F5 APM - Configuring Host Checking
Teleworking
is used a lot these days due to Coronavirus. There
are lots of companies that have configured SSL VPN services for
employees to work from home. In fact, I worked a lot last week to
configure a SSL VPN service where users can access to the office’s
computer from home. It is a secure web portal where users log in with
the corporate credentials and, once inside the web portal, there is a
bookmark which
is used to access to the office’s computer. I’ve configured LDAP
Authentication, LDAP Query and
SSO in this web portal.
However,
security
is really important. We don’t know if users’ computers, which are
in their house, are compromised. Therefore, security measures should
be applied in the SSL VPN. For instance, we only allow Windows
computers which have an antivirus enabled as well as firewall enabled.
Nevertheless,
there are no security checks for Linux computers. There are many more
security measures which can be applied for improving the security of
SSL VPN services such as 2 Factor Authentication (2FA), checking
updated antivirus, etc.
Regards
my friends! Have
you configured host checking in your SSL VPN?
Hi David,
RépondreSupprimerI saw your video. I'm planning to utilize APM and was wondering? can I check if the employee machine is domain joind or not? I only want domain joind users to access the web portal.
Thanks
Hi,
RépondreSupprimerI think so. You can add LDAP/AD Search to check if the employee's computer is in the LDAP/AD.
Regards.
David.
Thanks, really appreciate your reply. Will let you know if things worked with me or not.
RépondreSupprimerBuenas,
RépondreSupprimerMe gustaria saber lo siguiente a ver si me puedes ayudar:
F5 puede detectar por medio de hostchecker si dispone el puesto de agente EDR o XDR, en mi caso concreto seria la detección de CORTEX de Palo Alto
Un saludo.
Buenas Alejandro,
RépondreSupprimerSí que puedes comprobar el software instalado en el lado del cliente.
Saludos.
david.