Speakers:
Vlad Babkin, Principal Security Researcher, Eclypsium
Paul Asadoorian, Principal Security Evangelist, Eclypsium

In the current era where many network appliances are built on Linux operating systems, strong and robust firmware security is a must. Historically, network devices struggled to implement everything securely.

As a result, there is a big push to use both memory-safe languages, as well as achieve process isolation similar to that of hardened operating systems. Technologies like docker, k8s, and languages like golang are gaining adoption in the device firmware industry. But, they are not a cure-all

In this presentation, we cover:

• The Evolution of Firmware Security: An overview of the network devices supply chain and a comparison between past and present security practices.
• The Latest Advancements: A deep dive into the F5 BIG-IP platform, specifically BIG-IP Next, and how modern technologies like Docker, Kubernetes (k8s), and Golang are enhancing platform security.
• Security Gaps: An examination of how the platform still falls short in basic security hygiene, despite new technologies, including:
  
  
  • Two fresh remotely exploitable vulnerabilities.
  • Risks of device central manager takeover.
  • Methods for achieving stealthy persistence on the devices.
• Future Improvements: Discussion on what can be further done to prevent these issues, applicable to both the BIG-IP platform and the broader industry.