helps ease complicated network management issues. BIG-IP's key new intelligent traffic
and content controls include: -- Enhanced Reliability and Availability -- BIG-IP now includes a
mode called Active-Active, which allows e-Businesses to take full
advantage of traffic throughput for two BIG-IP controllers,
simultaneously. When engaged, Active-Active ensures that
identical information is shared by both BIG-IP Controllers. Not
only are single points of failure removed from the network, both
controllers help to increase site performance and capacity
because each controller is literally "sharing the load." -- Intelligent Traffic Control -- Making load balancing decisions
based on only a few traffic factors is the equivalent of Internet
'tunnel vision.' To better service their customers and prospects,
e-Businesses need to see greater detail -- and control a
wider-range of traffic. BIG-IP contains new methods of
intelligent traffic control, including transparent device
persistence, cookie persistence (hash option), HTTP header load
balancing, and more -- giving e-Businesses nearly unlimited
flexibility and manageability over the flow of IP-based traffic. -- Service Level Differentiation (HTTP Header Load Balancing) -- To
make more granular and intelligent load balancing decisions,
BIG-IP uses information such as HTTP header or IP address to
determine where a customer request should be sent. BIG-IP can
identify specific traffic based on HTTP header information, then
direct that traffic to a set of servers or devices that can best
service the request. For example, BIG-IP can recognize whether a
customer is "gold" (a frequent buyer) or "bronze" (only an
occasional buyer). A "gold" customer's service request can be
load balanced to a pool of servers reserved for similar high
priority customers -- ensuring that these "paying" customers
receive the best service possible. -- Value-Added Security -- BIG-IP comes standard with numerous
security features to provide a highly scalable, available, and
secure Internet site for both internal and external applications.
BIG-IP can be used to balance both inbound and outbound traffic
for devices like firewalls, caches, or routers. It enables
stringent access control, secure administration, and helps resist
common attacks. For example, BIG-IP provides an additional
safeguard for threats such as denial of service (DoS) attacks
where Internet servers are maliciously bombarded with
About F5 Networks
F5 Networks is a leader in Internet Traffic and Content Management products. The Company's integrated suite of high-performance products automatically
and intelligently manage Internet traffic and content to improve the availability and performance of mission-critical Internet servers and applications. F5
Networks helps companies avoid the risk of being burdened with ill-performing networks that do not meet end user expectations, while enabling network
administrators to better control and predict the performance of their infrastructure. F5 Networks' products are designed to provide a new level of fault
tolerance by shielding users from system failure; optimizing response times to user requests and data flow; and cost-effectively managing an
organization's Internet infrastructure. The company is headquartered in Seattle, Washington, and has offices in Atlanta, Boston, Chicago, Dallas,
Columbus, Los Angeles, New York, San Francisco, Toronto, Washington, D.C., Australia, Hong Kong, Japan, The Netherlands, Singapore, Sweden and
the United Kingdom. F5 Networks is located on the web at www.f5.com.