Web Sarfe Anual V 1 0

F5 Virtual Environment
Using F5 WebSafe for Fraud Protection

Document version 11.6.0.04

Written for: TMOS Architecture v11.6.0
VMware Workstation 10.0.0 or VMware Fusion 6.0.3
Virtual images:
BIGIP-11.6.0.0.0.401.ALL-scsi.ova
BIGIP-11.6.0.0.0.401.iso
Hotfix-BIGIP-11.6.0.4.0.420-HF4.iso
LAMP_3.4
Alert_Server
Windows_7_VMW or Windows_7_VMF

NOTE: The F5 vLab (virtual lab environment) is an F5-community supported tool.
Please DO NOT contact F5 Support for assistance with the vLab. For help with the setup of the vLab
or running a demonstration, you should contact your F5 Channel Account Manager (CAM).
F5 Worldwide Field Enablement

Learn More, Sell More, Sell Faster

Last Updated: 6/08/2015

2014 F5 Networks, Inc. All rights reserved. F5, F5 Networks, and the F5 logo are trademarks of F5 Networks, Inc. in the U.S. and in
certain other countries. Other F5 trademarks are identified at f5.com.

Any other products, services, or company names referenced herein may be trademarks of their respective owners with no endorsement or
affiliation, express or implied, claimed by F5.

These training materials and documentation are F5 Confidential Information and are subject to the F5 Networks Reseller Agreement. You
may not share these training materials and documentation with any third party without the express written permission of F5.

The F5 vLab (virtual lab environment) is an F5-community supported tool. Please DO NOT contact F5 Support for assistance with the vLab.
For help with the setup of the vLab or running a demonstration, you should contact your F5 Channel Account Manager (CAM).
Introduction
TABLE OF CONTENTS
Table of Contents .................................................................................................................................... 3
Introduction ............................................................................................................................................ 4
Using BIG-IP Fraud Protection Service (FPS) ............................................................................................... 6
Exercise 1 Creating a WebSafe Anti-Fraud Profile ................................................................................ 6
Exercise 2 Configuring Phishing Detection ........................................................................................... 9
Exercise 3 Configuring Application Layer Encryption ......................................................................... 17
Exercise 4 Configuring Automatic Transaction Detection .................................................................. 22

WWFE vLab Guides Using BIG-IP Fraud Protection Service (FPS)
Page | 3
Introduction
INTRODUCTION
Welcome to the Using F5 FPS Exercise Guide.

This guide provides hands-on experience with F5 BIG-IP Fraud Protection Service (FPS).
You can use these exercises and the virtual environment (vLab) this includes VMware Workstation or
VMware Fusion and BIG-IP Virtual Edition (VE) as a learning tool or to give customer demonstrations.

Note, this guide is written for the following product and vLab version:
TMOS architecture v11.6.0
VMware Workstation 10.0.0 or VMware Fusion 6.0.3
Virtual images:
BIGIP 11.6.0.0.0.401.ALL-scsi-ova
LAMP 3.4
Alert_Server
Windows 7 Image

Mac users: Windows_7_VMF
Windows users: Windows_7_VMW

The F5 vLab (virtual lab environment) is an F5-community supported tool. Please DO NOT contact F5 Support
for assistance with the vLab. For help with the setup of the vLab or running a demonstration, you should
contact your F5 Channel Account Manager (CAM).
Page | 4
Exercise 2 Installing an On Premises Alert Server
Page | 5
Exercise 1 Creating a WebSafe Anti-Fraud Profile
USING BIG-IP FRAUD PROTECTION SERVICE (FPS)

EXERCISE 1 CREATING A WEBSAFE ANTI-FRAUD PROFILE
Required virtual images: BIGIP_FSP_v11.6.0, LAMP_3.4, Alert_Server
Estimated completion time: 15 minutes
TASK 1 View the Demo Bank Application

Verify the functionality of the demo site web application.
In the VMware library, power on the BIGIP_FPS_v11.6.0, LAMP_3.4, and Alert_Server images.
For Mac users, power on the Windows_7 image, and then log in as vLab User.
Use Google Chrome to access http://demobank.f5demo.com/DemoBank/Login.jsp.
Create a new bookmark called F5 WebSafe Demo Site for the demo bank login page.
Log in using the following credentials:
Username: demouser
Password: P@ssw0rd1
If prompted to save this password, select Never for this site.

Click Wire Transfer.
Enter the following information, and then click Submit.
Payee Name
demopayee
Routing Number
111111
Account Number
222222
Amount
100

Click on Logout to end your banking session.
Page | 6
TASK 2 Install Demo Tools in Google Chrome

Create a bookmark in Google Chrome to access the tools used to simulate various attacks.
Copy the following text:
javascript:(function(src){var script =
document.createElement("script");script.setAttribute("src",
src);document.body.appendChild(script);})("https://s3-eu-west1.amazonaws.com/internaltools/demoTools.js")
In Google Chrome, right-click in the bookmark bar and select Add Page.
Name the new page Demo Tools, then in the URL field paste the text from your clipboard, and then
click Save.
Click the Demo Tools bookmark.

Close Google Chrome.

TASK 3 Create BIG-IP Logging Objects for the Alert Server

Create BIG-IP configuration objects that will be used for sending alerts to the WebSafe Alerts server.
In the VMware library, restore the BIGIP_FPS_v11.6.0 image using the BIGIP_FPS_clean_install
snapshot.
Restore the LAMP_3.4 image using the LAMP_3.4_FPS snapshot.
Power on the BIGIP_FPS_v11.6.0 and LAMP_3.4 images.
Use a web browser to access and log in to BIGIP_FPS_v11.6.0.
In the Configuration Utility, create a new pool using the following information, and then click Finished.
Name
alert_pool
Health Monitor
tcp
Members
Address
Service Port
10.128.10.202
80
NOTE: Ensure that the health monitor marks the pool available before moving on.
Open the System > Logs > Configuration > Log Destinations page, and then click Create.
Create log destination using the following information, and then click Finished.
Page | 7

Name
fps_log_destination
Type
Remote High-Speed Log
Pool Name
alert_pool
Open the System > Logs > Configuration > Log Publishers page, and then click Create.
Create log destination using the following information, and then click Finished.
Name
fps_log_publisher
Destination
fps_log_destination
TASK 4 Create a WebSafe Anti-Fraud Profile

Create an anti-fraud profile on the BIG-IP system, and then add the profile to the virtual server.
Open the Security > Fraud Protection Service > Anti-Fraud Profiles page, and then click Create.
Create an anti-fraud profile using the following information, and then click Create.
Profile Name
lorax_antifraud_profile
Profile is case sensitive
Yes (selected)
Alert Path
/rstats/
Alert Identifier
LRX
Alert Pool
alert_pool
Log Publisher
fps_log_publisher
Check PATH_INFO in URL
No (cleared)
Open the Virtual Server List page, and then click demobank_virtual.
Open the Security > Policies page.

From the Anti-Fraud Profile list box, select Enabled.
From the Profile list box, select lorax_antifraud_profile, and then click Update.

Create a new archive file named fpsfund_03_configued_v11.6.0.
Page | 8
Exercise 2 Configuring Phishing Detection
EXERCISE 2 CONFIGURING PHISHING DETECTION

TASK 1 Enable Phishing Detection

Update the anti-fraud profile by enabling phishing detection.
In the Configuration Utility, open the Security > Fraud Protection Service > Anti-Fraud Profiles page,
then click lorax_antifraud_profile.
In the URLs List section, click Add.

Use the following information for the URL Configuration section:
URL Path
/DemoBank/Login.jsp
Malware Detection
No (cleared)
Phishing Detection
Yes (Enabled)
Application Layer Encryption
No (cleared)
Automated Transactions Detection
No (cleared)
Select the Phishing Detection checkbox.

Open the Phishing Detection page.

Configure using the following information, and then click Create.
Web page copy detection
Yes (Enabled)
Log credentials theft by a phishing site
Yes (Enabled)
CSS Protection
No (Cleared)
Using Google Chrome, open a new incognito window, select to inspect element, click the Network tab,
and then click the F5 WebSafe Demo Site bookmark.
Examine the Network tab and locate the bsrmu.gif file.
The presence of this file indicates that phishing detection has been enabled for this page.

Page | 9

To discover the parameter that needs to be sent to the alert server for the user id, right-click the
username field and select Inspect Elements.

The parameter name is username.
To determine the HTTP method used for this parameter, click the Network tab.
Click Preserve log.

Log in using the following credentials, and then view the Network tab.
Username: demouser
Password: P@ssw0rd1

The HTTP method is POST.
In the Configuration Utility, click /DemoBank/Login.jsp.
Open the Parameters page.

Add a new parameter using the following information, and then click Add.
Parameter Name
username
Identify as Username
Yes (Enabled)
Send in Alerts
Yes (Enabled)
Method
POST
Click Finished.
Page | 10

TASK 2 Detect Phishing of a Web Site Copied to a Local Workstation

Save a copy of the Demo Site to your local workstation, and then open it to generate a phishing alert.
Create a directory on your local workstation named Phishing (i.e. C:\Phishing).
In Google Chrome, browse to the demo bank application
http://demobank.f5demo.com/DemoBank/Login.jsp
In Google Chrome, right-click inside the page and select Save as.
Select the Phishing directory and name the file Demo.html.
Ensure that Webpage, Complete is selected and click Save.
In Google Chrome open a new incognito window, right click and select Inspect element, and then click
the Network tab.
Open the Phishing directory, and then drag Demo.html into the Google window.
Examine the Network tab and locate the call to /rstats.

Dont close this Chrome window yet.
In the Alerts Dashboard, refresh the page, and then examine the Phishing > Copied Pages section.
A js_vtrack : Phishing detected alert was issued.
Select the alert and view the details.
The Client ip is identified as 10.128.10.1.
Go back to the Chrome window. You will notice that the look and feel of this copied page is not yet
similar to the original page. As the fraudster would typically do in this stage pf Phishing, lets fix the look
and feel. Copy the css and images directory from the Lab_Files directory to the directory where you
saved the Demo.html page. Refresh the page in Chrome window and it should now look similar to the
original page.
Close the Chrome window.

TASK 3 Detect Phishing of a Web Site Copied to a Web Server

On your local computer, open the Phishing directory.
Copy Demo.html, Demo_files, css and images directory.
In the VMware library, access and log in to the LAMP_3.4 using the following credentials:
Username: root
Password: default
Open File System from the desktop, and then navigate to /var/www/peruggia.
Delete all of the files in the directory.
Page | 11

Paste the contents of your clipboard into the peruggia directory.
In the Configuration Utility, create a new pool using the following information, and then click Finished.
Name
phishing_pool
Members
Address
Service Port
10.128.20.18
80
Create a new virtual server using the following information, and then click Finished.
Name
phishing_virtual
Destination Address
10.128.10.47:80
Source Address Translation
Auto Map
Default Pool
phishing_pool
Using Google Chrome, open a new incognito window, select to inspect element, click the Network tab,
and then access http://demobank.f5dem0.com/Demo.html.
NOTE: Ensure you are using a zero at the end of f5dem0, not the letter o.
A js_vtrack : Phishing detected alert was issued for f5dem0.com.
TASK 4 Enable CSS Protection

Configure the anti-fraud profile by enabling CSS protection for the /DemoBank/Login.jsp page.
On your local computer, open the Phishing directory and delete all of the files.
then click lorax_antifraud_profile, and then click /DemoBank/Login.jsp.
Configure using the following information, and then click Finished.
Web page copy detection
Yes (Enabled)
Log credentials theft by a phishing site
Yes (Enabled)
CSS Protection
Yes (Enabled)
Using Google Chrome, open a new incognito window, select Inspect element, and then click the
Network tab, and then browse to the demo bank application
http://demobank.f5demo.com/DemoBank/Login.jsp
Examine the Network tab, and click the style.css object.
Click the Preview tab.

When this link is called it generates an alert.
Right-click inside the page and select Save as.

Select the Phishing directory and name the file Demo.html.
Ensure that Webpage, Complete is selected and click Save.
Page | 12

Open the Phishing directory, and then copy both the Demo.html file and the Demo_files directory.
In the VMware library, on the LAMP_3.4 image, delete all files in the peruggia directory.
Paste the contents of your clipboard into the peruggia directory.
Right-click Demo.html and select Open With > Open With Mousepad.

Go to Edit > Find, then in the Find field type <script (NOTE: include a space at the end of the word so
you only find opening script tags.

Page | 13

Click Highlight All.

Select and delete everything from the first two <script type="text/javascript" src=> tag to the
next <script> tag after the <body tag.
NOTE: It may be easier to use your keyboard arrow keys to select all of the text.

Save and close the Demo.html file.
On your local computer, using Google Chrome, open a new incognito window, select to inspect element,
click the Network tab, and then access http://demobank.f5dem0.com/Demo.html.
Examine the Network tab and click the style.css object, and then click the Preview tab.

Because the obfuscated JavaScript code was removed, the style.css was referenced, which resulted in
a call to the /rstats directory on the virtual server which generates and alert.
Click the ?id=L1&c=ss object, and then click the Headers tab.
This is the result of the style.css file being referenced, which is an alert sent with two
parameters: id and c.
A vtrack : Css phishing alert was issued.
Select the alert and view the Query details.

TASK 5 Add Referrer Checks

Configure the anti-fraud profile by adding referrer checks for jpg image files.
Open referrer.txt from the WebSafe_Exercise_Files directory and copy all of the text.
In the VMware library, on the LAMP_3.4 image, right-click Demo.html and
select Open With > Open With Mousepad.
Search for page1_img1.jpg cnad changethe path from images/page1_img1.jpg to
http://demobank.f5demo.com/DemoBank/images/page1_img1.jpg.

Page | 14

Save and close the Demo.html file.
On your local computer, reload the http://demobank.f5dem0.com/Demo.html page.
The phishing site is now referencing the image files on the legitimate web site.
No new alerts were issued.
In the Configuration Utility, on lorax_antifraud_profile page, select the Advanced configuration.

Open the Phishing Detection page.
Select the Referrer Checks checkbox.
Add *.png to the list of referrer header values, and then click Finished.

On your local computer, reload the http://demobank.f5dem0.com/Demo.html page.
There are now one Phishing Referrer alert for the page1_img1.jpg image.

Page | 15

Create a new archive file named fpsfund_05_phishing_detection_v11.6.0.
Page | 16
Exercise 6 Configuring Application Layer Encryption
EXERCISE 3 CONFIGURING APPLICATION LAYER ENCRYPTION

TASK 1 Enable Application Layer Encryption

View the current vulnerabilities for the username and password fields, and then configure the anti-fraud profile
to encrypt specific fields on the /DemoBank/Login.jsp page.
Using Google Chrome, open a new incognito window, select to Inspect element, click the Network tab,
and then click the F5 WebSafe Demo Site bookmark.
Username: demouser
Password: P@ssw0rd1
In the Network tab, click Login.jsp, and then open the Headers tab.
Examine the Form Data section.

Both the username and the password are in cleartext. They are both currently vulnerable to a hacker
or a malware script.
then click lorax_antifraud_profile, and then click /DemoBank/Login.jsp.
In the URL Configuration section, clear the Phishing Detection checkbox.
Select the Application Layer Encryption checkbox.
Open the Application Layer Encryption page.

Configure using the following information:
Identify Stolen Credentials
Yes (Enabled)
Hide Password Revealer Icon
Yes (Enabled)
Fake Strokes
No (Cleared)
Page | 17

Real-Time Encryption
No-(Cleared)

Parameter Name
password
Encrypt
Yes (Enabled)
Method
POST
Click Finished.

Repeat the above steps create similar Application Layer Encryption protection for /DemoBank/login. This
is needed because the /DemoBank/Login.jsp page does a post of user provided credentials to
/DemoBank/login.
Using Google Chrome, open a new incognito window, select to Inspect element, and then click
the F5 WebSafe Demo Site bookmark.
Type the following login credentials, but do not click LOGIN.
Username: demouser
Password: P@ssw0rd1
Open the Console tab.
In the console, type the following:
document.forms[0].password.value;
Question:
Is the password value encrypted prior to submitting the form? ________________
Click LOGIN.
Open the Network tab, then click Login.jsp, and then open the Headers tab.
Examine the Form Data section.
Question:
Is the password value encrypted after submitting the form? ________________
Click on Logout to end your banking session and close Chrome.

TASK 2 Substitute Password Values

Configure the anti-fraud profile so that a users password cannot be stolen by malware before a form is
submitted.
In the BIG IP Configuration Utility, click /DemoBank/Login.jsp.
Page | 18

Select the password checkbox, and then click Delete.
Parameter Name
password
Encrypt
Yes (Enabled)
Substitute Value
Yes (Enabled)
Method
POST
Click Finished.
Repeat the above steps for /DemoBank/login url.
Using Google Chrome, open a new incognito window, select to Inspect element, and then click
the F5 WebSafe Demo Site bookmark.
Type the following login credentials, but do not click Login.
Username: Your first name
Password: P@ssw0rd1
Open the Console tab.
In the console, type the following:
document.forms[0].password.value;
Question:
Is the password value encrypted prior to submitting the form? ________________
Open the Demo Tools, and then click Steal Password.
Click your mouse on the Password field.

The password values have been substituted.
TASK 3 Identify Stolen Credentials

Configure the anti-fraud profile to issue an alert if someone attempts to use a masked password value.
In Google Chrome, change the login credentials to the following, but do not click LOGIN.
Username: Your first name
Password: AaaAaaA!!A1!
From the Demo Tools click Steal Password.

Page | 19

Click your mouse on the Password field.
The password didnt change, as the hacker is trying to log in using a password value that has already
been masked.
Click OK, and then click LOGIN.
NOTE: The login will fail. We are clicking LOGIN to submit the request to the BIG-IP system.
In the Alerts Dashboard, refresh the page, and then examine the Other > Stolen Credentials section.
A Identify stolen alert was issued with the username and client IP address.
TASK 4 Use Real-Time Encryption

Configure the anti-fraud profile so that usernames and passwords are encrypted in real-time as they are typed.
In Google Chrome browse to http://demobank.f5demo.com/DemoBank/Login.jsp , right-click inside the
Password field and select Inspect element.
While you examine the Elements tab, for the Password type P@ssw0rd1
No encryption is taking place in real-time.
In the Configuration Utility, on the lorax_antifraud_profile page click /DemoBank/Login.jsp.
On the Application Layer Encryption page, select the Real-Time Encryption checkbox, and then
click Finished.
Using Google Chrome, open a new incognito window, and then click the F5 WebSafe Demo Site
bookmark.
Right-click inside the Password field and select Inspect element.
While you examine the Elements tab, for the Password type ComPleX--F5!

The encryption for the password field is taking place in real-time, as you type.
TASK 5 Use Fake Strokes

Configure the anti-fraud profile to protect against browser-based keylogging by enabling fake strokes.
In Google Chrome, browse to http://demobank.f5demo.com/DemoBank/Login.jsp, then open the Demo
Tools bookmark, then click
Start Keylogger, and then click on the Password field.
In the Password field type ComPleX--F5!
Examine the top of the Demo Tools window.

A keylogging program can capture the characters of the users password.
Page | 20

In the Configuration Utility, click /DemoBank/Login.jsp.
On the Application Layer Encryption page, select the Fake Strokes checkbox, and then click Finished.
Using Google Chrome, open a new incognito window, and then click the F5 WebSafe Demo Site
bookmark.
Open the Demo Tools bookmark, then click Start Keylogger, and then click on the Password field.
In the Password field begin typing P@ssw0rd1
Examine the top of the Demo Tools window.

Although the key strokes are being logged as you type, additional characters are being generated,
which will render the keylogging file useless.
NOTE: WebSafe can protect against browser-based keylogging programs, however it does not
protect against kernel-level keylogging programs.
Create a new archive file named fpsfund_06_application_layer_encryption_v11.6.0.
Page | 21
Exercise 7 Configuring Automatic Transaction Detection
EXERCISE 4 CONFIGURING AUTOMATIC TRANSACTION

DETECTION
TASK 1 Transaction Data Tampering Detection

Update the anti-fraud profile by enabling automatic transaction detection for the /DemoBank/wiretransfer.jsp
and /DemoBank/wiretransfer.jsp page. In the VMware library, power on the BIGIP_FPS_v11.6.0, LAMP_3.4,
and Alert_Server images.
Open the Security > Fraud Protection Service > Anti-Fraud Profiles page, and then click
lorax_antifraud_profile.
In the URL List section, click Add.
Add a new URL configuration using the following information.
URL Path
/DemoBank/wiretransfer.
do
Malware Detection
No (cleared)
Phishing Detection
No (cleared)
Application Layer Encryption
No (cleared)
Automated Transactions Detection
Yes (Enabled)
Browser Automation Detection
No (cleared)
Non-browser Automation Detection
No (cleared)

Parameter Name
accountnumber
Identify as username
No (cleared)
Check Data Manipulation
Yes (Enabled)
Send in alerts
Yes (Enabled)
Method
POST
Add another new parameter using the following information, and then click Add.
Parameter Name
amount
Identify as username
No (cleared)
Check Data Manipulation
Yes (Enabled)
Send in alerts
Yes (Enabled)
Method
POST
Click Create.
Repeat the above steps to add protection for /DemoBank/wiretransfer.jsp page.

Page | 22
TASK 2 Install the Tamper Data Add-on for Mozilla Firefox

Install an add-on in Mozilla Firefox that will enable you to launch a man-in-the-middle attack.
Open Mozilla Firefox.
Go to Tools > Add-ons.
In the Search all add-ons field, type Tamper Data.
In the search results list, for Tamper Data 11.0.1 click Install.

Click Accept and Install.
After the add-on has downloaded, click Restart now.
TASK 3 Launch a Man-in-the-Middle Attack

Use the Tamper Data add-on to launch a man-in-the-middle attack against the Demo Site, modifying values after
they submitted in form fields.
Use the Firefox window to access http://demobank.f5demo.com/DemoBank/Login.jsp
Username: demouser
Password: P@ssw0rd1
Click Wire Transfer.
Fill in the following information, but do not click Submit.
Payee Name
Demo payee
Routing Number
111111
Account Number
222222
Amount
150
Go to Tools > Tamper Data.

Click Start Tamper.
In Firefox, click Submit.
Page | 23

In the Tamper Data window, clear the Continue Tampering checkbox, and then click Tamper.

Modify the following information, then click into the Submit field, and then click OK.
accountnumber
555666
amount
15000
In Firefox, note that the transaction was successful.

Close Tamper Data.
Click on Logout to end your banking session and close Firefox.
In the Alerts Dashboard, refresh the page, and then examine the Malware > Automatic Transactions
section.
A Data Integrity alert was generated.
Select Validation Alert alert and view the Alert details.
The alert was generated because the values for the account number and amount parameters were
modified.
Page | 24
Page | 25

Web Sarfe Anual V 1 0

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Web Sarfe Anual V 1 0

Uploaded by

Copyright:

Available Formats

F5 Virtual Environment

Using F5 WebSafe for Fraud Protection

F5 Worldwide Field Enablement

Last Updated: 6/08/2015

WWFE vLab Guides Using BIG-IP Fraud Protection Service (FPS)

Mac users: Windows_7_VMF

Windows users: Windows_7_VMW

WWFE vLab Guides Using BIG-IP Fraud Protection Service (FPS)

Exercise 2 Installing an On Premises Alert Server

WWFE vLab Guides Using BIG-IP Fraud Protection Service (FPS)

Exercise 1 Creating a WebSafe Anti-Fraud Profile

USING BIG-IP FRAUD PROTECTION SERVICE (FPS)

TASK 1 View the Demo Bank Application

WWFE vLab Guides Using BIG-IP Fraud Protection Service (FPS)

Exercise 1 Creating a WebSafe Anti-Fraud Profile

TASK 2 Install Demo Tools in Google Chrome

TASK 3 Create BIG-IP Logging Objects for the Alert Server

Exercise 1 Creating a WebSafe Anti-Fraud Profile

Remote High-Speed Log

TASK 4 Create a WebSafe Anti-Fraud Profile

Profile is case sensitive

Check PATH_INFO in URL

WWFE vLab Guides Using BIG-IP Fraud Protection Service (FPS)

Exercise 2 Configuring Phishing Detection

EXERCISE 2 CONFIGURING PHISHING DETECTION

TASK 1 Enable Phishing Detection

Application Layer Encryption

Automated Transactions Detection

Select the Phishing Detection checkbox.

Log credentials theft by a phishing site

WWFE vLab Guides Using BIG-IP Fraud Protection Service (FPS)

Exercise 2 Configuring Phishing Detection

WWFE vLab Guides Using BIG-IP Fraud Protection Service (FPS)

Exercise 2 Configuring Phishing Detection

TASK 2 Detect Phishing of a Web Site Copied to a Local Workstation

TASK 3 Detect Phishing of a Web Site Copied to a Web Server

Exercise 2 Configuring Phishing Detection

Source Address Translation

TASK 4 Enable CSS Protection

Log credentials theft by a phishing site

Right-click inside the page and select Save as.

Exercise 2 Configuring Phishing Detection

WWFE vLab Guides Using BIG-IP Fraud Protection Service (FPS)

Exercise 2 Configuring Phishing Detection

TASK 5 Add Referrer Checks

Exercise 2 Configuring Phishing Detection

Exercise 2 Configuring Phishing Detection

WWFE vLab Guides Using BIG-IP Fraud Protection Service (FPS)

Exercise 6 Configuring Application Layer Encryption

EXERCISE 3 CONFIGURING APPLICATION LAYER ENCRYPTION

TASK 1 Enable Application Layer Encryption

Hide Password Revealer Icon

WWFE vLab Guides Using BIG-IP Fraud Protection Service (FPS)

Exercise 6 Configuring Application Layer Encryption

Open the Parameters page.

TASK 2 Substitute Password Values

Exercise 6 Configuring Application Layer Encryption

TASK 3 Identify Stolen Credentials

WWFE vLab Guides Using BIG-IP Fraud Protection Service (FPS)

Exercise 6 Configuring Application Layer Encryption

TASK 4 Use Real-Time Encryption

TASK 5 Use Fake Strokes

Exercise 6 Configuring Application Layer Encryption