Applies To:Show Versions
- 17.1.0, 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.0
Adding domains for
Man in the Middle detection
- On the Main tab, click.The Anti-Fraud Profiles screen opens.
- In the Anti-Fraud Profiles screen, click the mobile security anti-fraud profile in the profiles list.The Anti-Fraud Profile Properties screen opens.
- In the Anti-Fraud Configuration area, clickMobile Security.The list of Mobile Security configuration options appear.
- In the list of Mobile Security configuration options, clickMan in the Middle Detection.The Man in the Middle Detection configuration options appear.
- Ensure that theEnabledcheck box forMan in the Middle Detectionis selected.
- Click theAddbutton to add a domain.The Add Domain pop-up screen appears.
- For DNS Spoofing Detection, add the following information:
- Domain Name: The domain name (FQDN) of the server you want to be checked.
- IP Address Range: The BIG-IP system checks if the domain name you assigned is within the IP address range you assign here. An exact IP address is also permitted.
- Score: The score assigned if the domain does not resolve to the IP address. If this score and the Certificate Forging score together are greater than the alert threshold, an alert is sent to to the FPS dashboard.
- For Certificate Forging Detection, when initially creating the anti-fraud profile assign a temporary value for theHashsetting and a risk score (default is 20).After running the MobileSafe® SDK for the first time with a valid domain, the FPS dashboard will receive an alert with the realHashvalue. Once this alert is received, enter this value to activate Certificate Forging detection.The value that you assign for theScoresetting is added to the DNS Spoofing score if theHashvalue does not match the corresponding calculated value. If the Certificate Forging score and DNS Spoofing score together are greater than the alert threshold, an alert is sent to the FPS dashboard.
- ClickAddin the Add Domain pop-up screen.The domain you defined is added to the Domains List.
- ClickSave.The anti-fraud profile is updated with the changes you made.