December 18, 2017
What is ROBOT?
In December 2017 Hanno Böck and Juraj Somorovsky and Craig Young wrote a research paper titled “Return of Bleichenbacher’s Oracle Threat (ROBOT)” identifying how HTTPS hosts can still be vulnerable with the RSA and TLS security breach.
The WebMux is not vulnerable to the ROBOT attack, but you can disable RSA encryption completely for added safety measure. Click here for more information
November 1, 2017
What is a Web Application Firewall (WAF) and where should it be placed in your network?
A WAF is an added safety net that can plug more commonly overlooked security holes that arise from unintended, overlooked, or forgotten default settings. Click here for more information
FireEdge™ for Apps was introduced that incorporates a Web Application Firewall (WAF) as a standard feature to the WebMux family.
FireEdge for Apps protects network servers from the OWASP Top 10 most dangerous Web application flaws. Click here for News Release
August 14, 2017
AVANU began shipping the new generation of WebMux Network Traffic Manager.
The WebMux hardware network appliance models have a new look with higher and more powerful performance options to meet the most demanding load balancing requirements at affordable pricing! All hardware models meet a higher level of SSL security and are FIPS 140-2 Level 2 compliant. WebMux now ships with v13.x firmware.
June 13, 2017
AVANU WebMux Application Delivery Load Balancing Solution Meets Higher Level SSL Security and FIPS 140-2 Level 2 Compliance
Click here for News Release
May 4, 2016 – AVANU released Firmware 12 for the WebMux family. The WebMux user graphical interface now supports a variety of devices screen sizes.
March 16, 2016 – WebMux Firmware 11.0.07 release
– A DNS can now be specified for name resolution for things like email server for notifications, NTP time server, front network verification.
– HTTP to HTTPS redirect
– Server health check enhancements
– Health check on specific port for ALL ports farm
– Custom login banner for SSH and Telnet
– Virtual Host Name and Label are now separate fields
– Fixed problem that caused system error when switching between weighted round robin and round robin.
August 12, 2015
WebMux Network Traffic Manager prices rolled back!
Popular WebMux models A400X (single power supply) and A400XD (dual hot-swap power suppliers) prices reduced; lowest cost of ownership in its class now even lower for easy to deploy high performance server load balancing!
July 17, 2015
OpenSSL Reported Vulnerability
The recent report regarding OpenSSL vulnerability (Alternative chains certificate forgery (CVE-2015-1793) where an attacker can use untrusted certificates does not affect Webmux. For additional information – https://www.openssl.org/news/secadv_20150709.txt
June 23, 2015
AVANU’s WebMux Flood Control® Feature Stops Cybercrime DOS and DDoS Attacks in its Track (by Carlo Virtucio)
Cybercrime has been around for a long time but more recently has been very high profiled in its nature and everyone is affected from it. Not only is it on a rise, it is rampant. How can AVANU help prevent cybercrime? AVANU is the developer and manufacturer of the WebMux Network Traffic Manager, a server load balancing solution for managing, controlling, and securing Layers 4-7 network traffic. WebMux has a unique Flood Control® feature that was specifically developed for a United States service organization of the Department of Defense in 2012 to provide protection for their servers against Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks at the IP/UDP level. Read full article
May 19, 2015 – Special limited time promotion!
For a limited time you can get the WebMux A400X (single power supply) or the WebMux A400XD (Dual hot-swap power supplies) at special pricing. But you have to act fast before it goes away. Contact us or your reseller for details!
May 5, 2015 – Virtual WebMux rises into the cloud for virtualized data centers and cloud computing environments
Virtual WebMux has the sophisticated load balancing features as AVANU’s appliance models as well as the setup & configuration wizards for popular applications and services that make WebMux quick and easy to deploy. Not only is it powerful and easy to deploy, it is very affordable and cost-effective.
April, 2015 – WebMux User Guide for Microsoft® Exchange® Server 2010 and 2013
The WebMux User Guide for Microsoft® Exchange® Server 2010 and 2013 has been updated (v11.0.1) and can be downloaded here.
April 21, 2015 – Microsoft Skype for Business Server 2015
Migrating from Lync Server or have new project plans? Updated WebMux firmware is ready to load balance Skype for Business Server 2015 with new setup & configuration wizard – fast and easy deployment!
March 26, 2015 – Global IT Networks Becomes Authorized Distributor
Global IT Networks in UK and India becomes AVANU’s distributor for WebMux Network load balancing methods solution servicing IT resellers in Europe, India, Africa, and parts of the Middle East
January 1, 2015 – Up to US5,000.00 trade-in credit (US Only, Limited Time)
Back by popular demand! Take advantage of our trade-in program to replace aging or expensive maintenance load balancing equip. You can get up to US$5,000 trade-in credit! Contact your reseller and act now before it all goes away
December 16, 2014 – WebMux and Pexip Infinity – Together delivering seamless high definition meeting experiences
AVANU announces the addition of Pexip’s Infinity video conferencing platform to WebMux’s GUI application setup and configuration wizard load balancing list. Pexip Infinity delivers seamless high definition meeting experiences across virtually any available conferencing solution, including all major web browsers, operating systems, and personal devices.
AVANU Simplicity Project
December 11, 2014 – The POODLE vulnerability bites again!
There have been recent reports of new SSL/TLS problems affecting many web sites globally. We are happy to announce those who are using the WebMux load balancing products for their web servers are not affected.
October 21, 2014 – WebMux firmware v11.0.00 release
Our new firmware version 11.0.00 enriches the graphical user interface on WebMux using wizards for setting up load balancing for popular applications starting with Microsoft® Lync®, Exchange®, and SharePoint® Servers, LiteScape’s Unified Communications platform, with others to follow soon as part of our Simplicity Project.
October 15, 2014 – What should you do to protect yourself against the POODLE vulnerability in SSLv3?
We are happy to say peace of mind is only one click away on our WebMux Network Traffic Manager products to prevent the POODLE vulnerability against SSLv3 that could be exploited for stealing sensitive data.
If you terminate your SSL/TLS traffic on WebMux, a single click on a check box on the “SSL termination management” screen disallows use of SSLv3 on your server farms.
It’s that simple!
Our upcoming versions of WebMux firmware makes this setting the default.
September 26, 2014 – WebMux and the Shellshock Bash Bug Vulnerability
This is our current update regarding the recent announcement on the Shellshock Bash bug vulnerability where there are claims that it could be bigger than the Heartbleed vulnerability back in April, 2014:
1) WebMux firmware version 10.0.xx and above is not vulnerable to the Shellshock Bash bug
2) We have an update patch for WebMux firmware version 9.2.00 that includes an initial fix for the vulnerability
3) Note that the Shellshock vulnerability is mitigated significantly on the WebMux. There are only four ports open by default. The only two that can be attacked are the HTTP and HTTPS ports, by attempting to inject Shellshock attack code. That is very limited due to limited access availability without authentication and they are generally protected as management access only.
4) We will continue to monitor any forthcoming updates and details regarding this Shellshock vulnerability
September 3, 2014 – WebMux was one of the first load balancing solutions selected by Microsoft® for their unified communications product back in 2005. After taking a closer look, we immediately saw the underlying power, capability, and affordability of WebMux. The WebMux product quality as a whole fits right in with the type of services and products we offer to our Fortune 1000 clients. BrightPlanIT of New York
September 3, 2014 – AVANU Broadens WebMux Network Traffic Manager Beyond the Scope of Server Load Balancing
August 12, 2014 – LiteScape Technologies endorses AVANU’s WebMux Network Traffic Manager as a powerful load balancing solution for their Unified Communications platform. Litescape’s UC platform links the connection of existing enterprise communications infrastructure including PBX, IP-PBX, and IP phones from manufacturers including Cisco®, Avaya®, and Siemens® with hosted or deployed collaboration products including Microsoft® Lync® and Exchange® Servers.
June 22, 2014 – Check out AVANU Weird Tales, our newest section under Technical Tips for understanding why things are the way they are in the world of networking and load balancing!
Our first tale is about “Routing is Not Routing“.
You probably don’t think much about IP routing: how IP packets get from source to destination possibly going through intermediate nodes. Usually routing is handled for you correctly and reliably without much user effort. Much less do you think of how a reply will be routed back? But sometimes, as is the case when using load balancers such as the powerful WebMux™ Network Traffic Manager from AVANU®, it can make the difference between a functioning and non-functioning network.
June 11, 2014 – WebMux 64-bit platform models (Firmware v10.0.06 and above) are not affected by the recent OpenSSL security vulnerability. The reported bug allows an attacker the ability to use weak keying material in OpenSSL SSL/TLS clients and servers that can be exploited by a Man-in-the-Middle (MITM) attack, where the attacker can decrypt and modify traffic from the attacked client and server.
For customers who have service coverage and using the WebMux 32-bit platform models (CAI Networks brand), a patch is available for firmware v9.2.00.
June 9, 2014 – Have a new project, plans to expand your network, or just tired of paying high annual maintenance prices for your load balancing needs? Check out the limited time introductory pricing for our new WebMux A400X and A400XD 64-bit platform models or take advantage of our trade-in/up program with one of our A500X, A500XD, or A600X model. All models come with 2 years product warranty and support dual hot-swappable power supplies. Don’t lose out in saving money, contact your reseller today!
June 6, 2014 – Our WebMux products are not vulnerable to the recent GnuTLS bug, which is a potentially significant weakness in the PKI certificate validation. This weakness could permit the trust of an invalid certificate and, in that process, share secrets, such as identifications, passwords, proprietary information, health and other privacy information that were thought were being sent only to trusted recipients such as doctors, banks, and other personal business accounts. AVANU continues to monitor vulnerabilities that could affect our WebMux Network Traffic Manager product line.
April 22, 2014 – AVANU extends the limited product warranty for the WebMux Network Traffic Manager that load balances Layers 4-7 local network traffic with a full 2-year coverage (parts & labor) with hot-swap redundant power supply options for all their 64-bit platform models.
April 9, 2014 – Industry news reported on April 7, 2014 the Heartbleed bug that causes a serious vulnerability to the OpenSSL crytographic software library.
WebMux is only vulnerable to the Heartbleed bug if both SSL termination is enabled, with PKI keys on the WebMux, and the WebMux firmware version is version 9.2.00 or newer.
NOTE: If you permit access to the WebMux on port 35, the default HTTPS administration port, then that port is vulnerable if you are running version 9.2 or newer. We recommend that you do not allow any inbound access to port 35 unless it is from trusted IP addresses.
Our WebMux firmware patch addresses the latest OpenSSL vulnerability (CERT Vulnerability Note VU#720951). The vulnerability is a bug in the coding of RFC 6520 “Heartbeat Extension” for transport layer security (TLS). An attacker can repeatedly retrieve 64k chunks of data, including:
• Primary key material (secret keys)
• Secondary key material (user names and passwords used by vulnerable services)
• Protected content (sensitive data used by vulnerable services)
• Collateral (memory addresses and content that can be leveraged to bypass exploit mitigations)
There does not appear to be a simple method for mitigation nor detection at this time.
If interested in our WebMux Heartbeat firmware update, please follow these instructions:
1. Connect to your WebMux units – https://<WebMux_Address>:35/cgi-bin/about
2. Provide the “about” page information for all your WebMux units by pasting it into an e-mail and send to ‘email@example.com’.
Sample of the “about” page information:
WebMux version 10.0.01p3 built Nov 20 2013 14:46:02
patch level: none
model: WebMux (part number A500X) with SSL accelerator chip
serial number: A5005X-1X42817 manufactured Aug 01 2013
CPU speed: 2800.077 MHz
total memory: 8152176 k
configured as: two-armed server LAN NAT (without SNAT)
3. Include your name and phone number as well as any alternate contact(s) in the email.