Next-generation application security
Over 70 percent of successful Internet attacks now exploit vulnerabilities in the application or the application platform. NetScaler protects against a wide variety of threats with integrated security capabilities that protect application resources, augmenting existing network-layer security protections.
The NetScaler AppFirewall secures web applications, prevents inadvertent or intentional disclosure of confidential information and aids in compliance with information security regulations such as PCI-DSS. The AppFirewall is available as a standalone security appliance or as a fully integrated module of the NetScaler application delivery solution and is included with Citrix NetScaler, Platinum Edition.
Key features include:
Denial of Service (DoS) protection
NetScaler stops damaging denial of service attacks, such as SYN Flood, HTTP DoS, and Ping of Death, while still allowing legitimate users to maintain access to critical application resources. It implements an enhanced SYN cookie mechanism that operates at wire-speed to provide superior attack protection, even against broadly distributed clients causing traffic floods.
Key protection methods:
Strong SSL application protection
NetScaler MPX and SDX appliances are performance optimized for the strongest SSL encryption levels, including 2048-bit and longer keys. NetScaler appliances integrate state-of-the-art cryptographic acceleration technology, and optimize these capabilities to deliver the fastest SSL performance in the industry.
Support for XenMobile MDM
NetScaler provides three capabilities for XenMobile Device Manager Servers:
Secure Remote Access with NetScaler Gateway
Citrix NetScaler Gateway is a proven SSL VPN solution that delivers secure remote access for applications, and is the best SSL VPN solution to deliver secure virtual desktops. Citrix NetScaler Gateway protects data and empowers the user to work in any location by:
Citrix offers NetScaler ADC solutions that are compliant with Federal Information Processing Standards (FIPS), and support more than 4.5 Gbps of SSL throughput.
Key PCI-DSS mandates met by AppFirewall Expand all sections
Section 1.2: Deny traffic from untrusted networks and hosts
AppFirewall, in conjunction with Citrix Access Gateway Enterprise Edition, restricts access to applications and data by allowing only the use of approved protocols and methods, only connections from trusted networks and only access to users who are authenticated and authorized. AppFirewall has obtained ICSA Labs Web AppFirewall Certification for additional assurance.
Section 3.3: Mask account numbers when displayed
AppFirewall is easily configured to mask or block PANs and otherwise prevent the leakage of sensitive cardholder data, regardless of programmer oversight, logic flaws or targeted attacks. Complete server responses with PAN data can be blocked from being transmitted to the requesting client.
Section 3.5: Protect encryption keys against disclosure and misuse
FIPS is a consideration within PCI DSS compliance. Four NetScaler appliances including the integrated AppFirewall module are FIPS 140-2 Level 2 compliant. These appliances securely maintain the certificates and encryption keys used for SSL/TLS and are all available in the FIPS versions of MPX 9700, MPX 10500, MPX 12500 and MPX 15500.
Section 4.1: Use strong cryptography and security protocols
AppFirewall can be used to SSL-enable applications that were not designed to use secure communication protocols and support strong SSL cryptography with key lengths up to 4096-bit. AppFirewall inspects the contents of SSL/TLS encrypted sessions, ensures session validity and blocks attacks.
Section 6.6: Audit and correct application code vulnerabilities or institute an application firewall
AppFirewall provides continuous protection against attacks with instantaneous attack blockage, dynamically adjusts to code changes and supports multiple applications simultaneously.