DevCentral ICMYI - December 2024

DevCentral publishes new content constantly, and it’s easy to miss the latest from F5’s technical user community with all that turnover. So here’s a monthly round-up of DevCentral news, content, and events—in case you missed it!

New and Notable

• Announcing the new 'AI Friday' Podcast - Episode 1 - Learn about the latest in AI with "AI Friday," a new podcast from DevCentral. Each week, Byron McNaught and Aubrey King invite experts explore key developments in AI, including new technologies and trends. Aubrey King

Content Round-Up

AI

• Securing Model Serving in Red Hat OpenShift AI (on ROSA) with F5 Distributed Cloud API Security - Learn how Red Hat OpenShift AI on ROSA, enhanced by F5 Distributed Cloud API Security, simplifies the deployment of large-scale generative AI models. It also tackles lifecycle management and security issues in enterprise settings. Eric Ji
• Exploring Agentic AI: Ethics, Quantum Computing, and the Future of AI - AI Friday Podcast - A new episode of AI Friday talks about agentic AI (like autonomous decision-making), ethics, and quantum computing's role in the future of AI. Aubrey King
• F5 App Connect and NetApp S3 Storage – Secured Scalable AI RAG - F5 Distributed Cloud's App Connect integrates NetApp storage. This allows for efficient data retrieval and processing, leading to better AI outcomes. Steve Gorman
• BIG-IP and OPSWAT Together Implement DLP for AI Traffic - In this article, we look at how OPSWAT's Proactive DLP module works with F5's BIG-IP to stop sensitive information from being sent through AI platforms like ChatGPT. Steve Gorman

Security Insights

• Google and Chrome proposed split, CISA insights, AI OSS-Fuzz, Roundup - This week's F5 SIRT newsletter covers key cybersecurity developments: Google Chrome may split from Google to address antitrust concerns, discussions on "swatting," and more. Arvin Fopalan
• Upcoming Threats, Giving Tuesday, Roundup - Kyle Fox discusses overlooked threats to digital and physical security, highlights the implications of recent copyright lawsuits against AI language models, and more.
• Continued Intense Scanning From One IP in Lithuania - In September 2024's Sensor Intelligence Series, we found: a 400% increase in scanning for CVE-2023-1389, continued dominance of a single IP in scanning activities, an alarming rise in interest for the critical GeoServer vulnerability. Jesse Smith Malcolm Heath
• BotPoke Scanner Switches IP - In October's Sensor Intelligence Series, scanning for CVE-2017-9841 dropped significantly. CVE-2023-1389 is still the top scanned vulnerability, due to a change in BotPoke scanner activity from Lithuania to Hong Kong. Jesse Smith Malcolm Heath
• Three Ways AI Can Hack the U.S. Election - Learn how AI-generated disinformation, deepfakes, and bots endanger elections. Jesse Smith David Warburton
• Pegasus, Salt Typhoon, Turla Covert Campaign, Windows 11 TPM2.0, and Chrome's 'Store Review' - In this F5 Security Newsletter: critical updates on Pegasus spyware's reach, targeted cyber espionage campaign by Salt Typhoon, infiltration tactics of the Turla APT group and more. Dharminder Rana
• F5 BIG-IP Advanced WAF – DOS profile configuration options. - Discover how to set up the F5 BIG-IP Advanced WAF's DOS profile. Learn how to detect and stop application DDoS attacks with advanced traffic monitoring and customizable mitigation strategies. Lior Rotkovitch
• Attacks against Domain Specific Languages, EU Cybersecurity Laws, & Supply Chain Attacks - In This Week In Security, Jordan Zebor covers, new research on Domain Specific Languages attacks, updates on EU cybersecurity laws for collaborative defense, software supply chain attacks on AI and blockchain tools. Jordan Zebor
• Advent Calendar, IPA alert, Active Cyber Defense, call ChatGPT - This week's edition of F5 SIRT's Koichi highlights important cybersecurity update: year-end holiday threat alerts, progress on Japan's Active Cyber Defense legislatio, ChatGPT's voice capabilities. Kouichi Toriumi

BIG-IP

• Updating SSL Certificates on BIG-IP using REST API - Streamline SSL certificate management on your BIG-IP system with REST API commands. Ensure a secure infrastructure easily. Michelangelo Dorado
• IdP Routing With BIG-IP APM To Enable Seamless SSO User Experience - This article shows how F5 BIG-IP Access Policy Manager (APM) makes it easier for organizations with multiple identity providers to use SAML Single Sign-On. It improves user routing and security without adding complexity. Leon Seng
• Migrating between sites using stretched VLANs - Discover effective strategies to migrate F5 BIG-IP devices. Move from a legacy datacenter to a new location. Maintain high availability and minimize inter-site traffic. Use NSX-T and stretched VLAN technology. Michael O'Leary

Distributed Cloud

• How I did it - “Delivering Kasm Workspaces three ways” - Discover how to boost Kasm Workspaces deployments security and scalability with F5 tech. This includes BIG-IP TMOS for traffic fortification, NGINX Plus Ingress Controller for Kubernetes security, and F5 Distributed Cloud Services for full application delivery. Gregory Coward

NGINX

• Introducing the single Installation script for F5 NGINX Instance Manager - Simplify NGINX Instance Manager setup with our new one-command installation script. It works across any environment and ensures compatibility and offline support.
• Introducing the New Docker Compose Installation Option for F5 NGINX Instance Manager - Organizations can now deploy and manage NGINX instances in just three simple steps using a streamlined Docker Compose installation option for F5 NGINX Instance Manager. This enhances efficiency and resilience across on-premises, cloud, and hybrid environments.
• Announcing F5 NGINX Gateway Fabric 1.5.0 with NGINX Code Snippets - NGINX Gateway Fabric 1.5.0 is out with new features: custom NGINX configuration with SnippetFilters, retaining client IP info, and configurable error log levels.

About DevCentral

DevCentral is an F5 community of technical users dedicated to learning, exchanging ideas, and solving problems—together. Join us to share F5 technology and application security best practices.