Feb 05, 2013
The firewall is, and has been, the primary foundation around which conventional network security architectures are built. But the conventional firewall is beginning to show its limitations in detecting and repelling modern attacks. Diverse attacks involving multiple layers of the network stack are causing firewall failures with alarming frequency. As a result, traditional firewall services alone are insufficient for detecting attacks and subsequently preventing business disruption. The new application delivery firewall technology provides enforcement of protocol compliance, mitigating attacks that seek to leverage vulnerabilities introduced by lax interpretation of the protocol. This approach to the firewall converges security services into a single set of Application Delivery Controllers (ADCs) at the edge of the data center.
This paper looks at firewall limitations and the combination of protocol compliance and F5's full-proxy architecture for a unique DDoS mitigation solution. Learn what it takes to effectively detect anomalies indicating a network or application layer attack in progress and take appropriate action to help halt attacks that take advantage of application layer protocols and behaviors.