Many years ago, one of my customers had an internet-facing application. They positioned load balancers in front of the application to support the growing traffic load. Traffic to the website was growing so fast, that parts of the network infrastructure could not support the customer load.
One of the first components to fail under the load was the traditional network firewall at the edge of the network. It used standard access control policies based on source and destination layer 3 (IP) and layer 4 (TCP/UDP) information. Upon review and consultation with the customer, we determined that the reverse-proxy function of the load balancer performed the function of the firewall, making it redundant. Ultimately, the customer removed the firewall and network bottleneck, comfortably relying on the load balancer to protect their application from network threats.
Once and future security solution
The application delivery controller (ADC) has always been a security device. The load balancer evolved to become the ADC. Earlier we looked at how load balancing, the core ADC technology, enhances application security. Security is part of the ADC’s pedigree and corollary technologies are being added to make it one of the critical security solutions that a business should consider.
The ADC is a multi-function and multi-purpose application networking solution. It is a load balancer with additional capabilities beyond what a load balancer was originally designed to do. Many of the ADC technologies focus on providing enhanced security for the datacenter and its applications.
The ADC has become a many faceted security tool. Network-based application security-like SYN-flood protection through SYN-cookie technology was added. SYN-flood protection mitigates some of the more common DDoS attack types that target the 3-way TCP handshake protocol.
The ADC can perform URL classification and traffic steering based on content inspection. Using site reputation and URL classification databases, the ADC is able to identify the type of content for a given connection and apply a network policy to it.
As a reverse-proxy, the ADC becomes the termination point for SSL/TLS connections. As the encryption endpoint, the ADC manages the security and integrity of the application content through the network. The ADC needs to understand modern ciphers like elliptic curve cryptography (ECC) and standards like TLS 1.2 and 1.3.
More recently, the ADC has added the full functionality of web application firewalls (WAF). The ADC is already inspecting the content for load balancing purposes, so it makes sense for it to apply application-specific policies to the content for security purposes.
As a WAF, the ADC becomes more application-aware as it protects against application-specific threats like SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF), and other vulnerabilities.
The past secures the future
The core technology incorporated into the creation of the load balancing technology in the 1990s has allowed it to evolve and become what it is today. The ability to manage application connections, inspect content, and apply policies based on this information, positions the ADC to maintain a key role in the networks of the future.
The ADC is the key technology needed for the networks today and tomorrow. The ADC provides the application delivery networking function with its load balancing legacy. It enhances the application and network security through high performance enhancements. The ADC has become one of the core technologies to offer secure application delivery networking.
Read “Keep It Simple; Make It Scalable: 6 Characteristics of the Futureproof Load Balancer” to learn more.
Frank Yue is Director of Solution Marketing, Application Delivery for Radware. In this role, he is responsible for evangelizing Radware technologies and products before they come to market. He also writes blogs, produces white papers, and speaks at conferences and events related to application networking technologies.
Mr. Yue has over 20 years of experience building large-scale networks and working with high performance application technologies including deep packet inspection, network security, and application delivery. Prior to joining Radware, Mr. Yue was at F5 Networks, covering their global service provider messaging. He has a degree in Biology from the University of Pennsylvania.
This is a Security Bloggers Network syndicated blog post authored by Frank Yue. Read the original post at: Radware Blog