Security is an ever-evolving concept in theory and application. It is important to deploy and leverage technologies that can adapt and change with our security models. In the technology world, when the networking and application protocols were initially developed, minimal thought was given to security. Protocols like Telnet, FTP, DNS, SMTP, and even HTTP were designed for function and user-experience, not integrity.
Network architectures are changing with the evolution of software-defined technologies, cloud, and virtualization. Meanwhile, applications and the data they are delivering are morphing to be specific, individualized, and timely. Systems are not monolithic and proprietary mainframes based on centralized computing technologies. Applications are not major endeavors that require years of development and enormous resources to support.
Part of the genetic makeup
Application delivery technologies that are available through application delivery controllers (ADC) were created to provide the availability, reliability, and scalability that users expect from their applications. The load balancing technologies enable the ADC to increase its usability by acting as a security gateway for the applications.
As a reverse proxy, the ADC has the insight to manage and protect the application and its content. The ADC protects the IP addresses of the application servers by hosting a unique IP address to virtualize the real servers. In the OSI networking model, this is layer 3 security. The ADC only allows specific TCP and UDP ports to be available for the user to access. For example, only port 53 for TCP and UDP are allowed for DNS servers. This is layer 4 security.
When one combines layer 3 and layer 4 security along with the source (user) and destination (application) information, this allows the ADC to protect the application through what is traditionally known as an access-control list (ACL). The ability to protect components in the IT infrastructure through ACLs is what a traditional firewall does. In other words, the ADC is a true network firewall because of its ability to load balance application servers.
The right place, the right time
The ADC is designed to do content inspection to steer traffic to different application servers based on the content received. The ability to do this content inspection and then make a decision on what do to with the traffic, including dropping or blocking the traffic is what an advanced next generation firewall (NGFW) or intrusion prevention system (IPS) is designed to do.
While the ADC has not evolved to become a fully functional IPS or NGFW yet, web application firewall (WAF) capabilities have been added to enhance the security capabilities for the dominant application transport on the internet, HTTP. Businesses are using the WAF built into ADCs to protect their applications and ensure compliance for security standards such as PCI and HIPAA.
Evolving from the individual to the ecosystem
The next step in the evolution of ADC security capabilities is to integrate with the new network architectures. Management and orchestration across disparate technologies and components to create a fully integrated and interactive network ecosystem. There are other components and technologies that the ADC must integrate with such as the IPS and NGFW solutions mentioned before as well as other security functions like DDoS mitigation, and outbound content inspection technologies.
ADCs are a key piece of this environment. Technologists will continue to enhance the function of the ADC as a critical component within their dynamic, self-healing, and ultimately self-aware next generation networks.
Read “Keep It Simple; Make It Scalable: 6 Characteristics of the Futureproof Load Balancer” to learn more.
Frank Yue is Director of Solution Marketing, Application Delivery for Radware. In this role, he is responsible for evangelizing Radware technologies and products before they come to market. He also writes blogs, produces white papers, and speaks at conferences and events related to application networking technologies. Mr. Yue has over 20 years of experience building large-scale networks and working with high performance application technologies including deep packet inspection, network security, and application delivery. Prior to joining Radware, Mr. Yue was at F5 Networks, covering their global service provider messaging. He has a degree in Biology from the University of Pennsylvania.