Manual Chapter : Adding domains for Man in the Middle detection

Applies To:

Show Versions Show Versions
Manual Chapter

Adding domains for Man in the Middle detection

Before adding domains for Man in the Middle (MITM) detection, you should create a mobile security anti-fraud profile.
Add domains for MITM detection if you want to define domains that will be checked for DNS Spoofing and Certificate Forging on customer devices.
Do not use MITM detection to check the authenticity of the BIG-IP system. Instead, use the SSL Trust API, as described in
F5 MobileSafe Deployment Guide
.
  1. On the Main tab, click
    Security
    Fraud Protection Service
    Anti-Fraud Profiles
    .
    The Anti-Fraud Profiles screen opens.
  2. In the Anti-Fraud Profiles screen, click the mobile security anti-fraud profile in the profiles list.
    The Anti-Fraud Profile Properties screen opens.
  3. In the Anti-Fraud Configuration area, click
    Mobile Security
    .
    The list of Mobile Security configuration options appear.
  4. In the list of Mobile Security configuration options, click
    Man in the Middle Detection
    .
    The Man in the Middle Detection configuration options appear.
  5. Ensure that the
    Enabled
    check box for
    Man in the Middle Detection
    is selected.
  6. Click the
    Add
    button to add a domain.
    The Add Domain pop-up screen appears.
  7. For DNS Spoofing Detection, add the following information:
    • Domain Name
      : The domain name (FQDN) of the server you want to be checked.
    • IP Address Range
      : The BIG-IP system checks if the domain name you assigned is within the IP address range you assign here. An exact IP address is also permitted.
    • Score
      : The score assigned if the domain does not resolve to the IP address. If this score and the Certificate Forging score together are greater than the alert threshold, an alert is sent to to the FPS dashboard.
  8. For Certificate Forging Detection, when initially creating the anti-fraud profile assign a temporary value for the
    Hash
    setting and a risk score (default is 20).
    After running the MobileSafe® SDK for the first time with a valid domain, the FPS dashboard will receive an alert with the real
    Hash
    value. Once this alert is received, enter this value to activate Certificate Forging detection.
    The value that you assign for the
    Score
    setting is added to the DNS Spoofing score if the
    Hash
    value does not match the corresponding calculated value. If the Certificate Forging score and DNS Spoofing score together are greater than the alert threshold, an alert is sent to the FPS dashboard.
  9. Click
    Add
    in the Add Domain pop-up screen.
    The domain you defined is added to the Domains List.
  10. Click
    Save
    .
    The anti-fraud profile is updated with the changes you made.