LoadMaster Application Delivery Controller Security Overview

Small-to-medium sized businesses (SMB) are increasingly relying upon web-based applications and web-enabled services for running their business. Applications such as CRM, e-commerce transactions and other web-enabled applications are accessed both locally and remotely from outside the business facilities. These web- based applications are vulnerable to attacks from viruses, intrusions, and denial of service (DoS) attacks, as traffic comes into the network through various ports and firewalls without being inspected.

SMBs are facing an extraordinary number of network attacks from internal personnel and external hackers. Security problems such as unauthorized access, firewall breaches and other malicious intrusions are occurring on a daily basis. Compounding these problems is the fact that existing security tools such as firewalls, IDS, VPNs, anti-spam and anti-virus gateways do not have the processing capability, performance and the application-level security intelligence to protect against the growing amount of application-level attacks. SMBs are particularly vulnerable to security threats, and risk major losses of intellectual property, user productivity and potential loss of revenue. With that said, there is an increasing need for security solutions that provide real-time protection from a wide variety of application-level attacks.

When an SMB incurs a DoS attack, their IT resources are deprived of the services. Examples of such an inability of a network service are: e-mail might become unavailable, or there may be a temporary loss of all network connectivity and services, or the datacenter may be forced to temporarily shut down operations. DoS attacks can also wipe out a computer system’s software programs and files.

The need for application-based security protection

LoadMaster Security Benefits

LoadMaster Security Capabilities

All LoadMaster Application Delivery Controllers and Server Load Balancers include hardware-based (ASIC) for Secure Socket Layer (SSL) offload and acceleration. SSL Acceleration performed by LoadMaster provides two benefits:

LoadMaster’s Intrusion Prevention System (IPS) is installed in-line, inspecting all traffic before forwarding it onto the network. If the LoadMaster IPS detects malicious activity it terminates the session. By default, intrusion prevention is enabled, and protects all application delivery services. However, administrators can disable the LoadMaster intrusion prevention capabilities. The Intrusion Prevention System protects applications from the following common threats:

The LoadMaster 3500 contains protocol- specific guards that protect your Servers from attacks targeting SMTP, DNS, and LDAP protocols.

The LoadMaster 3500 protects applications that are particularly vulnerable to external attacks. These applications include IIS, Websphere, Cold Fusion, Exchange, and many others.

LoadMaster 3500 contains Microsoft and UNIX-specific detection capabilities that identify malicious activity against these operating systems. The Intrusion Prevention System is updated with the latest threats every hour by Energize Updates.

With the LoadMaster, you can get complete Application Layer 7 IPS exactly where you need it. As an SSL termination point, the LoadMaster is the outermost point on the network that enables it to see all Layer 7 exploits coming in, and completely avoid the dreaded "port 443 blind spot".

The LoadMaster 3500 delivers 2,000 TPS of SSL processing power, so you don't have to sacrifice end-user responsiveness. Denial of Services

LoadMaster ensures continuous real-time DoS/DDoS and SYN attack protection for web application security. Security events are isolated to ensure continuous uptime even while under attack, while unaffected traffic is allowed through without degrading performance.

LoadMaster Application Delivery Controllers are compliant with PCI-DSS Requirement #4 (the credit card data security standard). Companies use LoadMasters every day to process credit card transactions via SSL.

Small-to-medium sized businesses face unprecedented amounts of network security attacks from internal personnel and external hackers. Security tools such as firewalls, IDS, VPNs, anti-spam and anti-virus gateways are not capable of providing the processing capacity, performance and the application-level security intelligence necessary to protect against the increasing amount of application-level attacks. SMBs are continuously exposed to security hazards that pose a threat to their intellectual property, potential revenue loss and lost productivity.

KEMP Technologies’ LoadMaster Application Delivery Controllers and Server Load Balancers help to ensure that online business remains stable even while under attack. The LoadMaster simplifies and centralizes network infrastructure management, and optimizes performance and scalability of IT infrastructure to economically scale server resources and security operations to deliver optimal security management and enforcement.

KEMP products deliver availability, performance, scalability and security to the SMB web infrastructure.

KEMP Technologies is a leader in cost-effective application delivery controllers and server load balancer appliances tailored to meet the needs of small-to-medium sized businesses (SMB) that rely on the Internet for e-commerce and business-critical applications. KEMP helps SMBs rapidly grow their business with 24/7 high-availability, better web infrastructure performance, scalability and secure operations - while streamlining IT costs.

Thousands of KEMP LoadMaster products are in use today to improve customer satisfaction by accelerating user access to business-critical web applications. Managed service providers also rely upon KEMP products to enable fast time-to-market and cost-effective operations for new and existing managed services.

KEMP’s highly affordable LoadMaster products include Layers 4-7 load balancing, content switching and server persistence, SSL offload/acceleration, WTS load balancing and persistence with Session Directory integration, and application front-end capabilities (caching, compression, intrusion prevention system), plus one full year of product support – delivering industry leading price/performance value.

The company is headquartered in Yaphank, New York. For more information, visit www.KEMPtechnologies.com, or call us at +1 (631) 345-5292.