The Bangladesh Post Office was determined to support the ‘Digital Bangladesh’ initiative through a Digital Financial System (DFS) that allows the country’s citizens to transfer money from their mobile devices and debit cards. Using an all-inclusive F5 solution, the Bangladesh Post Office partnered with Third Wave Technologies Ltd. to launch the DFS platform with security features that ensured user credentials from the DFS application would not be compromised.
The Bangladesh Post Office is a public sector enterprise focused on greater financial inclusion for the citizens of Bangladesh. As an enterprise that caters to a wide audience, the Bangladesh Post Office was determined to support the ‘Digital Bangladesh’ initiative by launching a digital wallet for instant money transfer between individuals who don’t have bank accounts. Given the wide set of audiences that the wallet was expected to cater to, the Bangladesh Post Office was targeting the development of a highly robust, feature rich and easy to use application that enables secure money transfers. Because the app was a late entrant to the space, it would compete against some of the more established e-wallet applications in Bangladesh – which meant it had to be designed and function seamlessly.
Given the requirements of the application, both in terms of 24/7 availability and security, the Bangladesh Post Office wanted to develop a tool that could reroute the incoming requests from Telecom operators to their app servers, aiding in a better app usage experience. Moreover, given the financial applications of the tool, safeguarding the application was a vital requirement; and this entailed protection against application layer attacks, Denial of Service (DoS) attacks, Bot traffic, and against data breaches to steal user credentials.
“Protecting our citizens’ financial and personal data requires establishing the best security and availability metrics –which is no small feat considering the digital age that we all live in. F5 however, ensured this was achieved smoothly and unequivocally,” said Mr. Abu Raihan, Head of Technology, Third Wave Technologies Ltd.
After evaluating various deployment options, The Bangladesh Post Office decided to proceed with F5 Networks’ comprehensive solutions, including F5 Advanced Web Application Firewall.
The deployment included the physical placement of F5 appliances near the core switches, connected to both, the Demilitarized Zone (DMZ) and the Core Switch; and a Virtual Route Domain each for the DMZ and the core. For the DMZ applications, F5 Advanced Web Application Firewall (WAF) helped ensure protection of the mobile and web applications from application layer attacks, malicious bot traffic, Layer 7 Denial-of-Service (DoS) attacks, and to distinguish mobile and bot traffic.
Additionally, F5 Advanced WAF provided real time password encryption for their e-wallet web application, while an F5 BIG-IP Local Traffic Manager was used to provide load balancing capabilities for their DMZ and core servers, including Uniform Resource Identifier (URI) based load balancing. All of these were deployed in conjunction to create a secure and smooth application that could cater to large volumes of traffic.
“We expected to handle a minimum of 5 million transactions per day. F5’s deployment was comprehensive enough to cater to this, and more!” said Mr. Abu Raihan, Head of Technology.
With F5, the Bangladesh Post Office was able to deliver a digital financial system with continuous uptime, seamless load balancing and advanced threat protection to provide citizens with a consistent and reliable user experience.
F5’s LTM and Advanced WAF now run on the locally mounted devices to ensure that the Bangladesh Post Office could track the efficiency and the performance of the load segregation and the security capabilities almost immediately.
F5 BIG-IP LTM ensured incoming traffic was accurately diverted between the DMZ and the core using virtual route domains. This was achieved by replacing Bangladesh Post Office’s existing HA Proxy servers, which was expected to route the requests coming from Telecom operators to their app server with BIG-IP LTM
With F5 Advanced WAF, the Bangladesh Post Office successfully deployed a setup capable of protecting the app from Level 7 DoS attacks and application layer attacks, including the OWASP Top 10. With stress-based detection and an Anti-Bot Mobile SDK, the mobile wallet was capable of differentiating traffic coming to the app from Bots, delivering a premium experience each time. Security of the application was also enhanced by real-time encryption of user credentials like passwords, ensuring that users were never at risk.