F5 BIGIP & LTM configuration best practice/hardening guide or any tool to check whether configuration of BIG-IP & LTM.

Hi Tabish,

 

First of all there is no such thing as best practice every environment can be different and can have its own pros n cons plus there is no such tool which checks this all.

 

Regards,

 

Have you configured the machines? If the customer asks for an assessment of machine that you/your company configured, normally it should be a 3rd party doing that. F5 professional services would be happy to "help" I guess ;-)

 

More seriously.. have you checked the LTM Operation guide? Not really best practice guide but some inputs. Otherwise there is no such document (except what F5 calls "Best practice" SOLs on AskF5).

 

Yes, there is a reference guide available at [http://iase.disa.mil/stigs/net_perimeter/network-infrastructure/Pages/other.aspx]. Security Technical Implementation Guides (STIGs) are published by the US military to promote hardening. The page is publicly accessible.

 

After unzipping, find the XML file and open it in a browser that supports XML viewing. You will see segmented rule titles that clarify vulnerability to evaluate for, procedure to check for content and how to fix/harden the gap if necessary.

 

Tabish - did you look at the reference guide I posted?

After you download the zip file from IASE, follow the guide below to learn how to read it. You can make use of Winword to open the XML XCCDF file and convert it into a winword document which you can read easily.

 

[http://iasecontent.disa.mil/stigs/doc/HOW_TO_VIEW_SRGs_and_STIGs.docx]

 

Alternatively, download the jar file here http://iasecontent.disa.mil/stigs/zip/U_STIGViewer-2.5.4.zip

 

Unzip the file and run the jar file and then open the XML XCCDF file.