Kemp Security Series 2020 – Part 0: LoadMaster Security

Posted on

Kemp Technologies LoadMaster® is an industry leading, award winning load balancer with the most flexible multi-cloud deployment options, subscription and metered licensing, customers can easily augment or replace existing load balancers from any provider … which is fantastic, but did you know about our security posture?

Kemp LoadMaster

The Kemp Technologies LoadMaster is built on an optimized Linux Operating System (OS). The optimizations are focussed on capabilities in Layer 7 handling for applications and firewall appropriate features. By this, I mean that by default all ports are closed, as you configure your specific applications (and associated protocols), you enable only the specific ports that are required to enable that application. Protection for DOS attacks like slow loris, IP management (Access Control Lists) and Packet Routing Filters are natively built into the OS. All unnecessary services and applications are removed.

User Authentication

The LoadMaster OS user authentication is tightly controlled. Kemp provides the ability for system administrators to customize the security posture or further tighten policies regarding whom can access the LoadMaster. Further information is available here.

Logging the correct data in the logs and monitoring those logs closely is vital for a sound security posture. The LoadMaster OS provides detailed system logging to alert suspicious activities, track user activities and assist in post-event investigations.

Also, included in the LoadMaster OS is Intrusion Prevention / Intrusion Detection Systems (IPS/IDS) running Snort rules to add an extra layer of security.

Tried and Tested

Kemp Technologies regularly submits the LoadMaster for penetration testing from industry-leading security auditors. The LoadMaster SSL/TLS implementation is also kept up to date with current industry best practice and tested against sites such as Qualys SSL Labs. The results of these tests can be made available to interested customers. This continuous testing ensures that in addition to the proven success of the LoadMaster in our 100,000 global application deployments in public, private and closed networks, it has been thoroughly vetted by known industry security leaders.

Despite our best efforts to proactively resolve any potential threat prior to the release of our code, security vulnerabilities may be identified that need remediation work. Kemp Technologies is an ISO9001 certified organization and has a solid plan of action in the event a security vulnerability is discovered. Steps include, incident reporting, analysis, containment, mitigation and resolution with communication to all stakeholders throughout. In the event that you discover an issue with the Kemp Technologies LoadMaster, please email [email protected] to report the identified issue. Kemp Technologies also publishes responses to Common Vulnerabilities and Exposures (CVEs), which includes known vulnerabilities in the Kemp Technologies LoadMaster. We would advise all key administrators to subscribe to https://support.kemptechnologies.com to receive announcements for detailed updates.

Security Series

The remaining blogs in this series focus of the following security aspects of the Kemp Technologies LoadMaster including:

  • Application security with the Kemp Technologies Web Application Firewall (WAF)
  • SSL / TLS security
  • Identity Access with the Kemp Technologies Edge Security Pack (ESP)
  • SIEM Log Analysis with the Kemp Technologies logging capabilities

Contact us today to discuss all your application delivery and security needs.

Read the rest of the Kemp Security Series 2020

Part 0: LoadMaster Security Part 1: Application Security Part 2: SSL/TLS Security Part 3: Identity AccessPart 4: LoadMaster and SIEM Log Analysis

Additional Information

Trustwave 2019 Global Security Report Verizon 2019 Data Breach Investigations Report

Posted on

David O'Connor

David O’Connor is a Product Manager in Kemp working in Limerick, Ireland. He holds a bachelor’s degree in Computer Engineering from University of Limerick. David has a telecoms background with previous roles in development, customer support and presales with a focus on product-market fit and creating tech products that customers love.