Web Application Firewall (WAF) – WebMux FireEdge for Apps Added Safety Net

avanu techtip blog

Welcome to AVANU’s TechTip™ blogs on how to keep a network infrastructure operating smoothly and reliably with the WebMux™ Network Traffic Manager!

Why a Web Application Firewall (WAF) Does Not Replace the Traditional Firewall

This TechTip™ blog is about why a Web Application Firewall (WAF) does not replace the traditional Firewall.

Web sites have moved beyond a mere collection of static HTML pages since the emergence of Web 2.0. Now Web applications allow for dynamic sites to respond to the open public inputs on a web browser just like an individual using their personal desktop applications software. The Web servers servicing dynamic sites now become a central hub of users’ application data. If the Web servers are compromised causing service interruptions, it will affect all users. Such servers become a high target for malicious attackers exploiting their public accessibility. A traditional firewall that merely blocks ports and IPs cannot provide adequate application protection, because the service ports must remain open and attackers’ IP addresses are unpredictable. Furthermore, since Web applications respond to user input, bugs or unsecure configurations can cause them to respond in ways that cause service interruptions or security breaches.

A Web Application Firewall (WAF) is your indispensable line of defense in these situations. It does not replace your traditional firewall but rather augments it. The best location for a WAF is behind the traditional firewall but in front of the Web server. The traditional firewall will then block unnecessary ports and blacklisted IPs wholesale, while the WAF will detect additional malicious attacks. The WAF does its job by examining the web client requests and Web server responses. Thus, not only does the WAF protect against incoming malicious activities, but it also prevents your Web application from revealing information useful to attackers.

Sometimes if a Web server or application is not configured or coded properly, the server or application error response can reveal weaknesses or other exploitable information. Error responses may be helpful for developers and systems administrators, but such information should remain confidential. The WAF will keep those error responses private to prevent further probing by an attacker.

Sometimes security holes arise from unintended, overlooked, or forgotten default settings. Often server software defaults to using extremely insecure settings for debugging purposes during setup. These settings may escape revision, and it only takes one successful attack because of them to wreak havoc on a system. The WAF is a safety net that can plug some of these more commonly overlooked security holes and keep your service up and running smoothly.

webmux web application firewallAbout AVANU®

AVANU designs and develops high quality enterprise products that are cost-effective for IT network infrastructures and data centers. Products are full-featured and reliably high in performance.

WebMux™ Network Traffic Manager is an integrated enterprise-class application delivery network (ADN) and global server load balancing (GSLB) solution with its built-in FireEdge™ for Apps Web Application Firewall (WAF).

WebMux manages, controls, and secures the most stringent network traffic demands reliably, assuring peak performance. The user-friendly menu-driven interface makes WebMux fast to deploy and easy to manage. It meets the U.S. Federal Information Processing Standard Publication (FIPS) 140-2 Levels 1 & 2 validated encryption computer security standard, Trade Agreements Act (TAA), and Payment Card Industry (PCI) compliance.

For more information or a free Virtual WebMux software appliance evaluation copy, contact us by email at ‘info@avanu.com’. Telephone contact 1.888.248.4900 U.S. Toll Free Number or 1.408.248.8960 International.

 

 

 

 

Load Balancing Scheduling Methods

Network infrastructure’s traffic loads are all different. No matter how light or how heavy, a network traffic load balancer will manage the traffic to the servers using algorithms that each have their own particular behavior. There are three common load balancing scheduling methods that have different behavioral characteristics to choose from:

Least Connections
Round Robin
Weighted Fastest Response

Least Connections
With the Least Connections scheduling method, the load balancer will send new clients to servers with the least amount of active connections. There will be occasions when clients remain connected to a server for an extended amount of time where other servers may accumulate more client connections than others.

As with any of the load balancing scheduling methods, one cannot always expect to see a leveling of distribution. As connections come and go or remain connected, different servers may gain or lose connections sooner than others. But, the selection of servers to send a client to will continue to be a dynamic decision according to the servers with the Least Connections at the time a client connects.

Round Robin
In a Round Robin scheduling method, the load balancer sends client connections to the next available server in a sequential manner. If all connections are equal in duration and activity, it would be reasonable to expect Round Robin to result in the most even distribution of connections to the servers. However, it must be considered that in real world scenarios not all connections will have equal activity and duration. So, even with Round Robin, there may be some servers carrying more connections than others; especially in cases where clients tend to remain connected for long periods of time.

Weighted Fastest Response
The Weighted Fastest Response scheduling method calculates a value based on the number of current connections, divided by the server weight. The server with the lowest value is determined to be the server that can provide the fastest response.

About AVANU

AVANU designs and develops high quality enterprise products that are cost-effective for IT network infrastructures and data centers. Products are full-featured and reliably high in performance.

WebMux™ Network Traffic Manager is an integrated enterprise-class application delivery network (ADN) and global server load balancing (GSLB) solution with its built-in FireEdge™ for Apps Web Application Firewall (WAF).

WebMux manages, controls, and secures the most stringent network traffic demands reliably, assuring peak performance. The user-friendly menu-driven interface makes WebMux fast to deploy and easy to manage. It meets the U.S. Federal Information Processing Standard Publication (FIPS) 140-2 Levels 1 & 2 validated encryption computer security standard, Trade Agreements Act (TAA), and Payment Card Industry (PCI) compliance.

For more information or a free Virtual WebMux software appliance evaluation copy, contact us by email at ‘info@avanu.com’. Telephone contact 1.888.248.4900 U.S. Toll Free Number or 1.408.248.8960 International.

Network High Availability – Reduce your network infrastructure risk

Network high-availability is critical to your network infrastructure.  With high-availability, your network will run smoothly overcoming network disruption.

There are important factors to preserve a network’s stability.  These include performance, scalability, and redundancy/fault tolerance along with reducing site maintenance downtime.

If you are assessing your network infrastructure’s uptime risks, there couldn’t be a better time to take advantage of AVANU’s free high-availability offer for the WebMux Network Traffic Manager.  Software appliance for enterprise-class virtual computing that is full-featured in an integrated load balancing solution (ADN, GSLB, and WAF).

Get a FREE AVANU WebMux Network Traffic Manager software appliance (AVE-500 Edition) for your Virtual computing network with the purchase of one AVE-500 Edition.

• Fully integrated enterprise-class application delivery network (ADN) and global server load balancing (GSLB) solution with its built-in FireEdge™ for Apps Web Application Firewall (WAF).

• Software appliance for Virtual computing platforms: VMWare®, Citrix XENServer®, Microsoft Hyper-V® (GEN 1, 2), Oracle VirtualBox®, XEN® Project, KVM (Kernal-based Virtual Machine)

• High availability for your enterprise virtual infrastructure environment

• Up to 5 Gbits/s load balancing network traffic throughput (Internet link less any overhead)

• FIPS 140-2 (Level 1) SSL Security compliant

• TAA compliant (Developed in USA)

• Includes a full year of product technical support

Act now as this is a limited time offer – Contact us!

New to AVANU’s WebMux Network Traffic Manager?

Request your full working 30-day license here.

About AVANU®

AVANU designs and develops high quality enterprise products that are cost-effective for IT network infrastructures and data centers. Products are full-featured and reliably high in performance.

WebMux™ Network Traffic Manager is an integrated enterprise-class application delivery network (ADN) and global server load balancing (GSLB) solution with its built-in FireEdge™ for Apps Web Application Firewall (WAF).

WebMux manages, controls, and secures the most stringent network traffic demands reliably, assuring peak performance. The user-friendly menu-driven interface makes WebMux fast to deploy and easy to manage. It meets the U.S. Federal Information Processing Standard Publication (FIPS) 140-2 Levels 1 & 2 validated encryption computer security standard, Trade Agreements Act (TAA), and Payment Card Industry (PCI) compliance.

For more information or a free Virtual WebMux software appliance evaluation copy, contact us by email at ‘info@avanu.com’. Telephone contact 1.888.248.4900 U.S. Toll Free Number or 1.408.248.8960 International.