Tip:
Highlight text to annotate it
X
So, I was talking to a CISO at a company which stores hundreds of thousands of customer credit
card numbers.
The consequences of exposing that information were unthinkable. Fines, lawsuits, damaged
brand – the effect would have been catastrophic. The CISO was pretty worried. He had firewalls,
access control – the works. But what about an insider inadvertently sending the data
outside the company. Even if it was accidental, the effect would be the same.
Our solution was to write a custom iRule. BIG-IP Local Traffic Manager sits right at
the heart of their network, at what we call a strategic point of control, and we see all
their traffic. Our iRule was simplicity itself. 15 lines of code – took about 5 minutes
to write.
It simply watches for a set of numbers that matches the format of a credit card account.
It then performs a ‘mod-10’ calculation (basically an industry-standard checksum that
validates a number is a valid credit card number). If the number is a credit card account
number, the iRule replaces it with X’s.
As a result, our customers can now rest assured their credit card information won’t leave
the company.
F5. Security is our job.