Forum Discussion

Mike_Maher's avatar
Mike_Maher
Icon for Nimbostratus rankNimbostratus
Apr 04, 2014

IP Intelligence service and SPAM

I am wondering if anyone has tried augmenting their anti-spam solution by using the IP Intelligence services that you can license on the Big-IP? It would appear that the service is mostly geared towards web application traffic, but since most of the time you are going to have a LTM load balancing your anti-spam/mail solutions I am wondering if there is benefit here. Don't get me wrong based upon what I am seeing in the documentation I would not purchase this for the purpose of spam filtering but rather I am looking for extra added value. So is anyone using this solution in this manner or do anyone have any thoughts on this setup?

 

application delivery
ASM Advanced WAF
design
LTM
performance
security

3 Replies

Sort By
  • Mike_61719's avatar
    Mike_61719
    Icon for Cirrus rankCirrus
    Apr 04, 2014

    I thought this was an enhancement to the message security module that is going to be EOL? https://www.f5.com/pdf/products/big-ip-message-security-module-ds.pdf

     

    • Mike_Maher's avatar
      Mike_Maher
      Icon for Nimbostratus rankNimbostratus
      Apr 04, 2014
      Yea that looks old. What I am talking about it is this. http://www.f5.com/pdf/products/ip-intelligence-service-ds.pdf Which is more geared towards web services not mail gateways but just wondering if anyone has tried using out front of their SPAM solution to augment it.
  • Mike_61719's avatar
    Mike_61719
    Icon for Cirrus rankCirrus
    Apr 07, 2014

    Well, I see the IP-intelligence module mainly utilized in this way.

     

    First, it will block external attacks from entering into the environment e.g., botnet, DDoS, proxy scanners etc... Most companies place the service (webroot updates db every five minutes) in the front line, it won't breach your DMZ but that, as you know, is a design decision.

     

    When it comes to internal attacks or devices infected, it will block the traffic on the way out. So, in this case, instead of scrambling around trying to remove the email or block the website at the proxy level, it can be done on the F5 device.

     

    As you mentioned, it wouldn't be purchased for a pure anti-spam solution but rather would allow you to feel comfortable that most harmful inbound requests won't be entering your infrastructure and outbound request will be blocked allowing you to have multi-layered security.

     

    I don't care what anyone says, most proxies do a poor job of looking at outbound requests :)