NetScaler 10 has already created a lot of buzz with amazing abilities - TriScale, Action Analytics, DataStream Improvements and more - that were introduced . And indeed, our marketing team has done a fantastic job of creating buzz using multiple media. Beyond all the hype, there are many features that often go unnoticed, but are very much part of the real meat that NetScaler offer. With the cloud era ushering to heights even more - apart from all the technology cloud activation, security becomes a key factor as well. NetScaler is a comprehensive WAF (Web Application Firewall) that provides protection against attacks L7 for applications and web databases.
There are many other security features such as SSL, DOS protection, authentication, etc. that complement the WAF provide a holistic approach to security. NetScaler 10 comes with many safety improvements (other than WAF) that we'll cover in this blog.
1. simple ACLs : Simple ACLs are used to block traffic based on the combination of IP, port and protocol and still in force on the new sessions. Now we have added a "flush" command to make your new effective ACLs existing sessions as well - just in case you need to make sure you completely block the flow of bad sources
2. ACLs extended : We increased the limit extended ACL that can be created on NetScaler 10K to exist 1K
3. SSL Renegotiation Attack : Secure Socket Layer (SSL) and Transport Layer Security (TLS) renegotiations are vulnerable to an attack in which the attacker makes a TLS connection with the target server, injects the content of their choice, then splice in a new TLS connection from a client. NetScaler 10 now offers protection against these attacks by cryptographically binding renegotiation handshakes cryptographic parameters TLS gripping, allowing the server to differentiate the renegotiation of the initial negotiation and the prevention of renegotiations to be connected between connections .
4. Authentication - NTLMv2 : The choice of security negotiated between the client and the server assigns:
• The level of authentication protocol used by clients
• The negotiated session security level
• the level of authentication accepted by servers
NetScaler now announces the capacity to support NTLMv2 session security and support for the signing of type 3 message.
5. Authentication - SAML : NetScaler 10 has also added support for SAML consumers. We can now accept the client authentication using third party identity provider (IDP). As a service provider in SAML, NetScaler supports the authentication scheme - Service Provider initiated and launched IdP. IdP supported on NetScaler 10 are - SecureAuth, Shibboleth, ADFS and Cloud Gateway
6 .. TCP Syn Cookie : Before NetScaler 10, there was no way to disable Syn Support Cookie - but now you can
7. HTTP slow DOS Protection NetScaler employs Adaptive Request Timeout to counter the slow DOS attacks HTTP. We take into account factors such as the length of the payload, MSW, inter-packet delay and RTT to adapt the timeout used for requests. And when the timeout occurs one set of possible actions is taken. -! DROP and reset
Please refer to our blog AppFW for what's new in Application Firewall
0 Komentar