Leto Bank completed actions for the organization of a comprehensive protection of the corporate application
Customers: Post Bank (before Leto Bank)
Contractors: F5 Networks Product: F5 BIG-IP Application Security Manager (ASM)Project date: 2014/12 - 2015/09
|
On April 28, 2015 it became known of use in Summer of Bank of a comprehensive protection of the corporate application from cracking by implementing solution of F5 Networks company.
Project Tasks
For the correct and safe work of internal application with which agents work it was required to provide the reliable and uninterrupted system of protection.
In the project F5 Networks technologies - Application Security Manager, Access Policy Manager, Application Acceleration Manager, Local Traffic Manager are used.
Leto bank, 2013
Within the project on implementation of the equipment F5 Networks it is necessary to solve problems of ensuring effective work of the target application "Summer of Bank" in interaction of the employee with a system:
- Provide protection of the application
- Optimize delivery of the application through weak communication channels
- Provide balancing of loading, increase fault tolerance of a system
- Accelerate operation of application
- Provide consolidation of methods of access
- Implement multifactor authentication
Project Progress
Work on the Summer of Bank project began with a request of the customer to provide protection of the application and to optimize its delivery through weak communication channels to a workplace of the user. Protection of a system of applications against cracking was performed thanks to the reliable applied screen (Web Application Firewall) – the module Application Security Manager from F5 Networks. The analysis of vulnerabilities of the application before implementation of F5 ASM and after it is carried out. Results showed that all the detected threats are eliminated, without considerable decline in production of the application.
During the research of opportunities of optimization of the solution it is established that in the conditions of balancing of the application external devices of other producer as it was at the time of start of the pilot, a system does not reach that effect which could be received when using the controller of delivery of the F5 Local Traffic Manager application. With respect thereto, the customer made the decision to transfer service to the equipment F5 Networks. By means of such approach the customer could distribute network traffic, exclude the equipment with duplicative functions from a chain of services, having increased cumulative reliability of infrastructure, to increase application performance, providing its high availability.
The second priority task of the customer - the need for acceleration of the application exacting to link quality of communication. Users did not accept performance at access from different points of retail sales of Bank. From F5 the solution on acceleration of operation of application using a range of the technologies which are introduced into the module F5 Application Acceleration Manager which offers different technicians and methods of data compression, optimization of traffic and applied logic at the expense of what the web page is loaded much quicker is proposed.
The fourth product implemented in IT infrastructure Summer of Bank - F5 Access Policy Manager. It solves two problems:
- first, authentication is strengthened by input of the one-time password which the user of the application receives on the business mobile phone.
- secondly, functions of consolidation of access for this application which were not solved standard means are implemented. Internal application has two user groups - employees of the bank and third-party workers, their credentials contain in two untied data warehouses which it is necessary to address in turn and using different types of authentication. Solution F5 integrated two audiences and two storages in a single system of access control, checking validity of the user on two bases and reporting data retrieveds to the application.
"Today multifactor authentication is actually the standard for all annexes published in the Internet and working with financial information. This method allows to be protected most effectively both from selection of passwords, and from leak of credentials" - Alexander Serebryakov, the F5 Networks system engineer told.
Project Results
All four selected solutions work within the general F5 TMOS operating system at one general for them the programno-hardware F5 BIG-IP complex. The hardware platform is picked up with accounting of requirements to performance of all four software modules and constantly growing loading of applications. The project is implemented on two physical F5 BIG-IP 4200v devices in a failover cluster.
"Now many banks try to simplify as much as possible the IT infrastructure, try to consolidate functionality on a single platform to optimize costs for support, to simplify management, etc. the Products F5 Networks in this case is the correct solution on a comprehensive protection of applications and ensuring their working capacity and also for consolidation of many services in information security field, delivery of applications and their optimization", - Vladimir Troyanovsky, the head of service of IT infrastructure noted Summer of Bank.