- Application Switching and Traffic Management Features
- Application Acceleration Features
- Application Security and Firewall Features
- Application Visibility Feature
- Cloud Integration Feature
Application Security and Firewall Features
Oct 30, 2013
- Denial of Service Attack (DoS) Defense
- Detects and
stops malicious distributed denial-of-service (DDoS) attacks and other types of
malicious attacks before they reach your servers, preventing them from
affecting network and application performance. The NetScaler appliance
identifies legitimate clients and elevates their priority, leaving suspect
clients unable to consume a disproportionate percentage of resources and
cripple your site. The appliance provides application-level protection from the
following types of malicious attacks:
- SYN flood attacks
- Pipeline attacks
- Teardrop attacks
- Land attacks
- Fraggle attacks
- Zombie connection attacks
The appliance aggressively defends against these types of attacks by preventing the allocation of server resources for these connections. This insulates servers from the overwhelming flood of packets associated with these events.
The appliance also protects network resources from ICMP based attacks by using ICMP rate limiting and aggressive ICMP packet inspection. It performs strong IP reassembly, drops a variety of suspicious and malformed packets, and applies Access Control Lists (ACLs) to site traffic for further protection.
For more information, see "HTTP Denial-of-Service Protection."
- Content Filtering
- Provides
protection from malicious attacks for web sites at the Layer 7 level. The
appliance inspects each incoming request according to user-configured rules
based on HTTP headers, and performs the action the user configured. Actions can
include resetting the connection, dropping the request, or sending an error
message to the user’s browser. This allows the appliance to screen unwanted
requests and reduces your servers’ exposure to attacks.
This feature can also analyze HTTP GET and POST requests and filter out known bad signatures, allowing it to defend your servers against HTTP-based attacks.
For more information, see "Content Filtering."
- Responder
- Functions like
an advanced filter and can be used to generate responses from the appliance to
the client. Some common uses of this feature are generation of redirect
responses, user defined responses, and resets.
For more information, see "Responder."
- Rewrite
- Modifies HTTP
headers and body text. You can use the rewrite feature to add HTTP headers to
an HTTP request or response, make modifications to individual HTTP headers, or
delete HTTP headers. It also enables you to modify the HTTP body in requests
and responses.
When the appliance receives a request or sends a response, it checks for rewrite rules, and if applicable rules exist, it applies them to the request or response before passing it on to the web server or client computer.
For more information, see "Rewrite."
- Priority Queuing
- Prioritizes
user requests to ensure that the most important traffic is serviced first
during surges in request volume. You can establish priority based on request
URLs, cookies, or a variety of other factors. The appliance places requests in
a three-tier queue based on their configured priority, enabling
business-critical transactions to flow smoothly even during surges or site
attacks.
For more information, see "Priority Queuing."
- Surge Protection
- Regulates the
flow of user requests to servers and controls the number of users that can
simultaneously access the resources on the servers, queuing any additional
requests once your servers have reached their capacity. By controlling the rate
at which connections can be established, the appliance blocks surges in
requests from being passed on to your servers, thus preventing site overload.
For more information, see "Surge Protection."
- NetScaler Gateway
-
NetScaler Gateway is a secure application access solution that provides administrators granular application-level policy and action controls to secure access to applications and data while allowing users to work from anywhere. It gives IT administrators a single point of control and tools to help ensure compliance with regulations and the highest levels of information security across and outside the enterprise. At the same time, it empowers users with a single point of access—optimized for roles, devices, and networks—to the enterprise applications and data they need. This unique combination of capabilities helps maximize the productivity of today's mobile workforce.
For more information, see "NetScaler Gateway."
- Application Firewall
- Protects
applications from misuse by hackers and malware, such as cross site scripting
attacks, buffer overflow attacks, SQL injection attacks, and forceful browsing,
by filtering traffic between each protected web server and users that connect
to any web site on that web server. The application firewall examines all
traffic for evidence of attacks on web server security or misuse of web server
resources, and takes the appropriate action to prevent these attacks from
succeeding.
For more information, see "Application Firewall."