Forum Discussion

boneyard's avatar
Dec 14, 2013

studying for APM beta exam, question on first two objectives

anyone else around studying for the beta APM (304) exam? as with the previous ones im using the blueprint as the basis for my studying. this time i even have the course study guide, though it was a bit disappointing, mainly focusing on configuring and not on theory.

 

but as before the blueprint throws some interesting curve balls. starting with the first objective:

 

  • Objective 1.01 - Explain how APM mitigates common attack vectors and methodologies (e.g., cookie hijacking [front and back], DoS attack)

i searched every resource i could find, but nowhere these terms are even mentioned in combination with APM. am i overlooking some document somewhere? it reads like this is just taken from some product promotion document :) if there isnt some document, what other common attack vectors and methodologies can you think of?

 

based on some research i came up with these attacks:

 

  • brute forcing (username / password)
  • insufficient authentication* insufficient session expiration* badly written authentication code / input validation

as for mitigation:

 

  • cookie hijacking (front and back) - use secure / httponly flag, use correct domain and path
  • DoS attack - use the default BIG-IP options, use iRule (less sure about this one, but dont see how to APM itself does anything against a DoS attack, or does defend your backend systems from one of course)
  • brute forcing (password / username) - per default the APM module protects you, with iRules you can make it more robust
  • insufficient authentication - per default the APM module protects what is behind it
  • insufficient session expiration - you can configure expiration and log off URI
  • badly written authentication code / input validation - by default APM provides a well checked and proven authentication framework

the second objective feels like a double of the first

 

  • Objective 1.02 - Identify which APM tool(s) should be used to mitigate a specific authentication attack

or does anyone have a different idea here?

 

stuff like this always bothers me with these blue prints, using totally different terms then anywhere else like "APM tool" and talking about matters like authentication attack without explaining what exactly. the same goes with the first objective, talking about these attack vectors and methodologies like everyone knows what they are.

 

objective 1.02 has an interesting sub section also Compare authentication methods

 

again, which authentication method? are we talking like password, token, certificate or bio-metric here or more like HTTP-basic, HTTP-digest and form based ... this annoys me.

 

DISCLAIMER: im not trying to get answers to actual exam questions here, im just looking for general information based on the blue prints.

 

some useful links:

 

  • http://cwe.mitre.org/documents/sources/WASCThreatClassificationTaxonomyGraphic.pdf
  • http://ict.govt.nz/guidance-and-resources/standards-compliance/authentication-standards/guidance-multi-factor-authentication/4-authentication-attac/
  • http://pic.dhe.ibm.com/infocenter/sprotect/v2r8m0/topic/com.ibm.ips.doc/concepts/wap_authentication.htm
  • Good to hear to exam to 304. I am planned to take this also

     

    Let's to discuss with this. For my question.

     

    Objective 1.01 - Explain how APM mitigates common attack vectors and methodologies (e.g., cookie hijacking [front and back], DoS attack)

     

    1. For F5 product. I thinks it will mention about ASM. Since ASM can protect with APM by session tracking function and Brute Force Login attack.

    Objective 1.02 - Identify which APM tool(s) should be used to mitigate a specific authentication attack 2. Virtual Keyboard / Two-Factor Auth / Email OTP / CAPTCHA Auth / Geolocation and Time base control.

     

  • Hi boneyard,

     

    I took the beta exam a few weeks ago (don't think they will be scored for a while) and I had the same concerns while studying for the exam. I didn't study a whole lot for it since it is a beta exam and those types of exams sort of drive me crazy because not all questions are good questions (and it is hard to get a read on how you did :)... )

     

    For the first sections I looked an just reviewed different web attack vectors not necessarily tied to F5 APM. I think the stuff you listed above seems like you are on the right track. Are you taking the beta or waiting until it is in production?

     

    Either way... good luck when you do take it!

     

    Seth