F5 Logo MyF5
Search
  1. MyF5 Home
  2. F5 Fraud Protection Service: BIG-IP Configuration
  3. Configuring a Mobile Security Anti-Fraud Profile
  4. Overview: Configuring a mobile security anti-fraud profile
  5. Adding domains for Man in the Middle detection
Manual Chapter : Adding domains for Man in the Middle detection

Applies To:

Show Versions Show Versions

BIG-IP FPS

  • 17.1.0, 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.0
Manual Chapter

Adding domains for Man in the Middle detection

Before adding domains for Man in the Middle (MITM) detection, you should create a mobile security anti-fraud profile.
Add domains for MITM detection if you want to define domains that will be checked for DNS Spoofing and Certificate Forging on customer devices.
Do not use MITM detection to check the authenticity of the BIG-IP system. Instead, use the SSL Trust API, as described in
F5 MobileSafe Deployment Guide
.
  1. On the Main tab, click
    Security
    Fraud Protection Service
    Anti-Fraud Profiles
    .
    The Anti-Fraud Profiles screen opens.
  2. In the Anti-Fraud Profiles screen, click the mobile security anti-fraud profile in the profiles list.
    The Anti-Fraud Profile Properties screen opens.
  3. In the Anti-Fraud Configuration area, click
    Mobile Security
    .
    The list of Mobile Security configuration options appear.
  4. In the list of Mobile Security configuration options, click
    Man in the Middle Detection
    .
    The Man in the Middle Detection configuration options appear.
  5. Ensure that the
    Enabled
     check box for
    Man in the Middle Detection
     is selected.
  6. Click the
    Add
     button to add a domain.
    The Add Domain pop-up screen appears.
  7. For DNS Spoofing Detection, add the following information:
    • Domain Name
      : The domain name (FQDN) of the server you want to be checked.
    • IP Address Range
      : The BIG-IP system checks if the domain name you assigned is within the IP address range you assign here. An exact IP address is also permitted.
    • Score
      : The score assigned if the domain does not resolve to the IP address. If this score and the Certificate Forging score together are greater than the alert threshold, an alert is sent to to the FPS dashboard.
  8. For Certificate Forging Detection, when initially creating the anti-fraud profile assign a temporary value for the
    Hash
     setting and a risk score (default is 20).
    After running the MobileSafe® SDK for the first time with a valid domain, the FPS dashboard will receive an alert with the real
    Hash
     value. Once this alert is received, enter this value to activate Certificate Forging detection.
    The value that you assign for the
    Score
     setting is added to the DNS Spoofing score if the
    Hash
     value does not match the corresponding calculated value. If the Certificate Forging score and DNS Spoofing score together are greater than the alert threshold, an alert is sent to the FPS dashboard.
  9. Click
    Add
     in the Add Domain pop-up screen.
    The domain you defined is added to the Domains List.
  10. Click
    Save
    .
    The anti-fraud profile is updated with the changes you made.
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information