Manual Chapter : Managing Device DoS Configurations in Shared Security

Applies To:

Show Versions Show Versions

BIG-IQ Centralized Management

  • 7.1.0
Manual Chapter

Managing Device DoS Configurations in Shared Security

About device DoS configurations

You use the Device DoS Configurations screens to manage the device DoS configuration on the BIG-IP devices.
  • To review or edit a BIG-IP device DoS configuration, click the name of the BIG-IP device for that DoS configuration.
  • To enable Device DoS logging and create the needed configuration objects, click the check box to the left of the devices and click
    Configure DoS Logging
    . Once you enable and deploy this feature, the BIG-IP devices send DoS logging events to Data Collection Devices which can then be viewed on the BIG-IQ Centralized Management system. You view these events using the
    Monitoring
    EVENTS
    DoS
    screens.
  • To disable DoS logging, click the check box to the left of the devices and click
    Disable DoS Logging
    .
  • To copy a DoS configuration from one BIG-IP device to another, click the check box to the left of the device to copy from and click
    Copy
    . Then, in the Copy Device DoS Configuration dialog box, select the devices to which the configuration should be copied.
    The BIG-IP device versions must be the same for the device being copied from and the one or more devices to which the configuration are being copied.

Edit device DoS configurations

You can view and edit device DoS configuration properties using the Device DoS Configuration Properties screen to better protect your systems against DoS attacks.
  1. Click
    Configuration
    SECURITY
    Shared Security
    DoS Protection
    Device DoS Configurations
    .
  2. In the Device DoS Configurations screen, click the name of the device configuration to view or edit.
  3. From the
    Log Publisher
    list, specify whether to use a log publisher, and if so, which one.
  4. Below the
    Log Publisher
    list, there might be a threshold field, depending on the version of BIG-IP device you are managing.
    • If you are managing a BIG-IP device version earlier than version 12.1, there is no threshold field.
    • If you are managing a BIG-IP device version 12.1.x, you can use the
      Auto Threshold Sensitivity
      field to select a sensitivity value between 1 - 100.
    • If you are managing a BIG-IP device version 13.0.x or later, you can use the
      Threshold Sensitivity
      field to select the sensitivity.
  5. In the Network Security Dynamic Signatures area, select the settings for dynamic signatures. This setting is available only for BIG-IP devices version 13.0 or later.
    1. Specify the
      Enforcement
      setting for Network Security dynamic signatures.
      • To enable enforcement of dynamic DoS vectors, select
        Enabled
        . When enforcement is enabled, all thresholds and threshold actions are applied. Enabling enforcement displays additional options.
      • To apply no action or thresholds to dynamic vectors, select
        Disabled
        .
      • To track dynamic vector statistics, without enforcing any thresholds or limits, select
        Learn-Only
        .
    2. Specify the
      Mitigation Sensitivity
      for dynamic signatures.
    3. In the
      Redirection/Scrubbing
      setting, select whether to enable redirection and scrubbing of IP addresses identified by dynamic vectors. This enables handling of the dynamic vector hits by an IP intelligence category. Enabling redirection and scrubbing displays additional options.
    4. In the
      Scrubbing Category
      setting, select the IP intelligence blacklist category to which scrubbed IP addresses are sent.
    5. In the
      Scrubbing Advertisement Time
      setting, type the duration in seconds for which an IP address is added to the blacklist category.
  6. In the DNS Security Dynamic Signatures area, select the settings for DNS Security dynamic signatures. This setting is available only for BIG-IP devices version 13.0 or later.
    1. Specify the
      Enforcement
      setting for dynamic signatures.
      • To enable enforcement of dynamic DoS vectors, select
        Enabled
        . When enforcement is enabled, all thresholds and threshold actions are applied. Enabling enforcement displays additional options.
      • To apply no action or thresholds to dynamic vectors, select
        Disabled
        .
      • To track dynamic vector statistics, without enforcing any thresholds or limits, select
        Learn-Only
        .
    2. Specify the
      Mitigation Sensitivity
      for dynamic signatures.
  7. In the Attack Types Category area, click the category row to expand it so you can view or modify attack types within the category.
  8. In the Attack Types list, click the name of an attack type to modify its properties. Note that some properties are read-only.
  9. When you are finished modifying an attack type, click
    OK
    to save your changes to that attack type.
  10. When you are finished modifying all attack types for the BIG-IP device, save your changes.
  11. When you are finished modifying all attack types for the BIG-IP device, save your changes.

Copy device DoS configurations

You enable device DoS event logging using the the devices displayed in the list. When enabled, you can view these device DoS events using the
Monitoring
EVENTS
DoS
screens.
  1. Click
    Configuration
    SECURITY
    Shared Security
    DoS Protection
    Device DoS Configurations
    .
    The Device DoS Configurations screen opens.
  2. To copy a DoS configuration from one BIG-IP device to another, click the check box to the left of the device to copy from and click
    Copy
    .
    The Copy Device DoS Configuration dialog box opens.
  3. In the dialog box, select the devices to which the configuration should be copied and click
    OK
    .
    The BIG-IP device versions must be the same for the device being copied from and the one or more devices to which the configuration is being copied.
The device DoS configuration is copied to the one or more other devices.

Configure device DoS event logging

You enable device DoS event logging using the the devices displayed in the list. When enabled, you can view these device DoS events using the
Monitoring
EVENTS
DoS
screens.
  1. Click
    Configuration
    SECURITY
    Shared Security
    DoS Protection
    Device DoS Configurations
    .
    The Device DoS Configurations screen opens.
  2. To enable logging of device DoS events, click the check box next to the device to configure, and click
    Configure DoS Logging
    .
    To disable logging of device DoS events, click the check box next to the device to configure, and click
    Disable DoS Logging
    .
The DoS Logging Configuration dialog box opens so that you can begin the configuration process.
Review the information about the configuration process before continuing. This is described in the
Monitoring DoS events
topics in
F5 BIG-IQ Centralized Management: Monitoring and Reporting
on
support.f5.com
.