Getting an A+ on SSL Labs with F5 and StartSSL

Posted 1 CommentPosted in Security Stuffs

So you have some free certificates from StartSSL.com for your F5 BIG-IP lab and want to get an A+ with SSL Labs?  Don’t be scared.  It’s actually pretty easy.  I’m working under the assumption that you already have a Client SSL Profile built and working.  If not, go back to the google and dig that up.  Having just gone through this, I ran into a couple of small but annoying problems. Problem 1:  The intermediate certificates are signed with SHA1.  Terrible.  This will cap you at an A.  I know, […]

F5 BIGIP – DNS and IP Intelligence

Posted Leave a commentPosted in Security Stuffs

F5 has a nice threat feed called IP Intelligence.  It’s really great for keeping “bad” folks from initiating communications TO your F5.  I wanted to use it to keep me from doing something stupid. You know, like handing over my etrade credentials to a known Phishing site or something.  Given that there isn’t a “Stop me from being stupid” button anywhere in the management interface, I had to create my own. In this instance, I wanted a caching DNS resolver that my home network would use exclusively.  As DNS responses would come […]