FFIV-networks: The white knight against virus attack in cyber war

Unsere Stunde als F5 Aktionaere kommt, und da ist die Marktkapitalisierung nicht mehr 2 Mrd $ sondern wie bei Akamai 20 Mrd $! (Kein Scherz!)

Artikel kann auch auf www.f5.com nachgelesen werden, dann sieht man auch die schoenen Bilder, die leider beim Kopieren des Textes verloren gingen.


A Counter Defense To Denial of
                  Service Attacks and Other Cyber
                  Threats

                  Introduction

                  The number of organizations integrating web-based applications within their
                  business systems continues to increase -- as is the reliance of consumers
                  who want a safe, secure, and reliable environment to do e-Business. The
                  recent Denial of Service attacks that have drawn national headlines symbolize
                  the need for networks to shore up their sites in order to handle the onslaught
                  of legitimate new users - but also to protect their sites from cyber-terrorists
                  whose only goal is to wreck havoc.

                  Clearly, businesses must reevaluate their network security strategy in order to
                  adapt to 1) an open computing environment and 2) protect against the
                  unsavory part of the population which this open environment has attracted. As
                  such, many F5 customers are realizing the added security benefits of using
                  the BIG/ip Controller, a unique high availability, intelligent load balancing
                  product which also includes a number of built-in features designed to heighten
                  network security and provide protection of servers and devices against
                  attacks.

                  BIG/ip Controller: Value-Added Security

                  BIG/ip comes standard with numerous security features to protect your site,
                  including:

                  Firewall capable. The BIG/ip Controller uses packet filtering to limit or deny
                  access to and from servers. You can specify rules, which allow or deny
                  access based on the source IP address of the packet, the destination IP
                  address, the source port number, the destination port number (for protocols
                  that support ports), or even the packet type (UDP, TCP, ICMP, etc). This
                  feature significantly heightens network security and gives you the flexibility to
                  restrict access on a very granular basis.

                  Stringent access control. The BIG/ip Controller is configured to allow only
                  specific types of traffic to pass through to the servers by granting or denying
                  ports on BIG/ip and Virtual Servers. A Virtual Server is a specific combination
                  of virtual addresses and virtual ports. Types of traffic that have not been
                  defined as allowed to pass through BIG/ip will be denied. This yields
                  extremely tight security, since only the traffic that you specify is allowed to
                  pass through BIG/ip.

                  Secure Administration. The BIG/ip Controller's default configuration only
                  allows encrypted administration traffic into the device.

                       Its web-based configuration tool uses SSL and Access Control Lists to
                       provide secure real-time configuration
                       BIG/ip command line interface via F-Secure SSH client supports
                       remote encrypted login and file transfer from most commercial UNIX
                       platforms, Windows 95, NT, and Mac operating systems
                       BIG/ip command line interface includes a VGA or serial console with
                       command history

                  Resists Common Attacks

                  BIG/ip is a default deny device that resists common attacks in the following
                  ways:

                       Thwarts Denial of Service attacks (reaps idle connections)
                       Thwarts IP spoofing (performs source route tracing)
                       Resists unacknowledged SYN without ACK buffers (thwarts SYN
                       floods)
                       Thwarts teardrop and land attacks
                       Protects itself and servers from ICMP attacks
                       Does not run SMTPd, FTPd, Telnetd, or any other attackable daemons
                       Uses packet filtering to limit or deny access to and from Internet sites
                       based on monitoring the traffic source, destination and port
                       Uses Secure Remote administration based on secure shell (SSH) for
                       command line or SSL for browser-based management

                  In addition, BIG/ip is inherently secure and averts common threats without the
                  need to purchase additional security devices.

                  Security Tool

                  BIG/ip's security report identifies any services and ports that receive illegal
                  access attempts by monitoring the:

                       IP address - source IP address of attacker
                       Frequency - amount of attempts
                       Port - which port(s) was hit

                  This information can help you identify security holes in your network and
                  identify the source of potential attackers. Additionally, access to BIG/ip can
                  be controlled on any interface. By default, BIG/ip denies access unless types
                  of specific traffic are enabled. This allows BIG/ip to be dynamic addition to a
                  site's overall security.

                  Port Mapping and Network Address Translation (NAT)

                  BIG/ip can be configured to map a single port into multiple ports. Well known
                  ports such as 80, 443, 20, 21 can be mapped to any port on the actual
                  servers. In addition, BIG/ip can translate addresses of the servers behind it to
                  addresses that are advertised to the outside world. These security features
                  provide several benefits, including:

                       Greater security by making it difficult for intruders to identify what
                       services are running on which port.
                       Uses non-publicly routed addresses - Using BIG/ip, Internet routable IP
                       addresses can be saved, thereby reducing consumption of IP
                       addresses.
                       Addresses of the servers behind BIG/ip are never exposed to the
                       outside world, reducing the chance of hackers gaining access to your
                       servers.

                  Secure Network Address Translation

                  BIG/ip also features Secure Network Address Translation (SNAT). This
                  provides servers with a secure outbound connection to the Internet, or to an
                  internal server array through a load balanced virtual server.

                  Firewall Load Balancing

                  Transparent proxy firewalls are a relatively recent generation of firewalls that
                  give Intranets the protection of a firewall, while providing internal users
                  transparent access to the Internet. Due to the growing use of these
                  transparently configured firewalls, and the inherent need to provide high
                  availability and scalability to these devices, BIG/ip again is increasingly being
                  deployed as a solution.

                  BIG/ip uses a feature called Transparent Node Mode. When enabled, it allows
                  BIG/ip to work with various devices, such as transparent firewalls. This feature
                  makes these firewalls more reliable and more scalable. The load balancing
                  functions of Transparent Node Mode simultaneously functions with BIG/ip's
                  normal load balancing intelligence. Additionally, BIG/ip can be configured in
                  front of an array of transparently configured firewalls and an array of Intranet
                  servers - all at the same time.

                  BIG/ip tests specific IP address and port combinations to determine if a
                  firewall is functioning properly. BIG/ip will make a non-transparent request to
                  the network device. The Extended Content Verification (ECV) feature of BIG/ip
                  can be used to increase the accuracy of these tests. If a firewall does not
                  respond to a predetermined amount of time, BIG/ip directs requests to other
                  devices instead. This delivers high availability to users, who will seamlessly
                  be redirected to a properly functioning firewall.

                  Transparent Node Load Balancing/High Availability on the BIG/ip Controller
                  offers many benefits for businesses. It provides full scaling of firewall solutions
                  that is not limited by the exchange of agent traffic between multiple firewalls.
                  It provides high availability and intelligent load balancing for any Intranet web
                  servers or other backbone or DMZ servers, while allowing them to stay
                  securely inside your network.

                  Additionally, the BIG/ip Controller supports a multitude of different firewall
                  vendor devices, which assists a business in migrating to new firewall
                  technology in the future. It also allows for implementation of diverse parallel
                  security, as opposed to serially linked firewall devices.

                  The Transparent Node Load Balancing/High Availability also adds to the
                  increased security that BIG/ip already brings to the network, further
                  supercharging its network-security functionality.



                  Figure 1: Firewall load balancing/high availability with redundant
                  BIG/ip Controllers.

                  Transparent Device Persistence - Firewall Sandwich

                  In situations where BIG/ip is accepting connections for virtual servers from
                  more than one device, such as firewalls, routers, or caches, it may be
                  desirable to send the return data back through the same device from which
                  the connection originated. This can be used to spread the load among
                  outbound devices, or to assure that connections go through the same device,
                  such as a proxy, cache, firewall, or VPN router. You can do this by defining a
                  pool that contains the list of devices from which the connections are received,
                  and then associating the pool with a virtual device using the lasthop keyword.



                  Figure 2: Transparent Device Persistence (Firewall Sandwich)

                  Summary

                  The BIG/ip Controller, an extremely robust and flexible product, enriches your
                  network security by cooperatively working with firewall products, router ACLs,
                  mail filters, and content filters. While F5 does not actively market the BIG/ip
                  Controller as a firewall or security device, many customers are using its
                  numerous security features to provide a highly scalable, available and secure
                  Internet site - more important than ever given recent events.

Bin nun Dank Deines Tips auch in f5 (zu 101E) drin. Du traust dem Ding ja ganz schön was zu, wenn das nicht ein irrationaler Gefühlsausbruch bei Deinem letzten Posting war. Die Produkte von f5 werden ja in Tat sehr positiv beschrieben, was mich stört ist, daß Cisco als Wettbewerber dargestellt wird. Entweder hält Cisco nichts von f5 und vertraut auf die eigene Verkaufsautorität oder Cisco kauft f5 und dann bekommen wir Cisco Aktien, die zwar auch nicht schlecht sind, aber schon weit mehr gelaufen sind als f5, und vor allem als Du f5 zutraust.

Gruß furby

Sicherlich wuerde cisco daran interessiert sein, f5 zu uebernehmen. Das Motto des f5-Managements ist es aber, die Marktfuehrerschaft zu uebernehmen und cisco von der leading position zu verdraengen.

cisco ist unbestritten ein hervorragendes Unternehmen.
Aber, und das sehe ich sehr unemotional, f5 wird momentan mit einem zu deutlichen Abschlag gegenueber seinen Konkurrenten gehandelt.

f5 wird bis Ende 2000, und dies habe ich bereits schon mehrfach gepostet, einen Kurs von 750 $ - 1000 $ haben. Und in 2-3 Jahren wird die Marktkapitalisierung bei 100 Mrd $ gegenueber 2 Mrd $ liegen.

nachdem Du vor einiger Zeit gepostete hast keinen Kommentar mehr zu FFIV abzugeben und Dich jetzt mal wieder meldest, sehe ich, dass auch bei Dir die Enttäuschung nach dem Kurseinbruch doch tief sitzt. Geht mir nicht anders.
Die Börse ist manchmal paradox, was bei F5 abging, die ein wirklich phenomenales Ergebnis hingelegt haben, ist mir absolut unverständlich!
War ein Split erwartet worden? Ziehen sie nach, Cisco splittet auch?

Gruß TGK

Bei mir herrscht keine Enttaeuschung, da ich f5 als Langfristanlage sehe. Ich habe sogar vor kurzem gepostet, dass ich, waehrend die Diskussion mit deepgreen war, f5 aktien aufgestockt habe.

Soweit ich mich noch daran erinnere, hat der CEO in einem Interview gesagt, dass er dem Board einen Aktiensplitt vorschlagen wird.
Das momentan kein Splitt bekannt gegeben worden ist, hat fuer mich keinen allzugrossen Einfluss auf den Aktienkurs.
Woanders zieht man shorties als Begruendung fuer den Kursverfall bzw. Insiderverkaeufe heran. (alles sehr schleierhaft)

Fazit: Abwarten und Tee trinken.

Schau dir Sycomore, Juniper Networks, Akamai und Cisco an.
Mach eine Aufstellung von Umsatz, Umsatzwachstum, Boersenkapitalisierung, Gewinn, KGV.
Dann kommst du zu dem einen Ergebnis: F5 strong buy.

F5 hat ist leider noch nicht in aller Munde - kommte aber bestimmt noch.
Nach den Zahlen werden auch Institutionelle von dem Wert Notiz genommen haben, deren Rating wird genauso ausfallen wie das deinige.

In diesem Sinne
TGK

ein Halbindianer, ich glaube Appache, jetzt einen Regentanz zur Kurssteigerung auffuehren wird (siehe ragging-bull board).
Auch die Kraefte der schwarzen Magie sind auf unserer Seite.

Vielleicht sollten wir in Deutschland auch wieder ein paar alte Riten
aufleben lassen, und Verkaeuferinnen von Cisco Produkten als Hexen
verbrennen.

Dann sieht die Welt in Kuerze schon ganz anders aus.

 From the meeting
 When asked about a potential stock split Hussey commented that
 the goal for the stock is to become less volatile but that a split at
 the current $100 level is not likely. Hussey commented on the
 future potential growth potential based upon the expected growth
 in the industry(currently a $200 million dollar market / analysts
 estimate that market will expand to well over 1 billion in less than
 two years / he also commented that these level are very
 conservative and many analysts are projecting the market for F5's
 products and their competitors to be in the 3 to 4 billion dollar
 range within three years)! This company's potential has been
 grossly underestimated. Their products are going head to head
 with Cisco's, Radware's, and Alteon's and winning(producing
 sales) 9 out of every 10 times. F5's products are far superior to
 any in the industry and other companies are taking notice. Hussey
 commeted that Cisco has approached F5 in an attempt to
 develop an industry standard for content management and traffic
 solutions. Others are taking notice of F5's superior products and
 services and now have over 1300 customers compared to 1100
 less than a month ago!

 

dann ist das eines der heißesten Eisen - phantastisch -  ich deck´ mich vorsichthalber mal ein. F5 dürfte kaum mehr billiger werden.
So long, kaeseotto, ich glaube da hast Du was ganz Großes entdeckt !
 

                                 BIG-IP offers unparalleled Internet traffic and content controls that allow enterprises to deliver the highest quality of
                                 service to their users through their web sites. BIG-IP is designed to provide a new level of fault tolerance for Internet
                                 sites by shielding users from system failure and optimizing response times to user requests and data flow. BIG-IP was
                                 recently honored as the industry's Best Internet Product by the Washington Software Alliance.

                                 "This latest version of BIG-IP is another example of how F5 rewards its customers by enabling them to easily take
                                 advantage of many advanced new features at no extra charge," said Steve Goldman, Senior Vice-President of Sales,
                                 Marketing, and Services at F5 Networks. "BIG-IP has quickly gained broad acceptance in the market, not only by many
                                 large enterprises, but also by the leading ASPs, ISPs, and network equipment manufacturers. This is primarily because
                                 BIG-IP is the most mature and sophisticated product of its kind and is designed to easily integrate into any network
                                 environment."

                                 The new version of BIG-IP delivers the markets most sophisticated and comprehensive traffic and content control
                                 features, enabling maximum flexibility for enterprises to best service their users' requests. This unprecedented level of control allows businesses to
                                 optimize backend resources within their Internet infrastructure and helps ease complicated network management issues. BIG-IP's key new intelligent traffic
                                 and content controls include: -- Enhanced Reliability and Availability -- BIG-IP now includes a

                                 mode called Active-Active, which allows e-Businesses to take full

                                 advantage of traffic throughput for two BIG-IP controllers,

                                 simultaneously. When engaged, Active-Active ensures that

                                 identical information is shared by both BIG-IP Controllers. Not

                                 only are single points of failure removed from the network, both

                                 controllers help to increase site performance and capacity

                                 because each controller is literally "sharing the load." -- Intelligent Traffic Control -- Making load balancing decisions

                                 based on only a few traffic factors is the equivalent of Internet

                                 'tunnel vision.' To better service their customers and prospects,

                                 e-Businesses need to see greater detail -- and control a

                                 wider-range of traffic. BIG-IP contains new methods of

                                 intelligent traffic control, including transparent device

                                 persistence, cookie persistence (hash option), HTTP header load

                                 balancing, and more -- giving e-Businesses nearly unlimited

                                 flexibility and manageability over the flow of IP-based traffic. -- Service Level Differentiation (HTTP Header Load Balancing) -- To

                                 make more granular and intelligent load balancing decisions,

                                 BIG-IP uses information such as HTTP header or IP address to

                                 determine where a customer request should be sent. BIG-IP can

                                 identify specific traffic based on HTTP header information, then

                                 direct that traffic to a set of servers or devices that can best

                                 service the request. For example, BIG-IP can recognize whether a

                                 customer is "gold" (a frequent buyer) or "bronze" (only an

                                 occasional buyer). A "gold" customer's service request can be

                                 load balanced to a pool of servers reserved for similar high

                                 priority customers -- ensuring that these "paying" customers

                                 receive the best service possible. -- Value-Added Security -- BIG-IP comes standard with numerous

                                 security features to provide a highly scalable, available, and

                                 secure Internet site for both internal and external applications.

                                 BIG-IP can be used to balance both inbound and outbound traffic

                                 for devices like firewalls, caches, or routers. It enables

                                 stringent access control, secure administration, and helps resist

                                 common attacks. For example, BIG-IP provides an additional

                                 safeguard for threats such as denial of service (DoS) attacks

                                 where Internet servers are maliciously bombarded with

                                 non-legitimate requests.

                                 About F5 Networks

                                 F5 Networks is a leader in Internet Traffic and Content Management products. The Company's integrated suite of high-performance products automatically
                                 and intelligently manage Internet traffic and content to improve the availability and performance of mission-critical Internet servers and applications. F5
                                 Networks helps companies avoid the risk of being burdened with ill-performing networks that do not meet end user expectations, while enabling network
                                 administrators to better control and predict the performance of their infrastructure. F5 Networks' products are designed to provide a new level of fault
                                 tolerance by shielding users from system failure; optimizing response times to user requests and data flow; and cost-effectively managing an
                                 organization's Internet infrastructure. The company is headquartered in Seattle, Washington, and has offices in Atlanta, Boston, Chicago, Dallas,
                                 Columbus, Los Angeles, New York, San Francisco, Toronto, Washington, D.C., Australia, Hong Kong, Japan, The Netherlands, Singapore, Sweden and
                                 the United Kingdom. F5 Networks is located on the web at www.f5.com.