White Paper A10 Thunder and AX Series Load Balancing Security Gateways



Similar documents
Load Balancing Security Gateways WHITE PAPER

White Paper A10 Thunder and AX Series Application Delivery Controllers and the A10 Advantage

PCI DSS and the A10 Solution

Healthcare Security and HIPAA Compliance with A10

A10 Thunder and AX Series

PCI DSS and the A10 Solution

Avoid Microsoft Lync Deployment Pitfalls with A10 Thunder ADC

Next Generation Application Delivery

VALIDATING DDoS THREAT PROTECTION

REAL-TIME WEB APPLICATION PROTECTION. AWF SERIES DATASHEET WEB APPLICATION FIREWALL

Brocade Virtual Traffic Manager and Microsoft IIS Deployment Guide

Thunder Series for SAP BusinessObjects (BOE)

Optimize Enterprise Application Availability, Security and Responsiveness

Security Overview and Cisco ACE Replacement

Where every interaction matters.

4 Delivers over 20,000 SSL connections per second (cps), which

Uncover Threats in SSL Traffic: The Ultimate Guide to SSL Inspection WHITE PAPER

Brocade Virtual Traffic Manager and Magento Deployment Guide

Deployment Guide Microsoft Exchange 2013

Flexible Routing and Load Control on Back-End Servers. Controlling the Request Load and Quality of Service

A10 ADC Return On Investment

Thunder ADC for Epic Systems

INSTALLATION GUIDE. A10 Thunder TM Series vthunder for AWS

Deployment Guide MobileIron Sentry

access convergence management performance security

Deployment Guide AX Series with Citrix XenApp 6.5

AX ADC Application Delivery Controller

NSFOCUS Web Application Firewall

APPLICATION DELIVERY

Thunder Series for SAP Customer Relationship Management (CRM)

World Leading Application Delivery Controllers. Peter Draper Technical Director EMEA

Brocade Virtual Traffic Manager and Microsoft SharePoint 2010 Deployment Guide

Web Application Security. Radovan Gibala Senior Field Systems Engineer F5 Networks

Thunder ADC: 10 Reasons to Select A10 WHITE PAPER

NSFOCUS Web Application Firewall White Paper

Content Scanning for secure transactions using Radware s SecureFlow and AppXcel together with Aladdin s esafe Gateway

Deployment Guide Microsoft IIS 7.0

Deployment Guide Oracle Siebel CRM

Protecting against DoS/DDoS Attacks with FortiWeb Web Application Firewall

FortiWeb for ISP. Web Application Firewall. Copyright Fortinet Inc. All rights reserved.

Thunder ADC for SAP Business Suite DEPLOYMENT GUIDE

Microsoft Exchange 2013 DEPLOYMENT GUIDE

Business Case for a DDoS Consolidated Solution

SHARE THIS WHITEPAPER. Top Selection Criteria for an Anti-DDoS Solution Whitepaper

SSL Insight Certificate Installation Guide

Brocade Virtual Traffic Manager and Microsoft Outlook Web Access Deployment Guide

A Layperson s Guide To DoS Attacks

Brocade Virtual Traffic Manager and Oracle EBS 12.1 Deployment Guide

WEB APPLICATION FIREWALLS: DO WE NEED THEM?

Smart Network. Smart Business. Application Delivery Solution Brochure

Importance of Web Application Firewall Technology for Protecting Web-based Resources

SharePoint Performance Optimization

Firewall and UTM Solutions Guide

Getting More Performance and Efficiency in the Application Delivery Network

A10 Networks IPv6 Overview. November 2011

Semantic based Web Application Firewall (SWAF V 1.6) Operations and User Manual. Document Version 1.0

The Application Delivery Controller Understanding Next-Generation Load Balancing Appliances

Application Security Backgrounder

AAM Kerberos Relay Integration with SharePoint

Cisco ACE 4710 Application Control Engine

Cisco Application Networking for IBM WebSphere

Powered by. Incapsula Cloud WAF

REAL-TIME WEB APPLICATION PROTECTION. AWF SERIES DATASHEET WEB APPLICATION FIREWALL

Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper

Request for Quotation For the Supply, Installation, and Configuration of Firewall Upgrade Project

WEB SITE SECURITY. Jeff Aliber Verizon Digital Media Services

Web Application Defence. Architecture Paper

Presented by Philippe Bogaerts Senior Field Systems Engineer Securing application delivery in the cloud

SHARE THIS WHITEPAPER. On-Premise, Cloud or Hybrid? Approaches to Mitigate DDoS Attacks Whitepaper

DEPLOYMENT GUIDE. SAML 2.0 Single Sign-on (SSO) Deployment Guide with Ping Identity

Brocade Virtual Traffic Manager and Oracle Application Server 10G Deployment Guide

White paper. Keys to SAP application acceleration: advances in delivery systems.

Next-Generation Firewalls: Critical to SMB Network Security

Smart Network. Smart Business. Application Delivery Solution Brochure

Cisco Application Networking for BEA WebLogic

Game changing Technology für Ihre Kunden. Thomas Bürgis System Engineering Manager CEE

Place graphic in this box

VMware Horizon Mirage Load Balancing

Manage the unexpected

FortiWeb 5.0, Web Application Firewall Course #251

A Guide to Application delivery Optimization and Server Load Balancing for the SMB Market

Out of the Fire - Adding Layers of Protection When Deploying Oracle EBS to the Internet

Background. Industry: Challenges: Solution: Benefits: APV SERIES CASE STUDY Fuel Card Web Portal

CS5008: Internet Computing

Advanced Core Operating System (ACOS): Experience the Performance

Imperva Cloud WAF. How to Protect Your Website from Hackers. Hackers. *Bots. Legitimate. Your Websites. Scrapers. Comment Spammers

Mingyu Web Application Firewall (DAS- WAF) All transparent deployment for Web application gateway

Radware s Attack Mitigation Solution On-line Business Protection

Load Balancing for Microsoft Office Communication Server 2007 Release 2

Brocade Application Delivery

Why Is DDoS Prevention a Challenge?

VMware View 5.0 and Horizon View 6.0 DEPLOYMENT GUIDE

Setting Up a Kerberos Relay for the Microsoft Exchange 2013 Server DEPLOYMENT GUIDE

AppDirector Load balancing IBM Websphere and AppXcel

Leveraging Symantec CIC and A10 Thunder ADC to Simplify Certificate Management

FortiDDos Size isn t everything

Radware s AppDirector and AppXcel An Application Delivery solution for applications developed over BEA s Weblogic

Improving Web Application Firewall Testing (WAF) for better Deployment in Production Networks January 2009 OWASP Israel

THUNDER TPS Next-generation DDoS Protection

Transcription:

White Paper A10 Thunder and AX Series Load Balancing Security Gateways June 2013 WP_LB FW 062013

Disclaimer This document does not create any express or implied warranty about A10 Networks or about its products or services, including but not limited to fitness for a particular use and non-infringement. A10 Networks has made reasonable efforts to verify that the information contained herein is accurate, but A10 Networks assumes no responsibility for its use. All information is provided "as-is." The product specifications and features described in this publication are based on the latest information available; however, specifications are subject to change without notice, and certain features may not be available upon initial product release. Contact A10 Networks for current information regarding its products or services. A10 Networks products and services are subject to A10 Networks standard terms and conditions. Copyright 2013 A10 Networks, Inc. All rights reserved. A10 Networks, A10 Thunder, vthunder, ACOS, acloud, aflex, axapi, avcs, Virtual Chassis, SoftAX, and aflow are trademarks or registered trademarks of A10 Networks, Inc. in the United States and other countries. 2

A10 Security Advantages Scalability 1 RU appliances can scale to 150 Gbps of application traffic with 5+ million new connections per second 8x ADC scaling with virtual chassis systems Acceleration Optimization 80% faster content retrieval Reduce round trip time Reduce server CPU utilization Reduce server hardware requirements Up to 174,000 new SSL (2048- bit) connections per second DDoS Protection Volumetric attack mitigation of 200+ million SYN requests per second Up to 140+ Gbps in 1 RU Web Application Firewall (WAF) OWASP Top Ten protection PCI Compliancy A10 Networks creates solutions to accelerate, optimize and secure customer networks. The A10 Thunder and AX Series Application Delivery Controllers (ADCs), the latest evolutionary steps in Server Load Balancers (SLBs), enable customers to get maximum scalability and value from their networked devices. Typically, these are application servers that are front-ended by an ADC device so that the application is operating at optimal performance for its end-users, the capacity can scale, and the application is always available. But the benefits of load balancing are not limited to application servers: network firewalls also can benefit greatly from being paired with an ADC/SLB solution. Efficient and secure network traffic flow is vital to an organization s fiscal health. For many organizations, Internet connectivity is an integral part of the core business. If the network is compromised, the results are often disastrous; leading to downtime, loss of revenue and loss of reputation. Network firewalls have evolved over the years to include deep packet inspection (DPI) and provide intrusion prevention services (IPS). Analyzing network traffic behavior and application data content is a very resource-intensive task. Firewalls and IPS devices have increased their capacity over time, yet the throughput of a security gateway device in a real network often is not enough to keep up with total network bandwidth demand. In these cases, an ADC solution is a great way to transparently scale multiple security gateways, improving speed and availability, without forcing a compromise between performance and security. Some key ADC technologies to enhance secure gateway deployments (such as firewalls, Intrusion Prevention System (IPS) and more) include: DNS Application Firewall 80% reduction in CPU utilization when under attack versus other solutions 70% reduction in DNS server traffic load Application Acceleration Traffic Optimization DDoS Protection Web Application Firewall DNS Application Firewall SSL Intercept With these value-added services, A10 can help companies to accelerate, optimize and secure the most demanding infrastructures. 3

1. Acceleration and Optimization A10 Thunder and AX Series ADCs can function as a load balancing solution for security gateway services. Flows can be distributed over available firewalls, providing maximum availability and seamless scalability. A10 s ADCs also can complement a security gateway with hardware accelerated defense solutions to complete the overall security solution set, without sacrificing performance. Key technologies to boost performance and reduce overhead include: SSL Offload TCP Connection Reuse Large-scale RAM Caching HTTP Compression. 4

1.1. High Performance DDoS Protection A10 s ADC solution provides software- and hardware-based DDoS protection; specific hardware components block multiple key high volume attacks. For example, the SYN Flood attack, which comprises around 25 percent of all DDoS attacks on the Internet today, can be mitigated directly in hardware, without adding load to the core CPUs. Additional techniques such as geographic filtering, rate limiting, connection limiting, "Slow HTTP" attack detection, aflex commands and more protect the entire network and application stack against more advanced attacks. 5

1.2. Web Application Firewall A Web Application Firewall (WAF) is a specialized firewall function that operates specifically on the application level (Layer 7) to protect against web code vulnerabilities. The WAF function is not included in traditional network firewalls, and therefore makes a perfect complementary solution to existing firewalls. Application layer attacks or exploitations include: SQL Injection attack (SQLIA) Cross-Site Scripting (XSS) Cross-Site Request Forgery (CSRF) More The OWASP 1 project maintains a list of the top ten web application vulnerabilities, many of which persistently reappear on the list. With A10 s WAF module, these top vulnerabilities can be addressed efficiently and cost effectively, as the WAF feature is part of A10 s all-inclusive license model. 1 www.owasp.org 6

1.3. DNS Application Firewall A10 s ADCs were the first to provide a DNS Application Firewall, and the DNS protection features have expanded over the years. The DNS infrastructure is one of the most attractive targets for attackers, as many essential Internet-based applications including web, email, and voice services rely heavily on DNS. Moreover, DNS traffic usually is unrestricted, meaning many organizations have limited defense mechanisms in place to monitor their DNS traffic, or to protect their DNS infrastructure from attacks, such as: DNS Flood Attacks DNS Amplification Attacks A10 offers mitigation technologies to deal with a DNS Amplification attack, using the DNS Firewall feature set in combination with IP Limiting and system-wide Policy-Based Server Load Balancing (PBSLB). Specific features for DNS application security include: Traffic validation: o Drop or redirect malformed DNS queries High performance surge protection: o DNS caching on per-vip or per-record basis o Rate-based DNS caching o Throttling based on domain name Dynamic traffic flow regulation: o Source-IP based connection rate limiting o PBSLB (black/white lists) 7

1.4. SSL Intercept Secured web traffic (HTTPS) is gaining in popularity for obvious reasons; the transaction between client and server cannot be read and abused by third parties. The SSL/TLS suite does provide added protection to web users, for financial transactions for example, because of this protection the use of SSL has become much more ubiquitous. Many web sites now support SSL access for their entire content. The disadvantage of this added security is that devices such as firewalls are unable to do deep packet inspection of an SSL encrypted packet for spyware or malware, hence cannot protect against spyware and malware that infiltrate an organization s network through SSL connections. 2. Summary A10 s ADCs are equipped with powerful, dedicated SSL processors that can deal effortlessly with many concurrent SSL sessions. The initial setup of an SSL connection requires significant resources, which is why SSL acceleration hardware is essential in a gateway that manages high level of concurrent SSL connections. The SSL Intercept feature can decrypt and then encrypt again these secured connections, at scale, even with processorintensive 2048-bit and 4096-bit key sizes. Previously unreadable network flows can be presented to a third party security device that inspects the decrypted traffic and takes action against offending traffic when needed. With A10 s Thunder and AX Series, organizations can accelerate and optimize their security solution set by load balancing their current security gateway solutions, with full benefit of the extreme hardware acceleration and additional security modules that A10 provides in its all-inclusive licensing model. Finally, in addition to network integrity, integrity of the environment also is important, making A10 s ADCs an ideal choice by providing the highest performance in a very energy efficient compact device. 8

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information