Web Applicsation Security
Array APV Series application delivery controllers offer a comprehensive suite of Web application security capabilities to protect against a wide variety of malicious attacks. WebWall® protects against DoS attacks as well as malformed URL attacks, and allows Layer 2 through Layer 7 protection policies to be stacked for increased security.
Further, APV appliances are security hardened to protect against L4 and L7 DDoS attacks, and support content filtering to guard against Web and application security risks such as Syn-flood, tear drop, ping-of-death, Nimda, Smurf and others. Array ADCs feature extensive access control lists, network address translation (NAT), and stateful packet flow inspection to protect against attacks and unauthorized access. Because Array’s Web and application security capabilities are executed at the system level, performance and scalability are guaranteed.
- Multi-Layer Security: Comprehensive suite of Web & application security capabilities including DDoS protection, WebWall application security suite, NAT, and stateful packet flow inspection protects Web sites and applications against malicious attacks and illicit access without impacting performance and scalability.
- Streamlined Certificate Management: Only one certificate for SSL-enabled DNS is required per APV appliance, streamlining server SSL management. Concurrent validation of hundreds of thousands of SSL client certificates for authentication and authorization preserves throughput and application performance.
- Heartbleed-Proof SSL: Proprietary Array SSL stack is immune to common OpenSSL weak points, guarding service traffic.
- Integrated Web Application Security: WebWall, Array’s suite of integrated stateful packet-inspection firewall capabilities, provide deep application data inspection (beyond just IP and TCP headers) to defend against attacks such as SQL injection and cross-site scripting. Based on Array’s hardened OS, WebWall features tamper-proof key and certificate protection, and can process over a thousand ACL rules without performance degradation.
- Purpose-Built, High-Performance SSL: Unlike solutions that utilize OpenSSL to provide SSL offload capabilities, Array ADCs utilize a purpose-built SSL stack to process SSL, TLS and DTLS. In addition to providing superior performance and scalability as compared to open source solutions, Array’s purpose-built SSL implementation significantly reduces exposure to security vulnerabilities such as the recent Heartbleed bug. Using Array’s purpose-built SSL stack, businesses do not need to purchase and install SSL certificates for every server in the data center; one certificate representing an SSL enabled DNS may be installed on the Array ADC to greatly reduce the cost of certificates and annual renewals. Moreover, Array appliances support up to 256 unique SSL enabled DNS names on a single system, making them scalable platforms for deploying cloud and managed service offerings.
- SSL Certificate Management: Array ADCs can concurrently validate hundreds of thousands of SSL client certificates to perform authentication and authorization on behalf of applications. Array appliances can extract any SSL client certificate field, including custom fields, and pass the information to applications via HTTP headers, URLs and cookies for enhanced access control. Array appliances are also fluent in a range of cipher suites and certificate formats and allow administrators to set precedence for custom cipher suites. In addition, the high-performance Array CRL module can concurrently revoke millions of client certificates for validity without impacting system or application performance. In addition, Array’s hardware SSL module eliminates the need to purchase and install SSL certificates for every server in the data center; one certificate representing an SSL enabled DNS can be installed on the APV appliance to greatly reduce the cost of certificates and annual renewals. APV appliances also support up to 256 unique SSL enabled DNS names on a single system, making them scalable platforms for deploying cloud and managed service offerings.