Manual Chapter : Managing DoS Profiles in Shared Security

Applies To:

Show Versions Show Versions

BIG-IQ Security

  • 4.5.0
Manual Chapter

About DoS profiles

The DoS Profiles panel in Shared Security lists configured DoS profiles.

Using BIG-IQ Security, you can configure profiles to detect and protect against DoS (Denial of Service) attacks.

DoS attack detection and prevention serves the following functions:

  • It detects and automatically drops packets that are malformed or contain errors.
  • It logs unusual increases in packets of any type, including packets that are malformed, packets that contain errors, or packets of any other type that appear to rapidly increase.

You can use the DoS Protection profile to configure the percentage increase over the system baseline, which indicates that a possible attack is in process on a particular query type, or an increase in anomalous packets. Additionally, you can use reporting or logging functions to detect such packets.

You can enable Layer 7 application DoS protection of HTTP traffic, Layer 7 DoS protection for SIP traffic, and Layers 2-4 application DNS DoS security.

To cancel any operation without saving and close the panel, click Cancel.

To get help on any panel, click the (?) icon in the upper right corner.

Adding DoS profiles

Hover over the DoS Profiles header, click the (+) icon when it appears, and click New DoS Profile. The panel expands to display the new DoS Profile screen.

Editing DoS profiles

Hover over the DoS profile header you want to edit, and when the gear icon appears, select Properties to expand the panel.

Adding DoS profiles

Use the New DoS Profiles panel to configure a new DoS profile.

Note: Depending on the settings you configure, you may see only some of the screen elements described here.

Adding DoS profiles

  1. Hover over the Dos Profiles header, click the + icon when it appears, and click New DoS Profile. The panel expands to display the New DoS Profile properties.
  2. In the New DoS Profile screen, review, and add or modify the properties as appropriate.
    Property Description
    Name Specify a unique user-provided name for the DoS profile. Required.
    Description Specify an optional description for the DoS profile.
    Partition Specify the partition to which the DoS profile belongs. Only users with access to a partition can view the objects (such as the DoS profile) that it contains. If the DoS profile resides in the Common partition, all users can access it. Although this field is pre-populated with Common (default), you can set the partition when creating DoS profiles by typing a unique name for the partition.
    Note: The partition with that name must already exist on the BIG-IP device. No whitespace is allowed in the partition name.
  3. Select Enabled to the right of one or more protection types to enable those types. A configuration tab is added dynamically when a protection type is selected. Click the tab to configure the protection type.
    Property Description
    Application Security When enabled, protects your web application against DoS attacks. Click Application Security to configure the application security protection.
    Protocol DNS When enabled, protects your DNS server against DoS attacks. Note that your virtual server must include a DNS profile to work with this feature. Use the Protocol DNS settings to configure the DNS server protection.
    Protocol SIP When enabled, protects against SIP DoS attacks. Note that your virtual server must include a SIP profile to work with this feature. Use the Protocol SIP settings to configure the SIP DoS protection.
    Network hen enabled, protects your server against network DoS attacks.Use the Network settings to configure the network DoS protection.
  4. Configure the selected protection types by clicking the matching protection type tab, and supplying or modifying any necessary property values.
  5. When finished, click Add.

Editing DoS profiles

Expand the DoS Profiles panel to edit a DoS profile. The profile is used to fine tune both the circumstances under which the system considers traffic to be a DoS attack, and how the system handles a DoS attack.

Editing DoS profiles

From the DoS Profiles panel, you can edit DoS profile properties.

  1. Hover over the DoS profile that you want to edit, click the gear icon, and select Properties to expand the panel.
  2. Click Edit to lock the DoS profile for editing and make it possible to edit the property values.
  3. Edit the properties.
    Property Description
    Name Specify a unique user-provided name for the DoS profile. Required.
    Description Specify an optional description for the DoS profile.
    Partition Specify the partition to which the DoS profile belongs. Only users with access to a partition can view the objects (such as the DoS profile) that it contains. If the DoS profile resides in the Common partition, all users can access it. Although this field is pre-populated with Common (default), you can set the partition when creating DoS profiles by typing a unique name for the partition.
    Note: The partition with that name must already exist on the BIG-IP device. No whitespace is allowed in the partition name.
  4. Select Enabled to the right of one or more protection types to enable those types. A configuration tab is added dynamically when a protection type is selected. Click the tab to configure the protection type.
    Property Description
    Application Security When enabled, protects your web application against DoS attacks. Click Application Security to configure the application security protection.
    Protocol DNS When enabled, protects your DNS server against DoS attacks. Note that your virtual server must include a DNS profile to work with this feature. Use the Protocol DNS settings to configure the DNS server protection.
    Protocol SIP When enabled, protects against SIP DoS attacks. Note that your virtual server must include a SIP profile to work with this feature. Use the Protocol SIP settings to configure the SIP DoS protection.
    Network hen enabled, protects your server against network DoS attacks. Use the Network settings to configure the network DoS protection.
  5. Configure the selected protection types by clicking the matching protection type tab, and supplying or modifying any necessary property values.
  6. Click Save to save your changes as you go.
  7. When finished, click Save and Close to save changes, release the lock, and exit the panel.

Removing DoS profiles

  1. Hover over the DoS profile that you want to remove, click the gear icon, and select Properties to expand the panel.
  2. Click Remove.
  3. In the confirmation dialog box, click Delete.