CitrixApplicationFirewallPO
-
Upload
davidrbernstein -
Category
Documents
-
view
220 -
download
0
Transcript of CitrixApplicationFirewallPO
-
8/7/2019 CitrixApplicationFirewallPO
1/4
www.citrix.com
Citrix NetScaler Application Firewall Product Overview
www.citrix.com
NetScaler Application FirewallCitrix NetScaler Application Firewall is a comprehensive web applicationsecurity solution that blocks known and unknown attacks against web andweb services applications. NetScaler Application Firewall enforces a positivesecurity model that permits only correct application behavior, withoutrelying on attack signatures. It analyzes all bi-directional trafc, includingSSL-encrypted communication, to protect against a broad range of securitythreats without any modication to applications.
NetScaler Application Firewall technology is included in and integrated withCitrix NetScaler, Platinum Edition, and is available as an optional module
that can be added to NetScaler MPX appliances running NetScaler EnterpriseEdition. NetScaler Application Firewall is also available as a stand-alone solutionon ve NetScaler MPX appliances, as well as a FIPS-140-2-compliant model.The stand alone NetScaler Application Firewall models can be upgraded viasoftware license to a full NetScaler Application Delivery Controller (ADC).
Addressing security challengesNot only are web applications vulnerable to attack, they are attractivetargets for hackers because they often have direct connectivity with oneor more databases containing sensitive customer and company information.Protecting these applications with solutions that simply inspect applicationtrafc to identify known attack signatures is insufcient. Threats against
web applications are often devised specically for a target application, makingthreat identication by network-level security devices (e.g., intrusion protectionsystems and network rewalls) impossibleleaving web applications exposedto a myriad of known and zero-day exploits. NetScaler Application Firewallcomprehensively addresses the challenge of delivering centralized application-layer security for all web applications and web services.
The positive security model advantageNetScaler Application Firewall enforces a positive security model to ensurecorrect application behavior. Instead of relying on attack signatures orpattern-matching techniques, the positive security model understands goodapplication behavior, and treats all other trafc as malicious. This is the only
proven approach delivering zero-day protection against unpublished exploits.
Delivers PCI-DSS v.1.2(section 6.5 and 6.6)compliance
Protects credit and debit card
account numbers to comply
with the Payment Card Industry
Data Security Standards.
Prevents data losses for
which government regulations
require customer notication.
Simplies desktop management.
Protects online revenuesources
Ensures uptime of websites and web services by
defeating L7 denial of service
(DoS) attacks.
Application learning
ensures protection without
false positives.
Maintains trust relationship
between consumer and
vendor by preventing cross-
site scripting (XSS) attacks.
-
8/7/2019 CitrixApplicationFirewallPO
2/4
2
Citrix NetScaler Application Firewall Product Overview
Meeting PCI compliance and auditing
requirementsNetScaler Application Firewall aids corporate IT security teams in conformingto governmental privacy regulations and industry mandates. For example,organizations subject to Payment Card Industry Data Security Standard(PCI-DSS) requirements can now fully meet the requirements detailed inPCI-DSS Section 6.6, which mandates the installation of web applicationrewall in front of public-facing applications as one method of maintaininga proper security posture. In support of PCI security audits, NetScaler ApplicationFirewall can generate dedicated reports detailing all security protectionsdened in the application rewall policy that pertain to PCI requirements.In addition, NetScaler Application Firewall prevents the inadvertent leakageor theft of sensitive information, such as credit card numbers or custom-dened data objects, by either removing or masking content from applicationresponsesbefore being publicly disclosed.
Defeating XML-based threatsIn addition to detecting and blocking common application threats that canbe adapted for attacking XML-based applications (i.e. cross-site scripting,command injection, etc.), NetScaler Application Firewall includes a rich setof XML-specic security protections. These include schema validation tothoroughly verify SOAP messages and XML payloads, and a powerful XMLattachment check to block attachments containing malicious executablesor viruses. NetScaler Application Firewall also thwarts a variety of DoSattacks, including external entity references, recursive expansion, excessivenesting and malicious messages containing either long or a large number ofattributes and elements.
Tailoring security policiesNetScaler Application Firewall incorporates an advanced and provenadaptive learning engine that discovers aspects of application behaviorthat might be blocked by the positive security model even if the behavior isintended by the web application. This would include, for example, modicationsmade by client-side application scripting that legally modies HTML formelds. Once application behavior is learned, NetScaler Application Firewallgenerates human-readable policy recommendations, which bring to securitymanagers a clearer understanding of actual application behavior. Tailoredsecurity policies may then be applied to each application.
Industry-leading performanceNetScaler Application Firewall provides multi-gigabit performance to meetthe needs of even the largest networks. In addition, the solution can actuallyimprove application performance and lower response times by ofoadingcompute-intensive tasks, such as TCP connection management, SSL encryptionand compression from web servers. In addition, the integrated caching functionalityavailable on the NetScaler platform ofoads the servers while still applyingfull rewall functionality. Freeing valuable server resources improves theoverall application experience.
-
8/7/2019 CitrixApplicationFirewallPO
3/4
3
Citrix NetScaler Application Firewall Product Overview
Flexibility to adapt to changing
business requirements
NetScaler Application Firewall permits exible, stepwise deployment of
web application protection. The default web application protection proledefends against the most common dangerous threats and adds full protectionagainst both data theft and layer 4-7 denial of service (DoS) attacks.
The advanced web application protection prole adds session-aware protectionsto protect dynamic elements, such as cookies, form elds and session-specicURLs. Such protection is imperative for any application that processes user-specic content, such as an e-commerce site. To make sure these securitymeasures are compatible with any application, NetScaler Application Firewalllearning capabilities help the administrator create managed exceptions andrelaxations when the applications intendedand legalbehavior mightotherwise cause a violation of the default security policy.
Key features
Protects online revenue sources
Buffer overow
CGI-BIN parameter manipulation
Form/hidden eld manipulation
Forceful browsing protection
Cookie or session poisoning
Cross-site scripting (XSS)
Command injection
SQL injection
Error triggering sensitive information leak
Insecure use of cryptography
Server misconguration
Back doors and debug options
Rate-based policy enforcement
Well-known platform vulnerabilities
Zero-day exploits
Content rewrite and response control
Content Filtering
Authentication, authorizating and auditing
L4-7 DoS protection
Simplied management and deploymentuser interface
Secure web-based GUI
SSH-based CLI access network management
SNMP
Syslog-based logging
PCI-DSS compliance reporting tool
Comprehensive web server and webservices security
Deep stream inspection; bi-directional analysis
HTTP & HTML header and payload inspection
Full HTML parsing; semantic extraction
Session-aware and stateful
Protocol neutrality
HTML form eld protection:
Required elds returned; no added eldsallowed; read-only and hidden eldenforcement
Drop-down list & radio button eldconformance
Form-eld max-length enforcement
Cookie poisoning defenses ensures cookiesare not modied
Legal URL enforcement Web applicationcontent integrity
Full SSL ofoad:
Decrypts trafc prior to inspection;
encrypts trafc prior to forwarding Congurable back-end encryption
Support for client-side certicates
XML data protection:
XML security: protects against XMLdenial of service (xDoS), XML SQLinjection and cross site scripting
XML message and schema validation,format checks, WS-I basic prolecompliance, XML attachments check
URL transformation
-
8/7/2019 CitrixApplicationFirewallPO
4/4
Citrix NetScaler Application Firewall Product Overview
31244/ 0110/XXXX
Worldwide Headquarters
Citrix Systems, Inc.
851 West Cypress Creek Road
Fort Lauderdale, FL 33309, USA
T +1 800 393 1888
T +1 954 267 3000
www.citrix.com
Americas
Citrix Silicon Valley
4988 Great America Parkway
Santa Clara, CA 95054, USA
T +1 408 790 8000
Europe
Citrix Systems International GmbH
Rheinweg 9
8200 Schaffhausen, Switzerland
T +41 52 635 7700
Asia Pacifc
Citrix Systems Hong Kong Ltd.
Suite 6301-10, 63rd Floor
One Island East
18 Westland Road
Island East, Hong Kong, China
T +852 2100 5000
Citrix Online Division
6500 Hollister Avenue
Goleta, CA 93117, USAT +1 805 690 6400
About Citrix
Citrix Systems, Inc. (NASDAQ:CTXS) is the leading provider of virtualization, networking and software as a service technologiesfor more than 230,000 organizations worldwide. Its Citrix Delivery Center, Citrix Cloud Center (C3) and Citrix Online Servicesproduct families radically simplify computing for millions of users, delivering applications as an on-demand service to any user,in any location on any device. Citrix customers include the worlds largest Internet companies, 99 percent of Fortune Global500 enterprises, and hundreds of thousands of small businesses and prosumers worldwide. Ci trix partners with over 10,000companies worldwide in more than 100 countries. Founded in 1989, annual revenue in 2008 was $1.6 bil lion.
2010 Citrix Systems, Inc. All rights reserved. Citrix, NetScaler, Citrix Delivery Center and NetScaler Application Firewallare trademarks of Citrix Systems, Inc. and/or one or more of its subsidiaries, and may be registered in the United States Patentand Trademark Ofce and in other countries. All other trademarks and registered trademarks are property of their respectiveowners.
NetScaler ApplicationFirewall Model
MPX 5500 MPX 7500 9010 FIPS MPX 9500 MPX 10500 MPX 12500
Throughput-Basic
mode (Mbps)
500 1,000 500 2,000 3,000 5,000
Throughput-Advancedmode (Mbps)
140 350 100 350 1,000 1,000
SSL Throughput (Mbps) 500 1,000 500 3,000 5,000 5,000
SSL transactions/second 4,000 8,000 4,400 16,000 24,000 48,000
Software upgradeUpgrade option to
MPX 9500
Upgrade option to MPX
12500
Processors Two (Dual core) Four (Quad core) Single Four (Quad core) Eight (Two quad core) Eight (Two quad core)
Memory 4 GB 8 GB 2 GB 8 GB 16 GB 16 GB
Ethernet ports 4x10/100/1000
BASE-T
8x10/100/1000
BASE-T
4x1000 BASE-
X SFP
(ber or Cu)
Or
4x10/100/1000
BASE-T
8x 10/100/1000
BASE-T
8x10/100/1000 BASE-T
AND 8x1000 BASE-X
SFP(ber or Cu)
Or
2x10GBASE-X SFP+
and 8x10/100/1000
BASE-X SFP
8x10/100/1000 BASE-T
AND 8x1000 BASE-X
SFP(ber or Cu)
Or
2x10GBASE-X SFP+
and 8x10/100/1000
BASE-X SFP
Power supplies Single Single-OptionalSecond
Dual Single-OptionalSecond
Dual Dual
Height 1U 1U 2U 1U 2U 2U
Citrix NetScaler Application Firewall hardware platforms