F5 APM - Configuring Host Checking



Teleworking is used a lot these days due to Coronavirus. There are lots of companies that have configured SSL VPN services for employees to work from home. In fact, I worked a lot last week to configure a SSL VPN service where users can access to the office’s computer from home. It is a secure web portal where users log in with the corporate credentials and, once inside the web portal, there is a bookmark which is used to access to the office’s computer. I’ve configured LDAP Authentication, LDAP Query and SSO in this web portal.

However, security is really important. We don’t know if users’ computers, which are in their house, are compromised. Therefore, security measures should be applied in the SSL VPN. For instance, we only allow Windows computers which have an antivirus enabled as well as firewall enabled. Nevertheless, there are no security checks for Linux computers. There are many more security measures which can be applied for improving the security of SSL VPN services such as 2 Factor Authentication (2FA), checking updated antivirus, etc.


Regards my friends! Have you configured host checking in your SSL VPN?

Commentaires

  1. Hi David,

    I saw your video. I'm planning to utilize APM and was wondering? can I check if the employee machine is domain joind or not? I only want domain joind users to access the web portal.

    Thanks

    RépondreSupprimer
  2. Hi,

    I think so. You can add LDAP/AD Search to check if the employee's computer is in the LDAP/AD.

    Regards.
    David.

    RépondreSupprimer
  3. Thanks, really appreciate your reply. Will let you know if things worked with me or not.

    RépondreSupprimer
  4. Buenas,

    Me gustaria saber lo siguiente a ver si me puedes ayudar:

    F5 puede detectar por medio de hostchecker si dispone el puesto de agente EDR o XDR, en mi caso concreto seria la detección de CORTEX de Palo Alto

    Un saludo.

    RépondreSupprimer
  5. Buenas Alejandro,

    Sí que puedes comprobar el software instalado en el lado del cliente.

    Saludos.
    david.

    RépondreSupprimer

Enregistrer un commentaire