Under Attack?
Search
Menu

Old Technologies Enable Future Secure Application Delivery Networking

By Frank YueOctober 18, 2017

Many years ago, one of my customers had an internet-facing application. They positioned load balancers in front of the application to support the growing traffic load. Traffic to the website was growing so fast, that parts of the network infrastructure could not support the customer load.

One of the first components to fail under the load was the traditional network firewall at the edge of the network. It used standard access control policies based on source and destination layer 3 (IP) and layer 4 (TCP/UDP) information. Upon review and consultation with the customer, we determined that the reverse-proxy function of the load balancer performed the function of the firewall, making it redundant. Ultimately, the customer removed the firewall and network bottleneck, comfortably relying on the load balancer to protect their application from network threats.

Once and future security solution

The application delivery controller (ADC) has always been a security device. The load balancer evolved to become the ADC. Earlier we looked at how load balancing, the core ADC technology, enhances application security.  Security is part of the ADC’s pedigree and corollary technologies are being added to make it one of the critical security solutions that a business should consider.

The ADC is a multi-function and multi-purpose application networking solution. It is a load balancer with additional capabilities beyond what a load balancer was originally designed to do.  Many of the ADC technologies focus on providing enhanced security for the datacenter and its applications.

[You might also like: 5 Key Items for the Digital Transformation of Healthcare]

The ADC has become a many faceted security tool.  Network-based application security-like SYN-flood protection through SYN-cookie technology was added.  SYN-flood protection mitigates some of the more common DDoS attack types that target the 3-way TCP handshake protocol.

The ADC can perform URL classification and traffic steering based on content inspection. Using site reputation and URL classification databases, the ADC is able to identify the type of content for a given connection and apply a network policy to it.

As a reverse-proxy, the ADC becomes the termination point for SSL/TLS connections. As the encryption endpoint, the ADC manages the security and integrity of the application content through the network. The ADC needs to understand modern ciphers like elliptic curve cryptography (ECC) and standards like TLS 1.2 and 1.3.

More recently, the ADC has added the full functionality of web application firewalls (WAF). The ADC is already inspecting the content for load balancing purposes, so it makes sense for it to apply application-specific policies to the content for security purposes.

As a WAF, the ADC becomes more application-aware as it protects against application-specific threats like SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF), and other vulnerabilities.

The past secures the future

The core technology incorporated into the creation of the load balancing technology in the 1990s has allowed it to evolve and become what it is today. The ability to manage application connections, inspect content, and apply policies based on this information, positions the ADC to maintain a key role in the networks of the future.

The ADC is the key technology needed for the networks today and tomorrow. The ADC provides the application delivery networking function with its load balancing legacy. It enhances the application and network security through high performance enhancements. The ADC has become one of the core technologies to offer secure application delivery networking.

6_tips_sla_document_cover

Read “Keep It Simple; Make It Scalable: 6 Characteristics of the Futureproof Load Balancer” to learn more.

Download Now

Posted in: Application Delivery SecurityTags:

Frank Yue

Frank Yue is Director of Solution Marketing, Application Delivery for Radware. In this role, he is responsible for evangelizing Radware technologies and products before they come to market. He also writes blogs, produces white papers, and speaks at conferences and events related to application networking technologies. Mr. Yue has over 20 years of experience building large-scale networks and working with high performance application technologies including deep packet inspection, network security, and application delivery. Prior to joining Radware, Mr. Yue was at F5 Networks, covering their global service provider messaging. He has a degree in Biology from the University of Pennsylvania.

Related Articles

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Contact Us Now

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Locations
Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program

CyberPedia

An Online Encyclopedia Of Cyberattack and Cybersecurity Terms

CyberPedia
What is WAF?
What is DDoS?
Bot Detection
ARP Spoofing

Get Social

Connect with experts and join the conversation about Radware technologies.

Blog
Security Research Center
Close

What are you looking for?